Transcript
Amazon Elastic Compute Cloud
CLI Reference
API Version 2013-08-15
Amazon Elastic Compute Cloud: CLI Reference
Copyright © 2013 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront,
Cloudfront, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Kindle, Kindle
Fire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC. In addition,
Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon in
the U.S. and/or other countries. Amazon's trademarks and trade dress may not be used in connection with any product or service that
is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits
Amazon.
All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected
to, or sponsored by Amazon.
Amazon Elastic Compute Cloud CLI Reference
Welcome ................................................................................................................................................. 1
List of Commands by Function ............................................................................................................... 3
Commands (CLI Tools) ........................................................................................................................... 9
ec2-allocate-address ............................................................................................................................ 13
ec2-assign-private-ip-addresses ........................................................................................................... 17
ec2-associate-address .......................................................................................................................... 21
ec2-associate-dhcp-options .................................................................................................................. 26
ec2-associate-route-table ..................................................................................................................... 30
ec2-attach-internet-gateway ................................................................................................................. 34
ec2-attach-network-interface ................................................................................................................ 37
ec2-attach-volume ................................................................................................................................ 40
ec2-attach-vpn-gateway ........................................................................................................................ 44
ec2-authorize ........................................................................................................................................ 47
ec2-bundle-instance ............................................................................................................................. 54
ec2-cancel-bundle-task ......................................................................................................................... 59
ec2-cancel-conversion-task .................................................................................................................. 62
ec2-cancel-export-task ......................................................................................................................... 65
ec2-cancel-reserved-instances-listing .................................................................................................. 68
ec2-cancel-spot-instance-requests ....................................................................................................... 72
ec2-confirm-product-instance ............................................................................................................... 75
ec2-copy-image .................................................................................................................................... 78
ec2-copy-snapshot ............................................................................................................................... 81
ec2-create-customer-gateway .............................................................................................................. 85
ec2-create-dhcp-options ....................................................................................................................... 89
ec2-create-group .................................................................................................................................. 93
ec2-create-image .................................................................................................................................. 97
ec2-create-instance-export-task ......................................................................................................... 102
ec2-create-internet-gateway ............................................................................................................... 106
ec2-create-keypair .............................................................................................................................. 109
ec2-create-network-acl ....................................................................................................................... 113
ec2-create-network-acl-entry .............................................................................................................. 116
ec2-create-network-interface .............................................................................................................. 121
ec2-create-placement-group ............................................................................................................... 125
ec2-create-reserved-instances-listing ................................................................................................. 128
ec2-create-route ................................................................................................................................. 132
ec2-create-route-table ........................................................................................................................ 136
ec2-create-snapshot ........................................................................................................................... 139
ec2-create-spot-datafeed-subscription ............................................................................................... 143
ec2-create-subnet ............................................................................................................................... 146
ec2-create-tags ................................................................................................................................... 150
ec2-create-volume .............................................................................................................................. 154
ec2-create-vpc .................................................................................................................................... 158
ec2-create-vpn-connection ................................................................................................................. 162
ec2-create-vpn-connection-route ........................................................................................................ 167
ec2-create-vpn-gateway ..................................................................................................................... 170
ec2-delete-customer-gateway ............................................................................................................. 173
ec2-delete-dhcp-options ..................................................................................................................... 176
ec2-delete-disk-image ........................................................................................................................ 179
ec2-delete-group ................................................................................................................................. 182
ec2-delete-internet-gateway ............................................................................................................... 186
ec2-delete-keypair .............................................................................................................................. 189
ec2-delete-network-acl ....................................................................................................................... 192
ec2-delete-network-acl-entry .............................................................................................................. 195
ec2-delete-network-interface .............................................................................................................. 199
ec2-delete-placement-group ............................................................................................................... 202
ec2-delete-route .................................................................................................................................. 205
ec2-delete-route-table ......................................................................................................................... 208
ec2-delete-snapshot ........................................................................................................................... 211
API Version 2013-08-15
3
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-spot-datafeed-subscription ............................................................................................... 214
ec2-delete-subnet ............................................................................................................................... 217
ec2-delete-tags ................................................................................................................................... 220
ec2-delete-volume .............................................................................................................................. 224
ec2-delete-vpc .................................................................................................................................... 227
ec2-delete-vpn-connection ................................................................................................................. 230
ec2-delete-vpn-connection-route ........................................................................................................ 233
ec2-delete-vpn-gateway ...................................................................................................................... 236
ec2-deregister ..................................................................................................................................... 239
ec2-describe-account-attributes ......................................................................................................... 242
ec2-describe-addresses ..................................................................................................................... 246
ec2-describe-availability-zones ........................................................................................................... 251
ec2-describe-bundle-tasks .................................................................................................................. 255
ec2-describe-conversion-tasks ........................................................................................................... 260
ec2-describe-customer-gateways ....................................................................................................... 263
ec2-describe-dhcp-options ................................................................................................................. 268
ec2-describe-export-tasks .................................................................................................................. 273
ec2-describe-group ............................................................................................................................. 276
ec2-describe-image-attribute .............................................................................................................. 282
ec2-describe-images .......................................................................................................................... 286
ec2-describe-instance-attribute .......................................................................................................... 295
ec2-describe-instance-status .............................................................................................................. 300
ec2-describe-instances ....................................................................................................................... 307
ec2-describe-internet-gateways .......................................................................................................... 320
ec2-describe-keypairs ......................................................................................................................... 324
ec2-describe-network-acls .................................................................................................................. 328
ec2-describe-network-interface-attribute ............................................................................................ 333
ec2-describe-network-interfaces ......................................................................................................... 337
ec2-describe-placement-groups ......................................................................................................... 344
ec2-describe-regions .......................................................................................................................... 348
ec2-describe-reserved-instances ....................................................................................................... 352
ec2-describe-reserved-instances-listings ........................................................................................... 358
ec2-describe-reserved-instances-modifications ................................................................................. 363
ec2-describe-reserved-instances-offerings ......................................................................................... 368
ec2-describe-route-tables ................................................................................................................... 376
ec2-describe-snapshot-attribute ......................................................................................................... 381
ec2-describe-snapshots ..................................................................................................................... 385
ec2-describe-spot-datafeed-subscription ............................................................................................ 391
ec2-describe-spot-instance-requests ................................................................................................. 394
ec2-describe-spot-price-history .......................................................................................................... 402
ec2-describe-subnets ......................................................................................................................... 408
ec2-describe-tags ............................................................................................................................... 413
ec2-describe-volume-attribute ............................................................................................................ 418
ec2-describe-volume-status ................................................................................................................ 422
ec2-describe-volumes ......................................................................................................................... 428
ec2-describe-vpc-attribute .................................................................................................................. 434
ec2-describe-vpcs .............................................................................................................................. 438
ec2-describe-vpn-connections ............................................................................................................ 443
ec2-describe-vpn-gateways ................................................................................................................ 449
ec2-detach-internet-gateway .............................................................................................................. 454
ec2-detach-network-interface ............................................................................................................. 457
ec2-detach-volume ............................................................................................................................. 460
ec2-detach-vpn-gateway ..................................................................................................................... 464
ec2-disable-vgw-route-propagation .................................................................................................... 468
ec2-disassociate-address ................................................................................................................... 471
ec2-disassociate-route-table ............................................................................................................... 475
ec2-enable-vgw-route-propagation ..................................................................................................... 478
ec2-enable-volume-io ......................................................................................................................... 481
API Version 2013-08-15
4
Amazon Elastic Compute Cloud CLI Reference
ec2-fingerprint-key .............................................................................................................................. 484
ec2-get-console-output ....................................................................................................................... 487
ec2-get-password ............................................................................................................................... 491
ec2-import-instance ............................................................................................................................ 495
ec2-import-keypair .............................................................................................................................. 502
ec2-import-volume .............................................................................................................................. 506
ec2-migrate-image .............................................................................................................................. 512
ec2-modify-image-attribute ................................................................................................................. 518
ec2-modify-instance-attribute ............................................................................................................. 523
ec2-modify-network-interface-attribute ............................................................................................... 529
ec2-modify-reserved-instances ........................................................................................................... 534
ec2-modify-snapshot-attribute ............................................................................................................ 538
ec2-modify-volume-attribute ............................................................................................................... 542
ec2-modify-vpc-attribute ..................................................................................................................... 546
ec2-monitor-instances ........................................................................................................................ 549
ec2-purchase-reserved-instances-offering ......................................................................................... 552
ec2-reboot-instances .......................................................................................................................... 556
ec2-register ......................................................................................................................................... 559
ec2-release-address ........................................................................................................................... 565
ec2-replace-network-acl-association .................................................................................................. 569
ec2-replace-network-acl-entry ............................................................................................................ 572
ec2-replace-route ................................................................................................................................ 576
ec2-replace-route-table-association ................................................................................................... 580
ec2-report-instance-status .................................................................................................................. 584
ec2-request-spot-instances ................................................................................................................ 589
ec2-reset-image-attribute .................................................................................................................... 600
ec2-reset-instance-attribute ................................................................................................................ 603
ec2-reset-network-interface-attribute .................................................................................................. 607
ec2-reset-snapshot-attribute ............................................................................................................... 610
ec2-resume-import ............................................................................................................................. 613
ec2-revoke .......................................................................................................................................... 618
ec2-run-instances ............................................................................................................................... 624
ec2-start-instances ............................................................................................................................. 637
ec2-stop-instances .............................................................................................................................. 640
ec2-terminate-instances ..................................................................................................................... 644
ec2-unassign-private-ip-addresses ..................................................................................................... 647
ec2-unmonitor-instances .................................................................................................................... 650
ec2-upload-disk-image ....................................................................................................................... 653
ec2-version ......................................................................................................................................... 657
Common Options ................................................................................................................................ 659
Commands (AMI Tools) ...................................................................................................................... 661
ec2-bundle-image ............................................................................................................................... 662
ec2-bundle-vol .................................................................................................................................... 666
ec2-delete-bundle ............................................................................................................................... 671
ec2-download-bundle ......................................................................................................................... 674
ec2-migrate-bundle ............................................................................................................................. 677
ec2-migrate-manifest .......................................................................................................................... 681
ec2-unbundle ...................................................................................................................................... 684
ec2-upload-bundle .............................................................................................................................. 686
Common Options ................................................................................................................................ 688
API Version 2013-08-15
5
Amazon Elastic Compute Cloud CLI Reference
Welcome
This is the Amazon Elastic Compute Cloud Command Line Reference. It provides descriptions, syntax,
and usage examples for each of the commands for Amazon EC2 and Amazon Virtual Private Cloud
(Amazon VPC). The commands wrap the Amazon EC2 API actions.
Relevant Topics How Do I?
Amazon EC2 CLI Tools
Amazon EC2 AMI Tools
Download the command line tools
Setting Up the Command Line Interface Tools (in the Amazon
Elastic Compute Cloud User Guide)
Prepare to use the command line tools
Commands (CLI Tools) (p. 9)
Commands (AMI Tools) (p. 661)
Get the alphabetical list of commands
Common Options for CLI Tools (p. 659)
Common Options for AMI Tools (p. 688)
Get the list of the common options for
the commands
Error Codes (in the Amazon Elastic Compute Cloud API
Reference)
Get descriptions of the error codes
Regions and Endpoints Get the list of regions and endpoints
If you prefer, you can use one of these command line interfaces instead:
AWS Command Line Interface (CLI)
Provides commands for a broad set of AWS products, and is supported on Windows, Mac, and
Linux/UNIX. To get started, see AWS Command Line Interface User Guide. For more information
about the commands for Amazon EC2, see ec2.
AWS Tools for Windows PowerShell
Provides commands for a broad set of AWS products for those who script in the PowerShell
environment. To get started, see AWS Tools for Windows PowerShell User Guide.
Related Topics
• Amazon EC2 product page
API Version 2013-08-15
1
Amazon Elastic Compute Cloud CLI Reference
• Amazon Elastic Compute Cloud User Guide
• Amazon Virtual Private Cloud User Guide
• Amazon Elastic Compute Cloud API Reference
API Version 2013-08-15
2
Amazon Elastic Compute Cloud CLI Reference
List of Commands by Function
Account Attributes
• ec2-describe-account-attributes (p. 242)
Amazon DevPay
• ec2-confirm-product-instance (p. 75)
AMIs
• ec2-copy-image (p. 78)
• ec2-create-image (p. 97)
• ec2-deregister (p. 239)
• ec2-describe-image-attribute (p. 282)
• ec2-describe-images (p. 286)
• ec2-migrate-image (p. 512)
• ec2-modify-image-attribute (p. 518)
• ec2-register (p. 559)
• ec2-reset-image-attribute (p. 600)
AMI Bundling (API Tools)
• ec2-bundle-image (p. 662)
• ec2-bundle-vol (p. 666)
• ec2-delete-bundle (p. 671)
• ec2-download-bundle (p. 674)
• ec2-migrate-bundle (p. 677)
• ec2-migrate-manifest (p. 681)
• ec2-unbundle (p. 684)
API Version 2013-08-15
3
Amazon Elastic Compute Cloud CLI Reference
• ec2-upload-bundle (p. 686)
Bundle Tasks
• ec2-bundle-instance (p. 54)
• ec2-cancel-bundle-task (p. 59)
• ec2-describe-bundle-tasks (p. 255)
Customer Gateways (Amazon VPC)
• ec2-create-customer-gateway (p. 85)
• ec2-delete-customer-gateway (p. 173)
• ec2-describe-customer-gateways (p. 263)
DHCP Options (Amazon VPC)
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 89)
• ec2-delete-dhcp-options (p. 176)
• ec2-describe-dhcp-options (p. 268)
Elastic Block Store
• ec2-attach-volume (p. 40)
• ec2-copy-snapshot (p. 81)
• ec2-create-snapshot (p. 139)
• ec2-create-volume (p. 154)
• ec2-delete-disk-image (p. 179)
• ec2-delete-snapshot (p. 211)
• ec2-delete-volume (p. 224)
• ec2-describe-snapshot-attribute (p. 381)
• ec2-describe-snapshots (p. 385)
• ec2-describe-volume-attribute (p. 418)
• ec2-describe-volumes (p. 428)
• ec2-describe-volume-status (p. 422)
• ec2-detach-volume (p. 460)
• ec2-enable-volume-io (p. 481)
• ec2-modify-snapshot-attribute (p. 538)
• ec2-modify-volume-attribute (p. 542)
• ec2-reset-snapshot-attribute (p. 610)
API Version 2013-08-15
4
Amazon Elastic Compute Cloud CLI Reference
Elastic IP Addresses
• ec2-allocate-address (p. 13)
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 246)
• ec2-disassociate-address (p. 471)
• ec2-release-address (p. 565)
Elastic Network Interfaces (Amazon VPC)
• ec2-assign-private-ip-addresses (p. 17)
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interfaces (p. 337)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
• ec2-unassign-private-ip-addresses (p. 647)
Instances
• ec2-describe-instance-attribute (p. 295)
• ec2-describe-instance-status (p. 300)
• ec2-describe-instances (p. 307)
• ec2-get-console-output (p. 487)
• ec2-get-password (p. 491)
• ec2-modify-instance-attribute (p. 523)
• ec2-reboot-instances (p. 556)
• ec2-reset-instance-attribute (p. 603)
• ec2-run-instances (p. 624)
• ec2-start-instances (p. 637)
• ec2-stop-instances (p. 640)
• ec2-terminate-instances (p. 644)
Internet Gateways (Amazon VPC)
• ec2-attach-internet-gateway (p. 34)
• ec2-create-internet-gateway (p. 106)
• ec2-delete-internet-gateway (p. 186)
• ec2-describe-internet-gateways (p. 320)
API Version 2013-08-15
5
Amazon Elastic Compute Cloud CLI Reference
• ec2-detach-internet-gateway (p. 454)
Key Pairs
• ec2-create-keypair (p. 109)
• ec2-delete-keypair (p. 189)
• ec2-describe-keypairs (p. 324)
• ec2-fingerprint-key (p. 484)
• ec2-import-keypair (p. 502)
Monitoring
• ec2-monitor-instances (p. 549)
• ec2-unmonitor-instances (p. 650)
Network ACLs (Amazon VPC)
• ec2-create-network-acl (p. 113)
• ec2-create-network-acl-entry (p. 116)
• ec2-delete-network-acl (p. 192)
• ec2-delete-network-acl-entry (p. 195)
• ec2-describe-network-acls (p. 328)
• ec2-replace-network-acl-association (p. 569)
• ec2-replace-network-acl-entry (p. 572)
Placement Groups
• ec2-create-placement-group (p. 125)
• ec2-delete-placement-group (p. 202)
• ec2-describe-placement-groups (p. 344)
Regions and Availability Zones
• ec2-describe-availability-zones (p. 251)
• ec2-describe-regions (p. 348)
Reserved Instances
• ec2-cancel-reserved-instances-listing (p. 68)
• ec2-create-reserved-instances-listing (p. 128)
• ec2-describe-reserved-instances (p. 352)
• ec2-describe-reserved-instances-listings (p. 358)
• ec2-describe-reserved-instances-modifications (p. 363)
• ec2-describe-reserved-instances-offerings (p. 368)
API Version 2013-08-15
6
Amazon Elastic Compute Cloud CLI Reference
• ec2-modify-reserved-instances (p. 534)
• ec2-purchase-reserved-instances-offering (p. 552)
Route Tables (Amazon VPC)
• ec2-associate-route-table (p. 30)
• ec2-create-route (p. 132)
• ec2-create-route-table (p. 136)
• ec2-delete-route (p. 205)
• ec2-delete-route-table (p. 208)
• ec2-describe-route-tables (p. 376)
• ec2-disable-vgw-route-propagation (p. 468)
• ec2-disassociate-route-table (p. 475)
• ec2-enable-vgw-route-propagation (p. 478)
• ec2-replace-route (p. 576)
• ec2-replace-route-table-association (p. 580)
Security Groups
• ec2-authorize (p. 47)
• ec2-create-group (p. 93)
• ec2-delete-group (p. 182)
• ec2-describe-group (p. 276)
• ec2-revoke (p. 618)
Spot Instances
• ec2-cancel-spot-instance-requests (p. 72)
• ec2-create-spot-datafeed-subscription (p. 143)
• ec2-delete-spot-datafeed-subscription (p. 214)
• ec2-describe-spot-datafeed-subscription (p. 391)
• ec2-describe-spot-instance-requests (p. 394)
• ec2-describe-spot-price-history (p. 402)
• ec2-request-spot-instances (p. 589)
Subnets (Amazon VPC)
• ec2-create-subnet (p. 146)
• ec2-delete-subnet (p. 217)
• ec2-describe-subnets (p. 408)
API Version 2013-08-15
7
Amazon Elastic Compute Cloud CLI Reference
Tags
• ec2-create-tags (p. 150)
• ec2-delete-tags (p. 220)
• ec2-describe-tags (p. 413)
VM Import
• ec2-cancel-conversion-task (p. 62)
• ec2-delete-disk-image (p. 179)
• ec2-describe-conversion-tasks (p. 260)
• ec2-import-instance (p. 495)
• ec2-import-volume (p. 506)
• ec2-resume-import (p. 613)
VM Export
• ec2-cancel-export-task (p. 65)
• ec2-create-instance-export-task (p. 102)
• ec2-describe-export-tasks (p. 273)
VPCs (Amazon VPC)
• ec2-create-vpc (p. 158)
• ec2-delete-vpc (p. 227)
• ec2-describe-vpc-attribute (p. 434)
• ec2-describe-vpcs (p. 438)
• ec2-modify-vpc-attribute (p. 546)
VPN Connections (Amazon VPC)
• ec2-create-vpn-connection (p. 162)
• ec2-create-vpn-connection-route (p. 167)
• ec2-delete-vpn-connection (p. 230)
• ec2-describe-vpn-connections (p. 443)
Virtual Private Gateways (Amazon VPC)
• ec2-attach-vpn-gateway (p. 44)
• ec2-create-vpn-gateway (p. 170)
• ec2-delete-vpn-gateway (p. 236)
• ec2-describe-vpn-gateways (p. 449)
• ec2-detach-vpn-gateway (p. 464)
API Version 2013-08-15
8
Amazon Elastic Compute Cloud CLI Reference
Commands (CLI Tools)
You install and run the CLI tools to manage your Amazon EC2 resources (such as instances, security
groups, and volumes) and your Amazon VPC resources (such as VPCs, subnets, route tables, and
Internet gateways).
Topics
• ec2-allocate-address (p. 13)
• ec2-assign-private-ip-addresses (p. 17)
• ec2-associate-address (p. 21)
• ec2-associate-dhcp-options (p. 26)
• ec2-associate-route-table (p. 30)
• ec2-attach-internet-gateway (p. 34)
• ec2-attach-network-interface (p. 37)
• ec2-attach-volume (p. 40)
• ec2-attach-vpn-gateway (p. 44)
• ec2-authorize (p. 47)
• ec2-bundle-instance (p. 54)
• ec2-cancel-bundle-task (p. 59)
• ec2-cancel-conversion-task (p. 62)
• ec2-cancel-export-task (p. 65)
• ec2-cancel-reserved-instances-listing (p. 68)
• ec2-cancel-spot-instance-requests (p. 72)
• ec2-confirm-product-instance (p. 75)
• ec2-copy-image (p. 78)
• ec2-copy-snapshot (p. 81)
• ec2-create-customer-gateway (p. 85)
• ec2-create-dhcp-options (p. 89)
• ec2-create-group (p. 93)
• ec2-create-image (p. 97)
• ec2-create-instance-export-task (p. 102)
• ec2-create-internet-gateway (p. 106)
• ec2-create-keypair (p. 109)
• ec2-create-network-acl (p. 113)
API Version 2013-08-15
9
Amazon Elastic Compute Cloud CLI Reference
• ec2-create-network-acl-entry (p. 116)
• ec2-create-network-interface (p. 121)
• ec2-create-placement-group (p. 125)
• ec2-create-reserved-instances-listing (p. 128)
• ec2-create-route (p. 132)
• ec2-create-route-table (p. 136)
• ec2-create-snapshot (p. 139)
• ec2-create-spot-datafeed-subscription (p. 143)
• ec2-create-subnet (p. 146)
• ec2-create-tags (p. 150)
• ec2-create-volume (p. 154)
• ec2-create-vpc (p. 158)
• ec2-create-vpn-connection (p. 162)
• ec2-create-vpn-connection-route (p. 167)
• ec2-create-vpn-gateway (p. 170)
• ec2-delete-customer-gateway (p. 173)
• ec2-delete-dhcp-options (p. 176)
• ec2-delete-disk-image (p. 179)
• ec2-delete-group (p. 182)
• ec2-delete-internet-gateway (p. 186)
• ec2-delete-keypair (p. 189)
• ec2-delete-network-acl (p. 192)
• ec2-delete-network-acl-entry (p. 195)
• ec2-delete-network-interface (p. 199)
• ec2-delete-placement-group (p. 202)
• ec2-delete-route (p. 205)
• ec2-delete-route-table (p. 208)
• ec2-delete-snapshot (p. 211)
• ec2-delete-spot-datafeed-subscription (p. 214)
• ec2-delete-subnet (p. 217)
• ec2-delete-tags (p. 220)
• ec2-delete-volume (p. 224)
• ec2-delete-vpc (p. 227)
• ec2-delete-vpn-connection (p. 230)
• ec2-delete-vpn-connection-route (p. 233)
• ec2-delete-vpn-gateway (p. 236)
• ec2-deregister (p. 239)
• ec2-describe-account-attributes (p. 242)
• ec2-describe-addresses (p. 246)
• ec2-describe-availability-zones (p. 251)
• ec2-describe-bundle-tasks (p. 255)
• ec2-describe-conversion-tasks (p. 260)
• ec2-describe-customer-gateways (p. 263)
• ec2-describe-dhcp-options (p. 268)
• ec2-describe-export-tasks (p. 273)
• ec2-describe-group (p. 276)
API Version 2013-08-15
10
Amazon Elastic Compute Cloud CLI Reference
• ec2-describe-image-attribute (p. 282)
• ec2-describe-images (p. 286)
• ec2-describe-instance-attribute (p. 295)
• ec2-describe-instance-status (p. 300)
• ec2-describe-instances (p. 307)
• ec2-describe-internet-gateways (p. 320)
• ec2-describe-keypairs (p. 324)
• ec2-describe-network-acls (p. 328)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-describe-placement-groups (p. 344)
• ec2-describe-regions (p. 348)
• ec2-describe-reserved-instances (p. 352)
• ec2-describe-reserved-instances-listings (p. 358)
• ec2-describe-reserved-instances-modifications (p. 363)
• ec2-describe-reserved-instances-offerings (p. 368)
• ec2-describe-route-tables (p. 376)
• ec2-describe-snapshot-attribute (p. 381)
• ec2-describe-snapshots (p. 385)
• ec2-describe-spot-datafeed-subscription (p. 391)
• ec2-describe-spot-instance-requests (p. 394)
• ec2-describe-spot-price-history (p. 402)
• ec2-describe-subnets (p. 408)
• ec2-describe-tags (p. 413)
• ec2-describe-volume-attribute (p. 418)
• ec2-describe-volume-status (p. 422)
• ec2-describe-volumes (p. 428)
• ec2-describe-vpc-attribute (p. 434)
• ec2-describe-vpcs (p. 438)
• ec2-describe-vpn-connections (p. 443)
• ec2-describe-vpn-gateways (p. 449)
• ec2-detach-internet-gateway (p. 454)
• ec2-detach-network-interface (p. 457)
• ec2-detach-volume (p. 460)
• ec2-detach-vpn-gateway (p. 464)
• ec2-disable-vgw-route-propagation (p. 468)
• ec2-disassociate-address (p. 471)
• ec2-disassociate-route-table (p. 475)
• ec2-enable-vgw-route-propagation (p. 478)
• ec2-enable-volume-io (p. 481)
• ec2-fingerprint-key (p. 484)
• ec2-get-console-output (p. 487)
• ec2-get-password (p. 491)
• ec2-import-instance (p. 495)
• ec2-import-keypair (p. 502)
• ec2-import-volume (p. 506)
API Version 2013-08-15
11
Amazon Elastic Compute Cloud CLI Reference
• ec2-migrate-image (p. 512)
• ec2-modify-image-attribute (p. 518)
• ec2-modify-instance-attribute (p. 523)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-modify-reserved-instances (p. 534)
• ec2-modify-snapshot-attribute (p. 538)
• ec2-modify-volume-attribute (p. 542)
• ec2-modify-vpc-attribute (p. 546)
• ec2-monitor-instances (p. 549)
• ec2-purchase-reserved-instances-offering (p. 552)
• ec2-reboot-instances (p. 556)
• ec2-register (p. 559)
• ec2-release-address (p. 565)
• ec2-replace-network-acl-association (p. 569)
• ec2-replace-network-acl-entry (p. 572)
• ec2-replace-route (p. 576)
• ec2-replace-route-table-association (p. 580)
• ec2-report-instance-status (p. 584)
• ec2-request-spot-instances (p. 589)
• ec2-reset-image-attribute (p. 600)
• ec2-reset-instance-attribute (p. 603)
• ec2-reset-network-interface-attribute (p. 607)
• ec2-reset-snapshot-attribute (p. 610)
• ec2-resume-import (p. 613)
• ec2-revoke (p. 618)
• ec2-run-instances (p. 624)
• ec2-start-instances (p. 637)
• ec2-stop-instances (p. 640)
• ec2-terminate-instances (p. 644)
• ec2-unassign-private-ip-addresses (p. 647)
• ec2-unmonitor-instances (p. 650)
• ec2-upload-disk-image (p. 653)
• ec2-version (p. 657)
• Common Options for CLI Tools (p. 659)
API Version 2013-08-15
12
Amazon Elastic Compute Cloud CLI Reference
ec2-allocate-address
Description
Acquires an Elastic IP address.
An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. For more information, see
Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2allocaddr.
Syntax
ec2-allocate-address [-d domain]
Options
Description Name
Set to vpc to allocate the address for use with instances in a
VPC.
Type: String
Valid values: vpc
Default: The address is for use in EC2-Classic.
Required: Conditional
Condition: Required when allocating the address for use in a
VPC.
Example: -d vpc
-d, --domain domain
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
13
Amazon Elastic Compute Cloud CLI Reference
ec2-allocate-address
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
14
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ADDRESS identifier
• The Elastic IP address for use with your account
• Indicates whether this Elastic IP address is for use with instances in EC2-Classic (standard) or
instances in a VPC (vpc).
• [EC2-VPC] The allocation ID (an ID that Amazon EC2 assigns to represent the allocation of an address
for use in a VPC)
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command allocates an Elastic IP address for use in EC2-Classic.
PROMPT> ec2-allocate-address
ADDRESS 192.0.2.1 standard
Example 2
This example command allocates an Elastic IP address for use in a VPC.
PROMPT> ec2-allocate-address -d vpc
ADDRESS 198.51.100.1 vpc eipalloc-5723d13e
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AllocateAddress
API Version 2013-08-15
15
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 246)
• ec2-disassociate-address (p. 471)
• ec2-release-address (p. 565)
API Version 2013-08-15
16
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-assign-private-ip-addresses
Description
Assigns one or more secondary private IP addresses to the specified network interface. You can specify
one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses
to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses
that you can assign to an instance varies by instance type. For information about instance types, see
Available Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about
Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2apip.
Syntax
ec2-assign-private-ip-addresses --network-interface interface_id
{[--secondary-private-ip-address-count count] | [--secondary-private-ip-address
ip_address]}
Options
Description Name
The ID of the network interface.
Type: String
Default: None
Required: Yes
Example: -n eni-bc7299d4
-n, --network-interface
interface_id
The IP address to be assigned as a secondary private IP
address to the network interface. This option can be used
multiple times to assign multiple secondary IP addresses to
the network interface.
If you don't specify an IP address, Amazon EC2 selects an
IP address within the subnet range.
Type: String
Default: None
Required: Conditional
Condition: You can't specify this parameter when also
specifying --secondary-private-ip-address-count.
Example: --secondary-private-ip-address 10.0.2.18
--secondary-private-ip-address 10.0.2.28
-secondary-private-ip-address
ip_address
The number of secondary IP addresses to assign to the
network interface.
Type: Integer
Default: None
Required: Conditional
Condition: You can't specify this parameter when also
specifying --secondary-private-ip-address.
Example: --secondary-private-ip-address-count 2
-secondary-private-ip-address-count
count
API Version 2013-08-15
17
Amazon Elastic Compute Cloud CLI Reference
ec2-assign-private-ip-addresses
Description Name
Specifies whether to allow an IP address that is already
assigned to another network interface to be reassigned to the
specified network interface.
Type: Boolean
Default: false
Required: No
--allow-reassignment
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
18
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns true if the operation succeeds or an error if the operation does not succeed.
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command assigns two secondary private IP addresses (10.0.0.118 and 10.0.0.119)
to the network interface eni-c08a35a9.
API Version 2013-08-15
19
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-assign-private-ip-addresses --network-interface eni-c08a35a9
--secondary-private-ip-address 10.0.0.118 --secondary-private-ip-address
10.0.0.119
RETURN true
Example 2
This example command assigns two secondary private IP addresses to the network interface
eni-c08a35a9. Amazon EC2 automatically assigns these IP addresses from the available IP addresses
within the subnet's CIDR block range.
PROMPT> ec2-assign-private-ip-addresses --network-interface eni-c08a35a9
--secondary-private-ip-address-count 2
RETURN true
Example 3
This example command assigns a secondary private IP address of 10.0.0.82 to the network interface
eni-73e05a1.
PROMPT> ec2-assign-private-ip-addresses --network-interface eni-73e05a1
--secondary-private-ip-address 10.0.0.82
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AssignPrivateIpAddresses
Related Commands
• ec2-unassign-private-ip-addresses (p. 647)
API Version 2013-08-15
20
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-associate-address
Description
Associates an Elastic IP address with an instance or a network interface. For more information about
Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
[EC2-Classic, default VPC] If the Elastic IP address is already associated with a different instance, it is
disassociated from that instance and associated with the specified instance.
[EC2-VPC] If you do not specify a private IP address, the Elastic IP address is associated with the primary
IP address. If the Elastic IP address is already associated with a different instance or a network interface,
you get an error unless you specify the --allow-reassociation option.
This is an idempotent operation. If you enter it more than once, Amazon EC2 does not return an error.
The short version of this command is ec2assocaddr.
Syntax
ec2-associate-address [-i instance_id | -n interface_id] [ip_address | -a
allocation_id] [--private-ip-address private_ip_address] [--allow-reassociation]
Options
Description Name
The ID of the instance.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-Classic. For EC2-VPC, you can
specify either an instance ID or a network interface ID, but
not both.
Example: -i i-43a4412a
-i, --instance instance_id
The Elastic IP address.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-Classic.
Example: 192.0.2.1
ip_address
[EC2-VPC] The allocation ID.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-VPC.
Example: -a eipalloc-5723d13e
-a, --allocation-id
allocation_id
API Version 2013-08-15
21
Amazon Elastic Compute Cloud CLI Reference
ec2-associate-address
Description Name
[EC2-VPC] The ID of the network interface. Association fails
when specifying an instance ID unless exactly one interface
is attached.
Type: String
Default: None
Required: Conditional
Condition: If the instance has more than one network interface,
you must specify a network interface ID.
Example: -n eni-bc7299d4
-n, --network-interface
interface_id
[EC2-VPC] The primary or secondary private IP address to
associate with the Elastic IP address. If no private IP address
is specified, the Elastic IP address is associated with the
primary private IP address.
Type: String
Default: None
Required: No
Example: -p 10.0.0.45
-p, --private-ip-address
private_ip_address
[EC2-VPC] Allows an Elastic IP address that is already
associated with an instance or a network interface to be
re-associated with the specified instance or network interface.
Otherwise, the operation fails.
Type: Boolean
Default: The operation fails if the address is already
associated.
Required: No
Example: --allow-reassociation
--allow-reassociation
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
22
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
23
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ADDRESS identifier
• The Elastic IP address
• The instance or network interface to which the Elastic IP address is associated
• [EC2-VPC] The allocation ID
• [EC2-VPC] If specified, the private IP address associated with the Elastic IP address
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command associates an Elastic IP address with an instance in EC2-Classic.
PROMPT> ec2-associate-address 203.0.113.0 -i i-43a4412a
ADDRESS 203.0.113.0 i-43a4412a
Example 2
This example command associates an Elastic IP address with an instance in a VPC.
PROMPT> ec2-associate-address -a eipalloc-5723d13e -i i-4fd2431a
ADDRESS i-43a4412a eipalloc-5723d13e eipassoc-fc5ca095
Example 3
This example command associates an Elastic IP address with a network interface.
PROMPT> ec2-associate-address -a eipalloc-4a4c6c23 -n eni-1001fa78
ADDRESS i-1ae1ae78 eipalloc-4a4c6c23 eipassoc-1841907a
Example 4
This example command associates an Elastic IP address with a private IP address for the specified
instance in a VPC. The allow-reassociation option allows the Elastic IP address to be associated
with the specified instance even if it's already associated with a different instance or a network interface.
API Version 2013-08-15
24
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-associate-address -a eipalloc-bf66dcd6 -i i-ba6a0dee -p 10.0.0.85
--allow-reassociation
ADDRESS i-ba6a0dee eipalloc-bf66dcd6 eipassoc-9c66dcf5
10.0.0.85
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AssociateAddress
Related Commands
• ec2-allocate-address (p. 13)
• ec2-describe-addresses (p. 246)
• ec2-disassociate-address (p. 471)
• ec2-release-address (p. 565)
API Version 2013-08-15
25
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-associate-dhcp-options
Description
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates
no DHCP options with the VPC.
After you associate the options with the VPC, any existing instances and all new instances that you launch
in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick
up the changes within a few hours, depending on how frequently the instance renews its DHCP lease.
You can explicitly renew the lease using the operating system on the instance.
For more information, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2assocdopt.
Syntax
ec2-associate-dhcp-options { dhcp_options_id | default } -c vpc_id
Options
Description Name
The ID of the DHCP options set, or default to associate no
DHCP options with the VPC.
Type: String
Default: None
Required: Yes
Example: dopt-7a8b9c2d
dhcp_options_id
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: -c vpc-1a2b3c4d
-c vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
26
Amazon Elastic Compute Cloud CLI Reference
ec2-associate-dhcp-options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
27
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The DHCPOPTIONS identifier
• The ID of the DHCP options (or default if no DHCP options are associated with the VPC)
• The ID of the VPC
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command associates the DHCP options set with the ID dopt-7a8b9c2d with the VPC with
the ID vpc-1a2b3c4d.
PROMPT> ec2-associate-dhcp-options dopt-7a8b9c2d -c vpc-1a2b3c4d
DHCPOPTIONS dopt-7a8b9c2d vpc-1a2b3c4d
Example 2
This example command changes the VPC with the ID vpc-1a2b3c4d to have no associated DHCP
options set.
PROMPT> ec2-associate-dhcp-options default -c vpc-1a2b3c4d
DHCPOPTIONS default vpc-1a2b3c4d
API Version 2013-08-15
28
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AssociateDhcpOptions
Related Commands
• ec2-create-dhcp-options (p. 89)
• ec2-delete-dhcp-options (p. 176)
• ec2-describe-dhcp-options (p. 268)
API Version 2013-08-15
29
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-associate-route-table
Description
Associates a subnet with a route table. The subnet and route table must be in the same VPC. This
association causes traffic originating from the subnet to be routed according to the routes in the route
table. The action returns an association ID, which you need in order to disassociate the route table from
the subnet later. A route table can be associated with multiple subnets.
For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2assocrtb.
Syntax
ec2-associate-route-table route_table_id -s subnet_id
Options
Description Name
The ID of the route table.
Type: String
Default: None
Required: Yes
Example: rtb-6aa34603
route_table_id
The ID of the subnet.
Type: String
Default: None
Required: Yes
Example: -s subnet-92a045fb
-s subnet_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
30
Amazon Elastic Compute Cloud CLI Reference
ec2-associate-route-table
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
31
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ASSOCIATION identifier
• The route table association ID (needed to disassociate the route table)
• The ID of the route table
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command associates the route-table with the ID rtb-6aa34603 with the subnet with the
ID subnet-92a045fb.
PROMPT> ec2-associate-route-table rtb-6aa34603 -s subnet-92a045fb
ASSOCIATION rtbassoc-61a34608 rtb-6aa34603 subnet-92a045fb
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AssociateRouteTable
Related Commands
• ec2-create-route-table (p. 136)
• ec2-delete-route-table (p. 208)
• ec2-describe-route-tables (p. 376)
• ec2-disassociate-route-table (p. 475)
API Version 2013-08-15
32
Amazon Elastic Compute Cloud CLI Reference
Output
• ec2-replace-route-table-association (p. 580)
API Version 2013-08-15
33
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-attach-internet-gateway
Description
Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC. For
more information about your VPC and Internet gateway, see the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2attigw.
Syntax
ec2-attach-internet-gateway internet_gateway_id -c vpc_id
Options
Description Name
The ID of the Internet gateway.
Type: String
Default: None
Required: Yes
Example: igw-c3a643aa
internet_gateway_id
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: -c vpc-d9a045b0
-c, --vpc vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
34
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-internet-gateway
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
35
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ATTACHMENT identifier
• The ID of the VPC
• The attachment state (attaching, attached, detached, detaching, error)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command attaches the Internet gateway with the ID igw-eaad4883 to the VPC with the
ID vpc-11ad4878.
PROMPT> ec2-attach-internet-gateway igw-eaad4883 -c vpc-11ad4878
ATTACHMENT vpc-11ad4878 attaching
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AttachInternetGateway
Related Commands
• ec2-create-internet-gateway (p. 106)
• ec2-delete-internet-gateway (p. 186)
• ec2-describe-internet-gateways (p. 320)
• ec2-detach-internet-gateway (p. 454)
API Version 2013-08-15
36
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-attach-network-interface
Description
Attaches a network interface to an instance.
The short version of this command is ec2attnic.
Syntax
ec2-attach-network-interface interface_id -i, --instance instance_id -d,
--device-index device_index
Options
Description Name
The ID of the network interface.
Type: String
Default: None
Required: Yes
Example: eni-b35da6da
interface_id
The ID of the instance.
Type: String
Default: None
Required: Yes
Example: -i i-640a3c17
-i, --instance instance_id
The index of the device for the network interface attachment.
Type: String
Default: None
Required: Yes
Example: -d 1
-d, --device-index device_index
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
37
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-network-interface
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
38
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the ID of the network interface attachment.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command attaches the specified network interface to the specified instance.
PROMPT> ec2-attach-network-interface eni-b35da6da -i i-640a3c17 -d 1
eni-attach-dd3fdab4
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AttachNetworkInterface
Related Commands
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
39
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-attach-volume
Description
Attaches an Amazon EBS volume to a running or stopped instance and exposes it to the instance with
the specified device name.
For a list of supported device names, see Attaching the Volume to an Instance. Any device names that
aren't reserved for instance store volumes can be used for Amazon EBS volumes. For more information,
see Amazon EC2 Instance Store in the Amazon Elastic Compute Cloud User Guide.
Note
If a volume has an AWS Marketplace product code:
• The volume can only be attached to the root device of a stopped instance.
• You must be subscribed to the AWS Marketplace code that is on the volume.
• The configuration (instance type, operating system) of the instance must support that specific
AWS Marketplace code. For example, you cannot take a volume from a Windows instance
and attach it to a Linux instance.
• AWS Marketplace product codes are copied from the volume to the instance.
For an overview of the AWS Marketplace, see https://aws.amazon.com/marketplace/help/200900000.
For details on how to use the AWS Marketplace, see AWS Marketplace.
The short version of this command is ec2attvol.
Syntax
ec2-attach-volume volume_id --instance instance_id --device device
Options
Description Name
The ID of the Amazon EBS volume. The volume and instance
must be within the same Availability Zone.
Type: String
Default: None
Required: Yes
Example: vol-4d826724
volume_id
The ID of the instance.
Type: String
Default: None
Required: Yes
Example: -i i-6058a509
-i, --instance instance_id
API Version 2013-08-15
40
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-volume
Description Name
The device name to expose to the instance (for example,
/dev/sdh or xvdh).
Type: String
Default: None
Required: Yes
Example: -d /dev/sdf (for Linux/UNIX) or -d xvdf (for Windows)
-d, --device device
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
41
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ATTACHMENT identifier
• The ID of the volume
• The ID of the instance
• The device name
• The attachment state of the volume (attaching | attached | detaching | detached)
• The time stamp when the attachment initiated
• Whether the volume is set to delete on termination (true or false)
Amazon EC2 command line tools display errors using stderr.
API Version 2013-08-15
42
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command attaches the volume with the ID vol-1a2b3c4d to the instance with the ID
i-1a2b3c4d and exposes it as /dev/sdh.
PROMPT> ec2-attach-volume vol-1a2b3c4d -i i-1a2b3c4d -d /dev/sdh
ATTACHMENT vol-1a2b3c4d i-1a2b3c4d /dev/sdh attaching YYYY-MM-DDTHH:MM:SS+0000
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AttachVolume
Related Commands
• ec2-create-volume (p. 154)
• ec2-delete-volume (p. 224)
• ec2-describe-volumes (p. 428)
• ec2-detach-volume (p. 460)
API Version 2013-08-15
43
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-attach-vpn-gateway
Description
Attaches a virtual private gateway to a VPC. For more information, see Adding a Hardware Virtual Private
Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2attvgw.
Syntax
ec2-attach-vpn-gateway vpn_gateway_id -c vpc_id
Options
Description Name
The ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
Example: vgw-8db04f81
vpn_gateway_id
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: -c vpc-1a2b3c4d
-c, --vpc vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
44
Amazon Elastic Compute Cloud CLI Reference
ec2-attach-vpn-gateway
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
45
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VGWATTACHMENT identifier
• The ID of the attached VPC
• The state of the attachment (attaching, attached, detaching, detached)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command attaches the virtual private gateway with the ID vgw-8db04f81 to the VPC with
the ID vpc-1a2b3c4d.
PROMPT> ec2-attach-vpn-gateway vgw-8db04f81 -c vpc-1a2b3c4d
VGWATTACHMENT vpc-1a2b3c4d attaching
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• AttachVpnGateway
Related Commands
• ec2-create-vpn-gateway (p. 170)
• ec2-describe-vpn-gateways (p. 449)
• ec2-detach-vpn-gateway (p. 464)
• ec2-create-vpc (p. 158)
• ec2-create-vpn-connection (p. 162)
API Version 2013-08-15
46
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-authorize
Description
Adds a rule to a security group.
Important
EC2-Classic: You can have up to 100 rules per group.
EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress).
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might
occur.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC.
EC2-Classic doesn't support rules for egress traffic. For more information, see Amazon EC2 Security
Groups in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your VPC in the
Amazon Virtual Private Cloud User Guide.
EC2-Classic: This command either gives one or more CIDR IP address ranges permission to access a
security group for your account, or it gives one or more security groups (called the source groups)
permission to access a security group for your account. A source group can be for your own AWS account,
or another.
EC2-VPC: For ingress rules, this command either gives one or more CIDR IP address ranges permission
to access a security group for your VPC, or it gives one or more other security groups (called the source
groups) permission to access a security group for your VPC. The groups must all be in the same VPC.
For egress rules, this command permits instances in the VPC to send traffic to either one or more
destination CIDR IP address ranges, or to one or more destination security groups for the same VPC.
The short version of this command is ec2auth.
Syntax
ec2-authorize group [--egress] [-P protocol] (-p port_range | -t icmp_type_code)
[-u source_or_dest_group_owner ...] [-o source_or_dest_group ...] [-s
source_or_dest_cidr ...]
Options
Description Name
[EC2-Classic, default VPC] The name or ID of the security
group.
[Nondefault VPC] The ID of the security group.
The group must belong to your AWS account.
Type: String
Default: None
Required: Yes
Example: websrv
group
API Version 2013-08-15
47
Amazon Elastic Compute Cloud CLI Reference
ec2-authorize
Description Name
[EC2-VPC] Designates the rule as an egress rule (controls
traffic leaving the VPC).
Default: If this option is not specified, the rule applies to
ingress traffic for the specified security group.
--egress
The IP protocol name or number (see Protocol Numbers).
Security groups for EC2-Classic can have rules only for TCP,
UDP, and ICMP, whereas security groups for EC2-VPC can
have rules assigned to any protocol number.
When you use ec2-describe-group (p. 276), the protocol value
returned is the number. Exception: For TCP, UDP, and ICMP,
the value returned is the name (tcp, udp, or icmp).
Type: String
Valid values for EC2-Classic: tcp | udp | icmp or the
corresponding protocol number (6 | 17 | 1).
Default for EC2-Classic: Defaults to TCP if source CIDR is
specified (or implied by default), or all three protocols (TCP,
UDP, and ICMP) if source group is specified (to ensure
backwards compatibility).
Valid values for EC2-VPC: tcp | udp | icmp or any protocol
number (see Protocol Numbers). Use all to specify all
protocols.
Required: Conditional
Condition: Required for EC2-VPC.
Example: -P udp
-P, --protocol protocol
For TCP or UDP: The range of ports to allow.
Type: String
Valid values: A single integer or a range (min-max). You can
specify -1 to mean all ports (for example, port range 0-65535).
Default: None
Required: Conditional
Condition: Required if specifying tcp or udp (or the equivalent
number) for the protocol.
Example: -p 80-84
-p port_range
For ICMP: The ICMP type and code. Use the format
type:code, where both are integers. You can use -1 for the
type or code to mean all types or all codes.
Type: String
Default: None
Required: Conditional
Condition: Required if specifying icmp (or the equivalent
number) for the protocol.
Example: -t -1:-1
-t icmp_type_code
API Version 2013-08-15
48
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The ID of the AWS account that owns the source security
group. If the group is in your own account, set this to your
own AWS account ID. Cannot be used when specifying a
CIDR IP address.
Type: String
Default: None
Required: Conditional
Condition: For EC2-Classic: Required when adding a rule that
gives access to one or more source security groups.
Example: -u 111122223333
-u, source_or_dest_group_owner
The source security group (for ingress rules), or destination
security group (for egress rules). You can't use this option
when specifying a CIDR IP address with the -s option.
[Nondefault VPC] You must specify the ID of the group (for
example, sg-1a2b3c4d) instead of its name.
Type: String
Default: None
Required: Conditional
Condition: Required if giving access to one or more source
or destination security groups.
Example: -o headoffice
-o source_or_dest_group
The CIDR range. Cannot be used when specifying a source
or destination security group with the -o option.
Type: String
Default: 0.0.0.0/0
Constraints: Valid CIDR IP address range.
Required: Conditional
Condition: Required if giving access to one or more IP address
ranges.
Example: -s 205.192.8.45/24
-s, --cidr source_or_dest_cidr
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
49
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
50
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
A line containing the group information. Some of these fields may be blank.
• The GROUP identifier
• The ID of the security group
• The AWS account ID of the owner of the security group
• The name of the security group
• A description of the security group
• [EC2-VPC] The ID of the VPC the group belongs to
One of each of the following lines for each permission defined by the group:
• The PERMISSION identifier
• The AWS account ID of the owner of the security group
• The name of the security group granting permission
• The type of rule. Currently, only ALLOWS rules are supported
• The protocol to allow (for example, tcp and udp)
• The start of port range
• The end of port range
• FROM for an ingress rule or TO for an egress rule
• The source type (for ingress rules) or destination type (for egress rules)
• The source (for ingress rules) or destination (for egress rules)
• [USER only] The name of the source or destination entity
• [USER only] The ID of the security group
• Whether the rule is ingress rule or an egress rule
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command grants TCP port 80 access from the 192.0.2.0/24 address range to the security
group for EC2-Classic named websrv.
API Version 2013-08-15
51
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-authorize websrv -P tcp -p 80 -s 192.0.2.0/24
GROUP websrv
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 192.0.2.0/24 ingress
Example 2
This example command grants TCP port 80 access from the source group for EC2-Classic named
OtherAccountGroup (in AWS account 111122223333) to the security group for EC2-Classic named
websrv.
PROMPT> ec2-authorize websrv -P tcp -p 80 -u 111122223333 -o OtherAccountGroup
GROUP websrv
PERMISSION websrv ALLOWS tcp 80 80 FROM USER 111122223333 NAME OtherAccountGroup
ingress
Example 3
This example command grants TCP port 80 access from the 192.0.2.0/24 address range to the security
group for EC2-VPC with the ID sg-1a2b3c4d.
PROMPT> ec2-authorize sg-1a2b3c4d -P tcp -p 80 -s 192.0.2.0/24
GROUP sg-1a2b3c4d
PERMISSION ALLOWS tcp 80 80 FROM CIDR 192.0.2.0/24 ingress
Example 4
This example command grants egress access from the security group for EC2-VPC with the ID
sg-1a2b3c4d to the destination security group with the ID sg-2a2b3c4d on TCP port 1433.
PROMPT> ec2-authorize --egress sg-1a2b3c4d -P tcp -p 1433 -o sg-2a2b3c4d
GROUP sg-1a2b3c4d
PERMISSION ALLOWS tcp 1433 1433 TO USER ID sg-2a2b3c4d egress
Related Topics
Download
• Getting Started with the Command Line Tools
Related Actions
• AuthorizeSecurityGroupEgress
• AuthorizeSecurityGroupIngress
Related Commands
• ec2-create-group (p. 93)
• ec2-delete-group (p. 182)
• ec2-describe-group (p. 276)
API Version 2013-08-15
52
Amazon Elastic Compute Cloud CLI Reference
Related Topics
• ec2-revoke (p. 618)
API Version 2013-08-15
53
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-bundle-instance
Description
Bundles an Amazon instance store-backed Windows instance.
During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is
not preserved.
Note
This procedure is not applicable for Linux/UNIX instances or Windows instances that are backed
by Amazon EBS.
The short version of this command is ec2bundle.
Syntax
ec2-bundle-instance instance_id -b bucket -p prefix -o access_key_id {-c policy
| -s policy_signature |-w owner_secret_access_key} [-x hours] [--location
location] [-B]
Options
Description Name
The ID of the instance to bundle.
Type: String
Default: None
Required: Yes
Example: i-5e73d509
instance_id
The bucket in which to store the AMI.You can specify a bucket
that you already own or a new bucket that Amazon EC2
creates on your behalf. If you specify a bucket that belongs
to someone else, Amazon EC2 returns an error.
Type: String
Default: None
Required: Yes
Example: -b myawsbucket
-b, --bucket bucket
The prefix for the image component names being stored in
Amazon S3.
Type: String
Default: None
Required: Yes
Example: -p winami
-p, --prefix prefix
The access key ID of the owner of the Amazon S3 bucket.
Type: String
Default: None
Required: Yes
Example: -o AKIAIOSFODNN7EXAMPLE
-o, --owner-akid access_key_id
API Version 2013-08-15
54
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-instance
Description Name
A Base64-encoded Amazon S3 upload policy that gives
Amazon EC2 permission to upload items into Amazon S3 on
the user's behalf. If you provide this parameter, you must also
provide either a policy signature, or your secret access key,
so we can create a policy signature for you (the secret access
key is not passed to Amazon EC2). If you do not provide this
parameter, the --owner-sak is required, and we generate
an upload policy and policy signature for you automatically.
For more information about upload policies and how to sign
them, see the sections about policy construction and
signatures in the Amazon Simple Storage Service Developer
Guide.
Type: String
Default: None
Required: Conditional
Example: -c upload-policy
-c, --policy policy
The Base-64 encoded signature for the S3 upload policy. If
you provide --policy but not --policy-signature, then
--owner-sak is required, and we use it to automatically sign
the policy.
Type: String
Default: None
Required: Conditional
Example: -s upload-policy
-s, --policy-signature
policy_signature
The AWS secret access key for the owner of the Amazon S3
bucket specified in the -b parameter. This parameter is
required in either of these cases:
• If you don't provide the --policy parameter
• If you provide the --policy parameter, but don't provide
the --policy-signature parameter
The command line tools client uses the secret access key to
sign a policy for you, but does not send the secret access key
to Amazon EC2.
Type: String
Default: None
Required: Conditional
Example: -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
owner_secret_access_key
The validity period, in hours, for a generated upload policy.
Type: String
Default: 24
Required: No
Example: -x 8
-x, --expires hours
API Version 2013-08-15
55
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The location of the destination Amazon S3 bucket.
Type: String
Default: None
Required: No
Example: --location my-bucket-location
--location bucket_location
Indicates that no Amazon S3 bucket should be created if one
doesn't already exist, and that no attempt should be made to
fix incorrect permissions.
Type: Boolean
Default: false
Required: No
Example: -B
-B, --no-bucket-setup
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
API Version 2013-08-15
56
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The BUNDLE identifier
• The ID of the bundle
• The ID of the instance
• The bucket name
API Version 2013-08-15
57
Amazon Elastic Compute Cloud CLI Reference
Output
• The bundle prefix
• The bundle start time
• The bundle update time
• The current state (usually pending)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command bundles the specified instance.
PROMPT> ec2-bundle-instance i-12345678 -b myawsbucket -p winami -o AKIAIOSFOD
NN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
BUNDLE bun-c1a540a8 i-12345678 myawsbucket winami 2008-09-15T17:15:20+0000
pending
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• BundleInstance
Related Commands
• ec2-cancel-bundle-task (p. 59)
• ec2-create-image (p. 97)
• ec2-describe-bundle-tasks (p. 255)
API Version 2013-08-15
58
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-cancel-bundle-task
Description
Cancels a bundling operation for an instance store-backed Windows instance.
The short version of this command is ec2cbun.
Syntax
ec2-cancel-bundle-task bundle_id
Options
Description Name
The ID of the bundle task.
Type: String
Default: None
Required: Yes
Example: bun-cla432a3
bundle_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
59
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-bundle-task
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
60
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The BUNDLE identifier
• The ID of the bundle
• The ID of the instance
• The bucket name
• The cancel status
• The prefix
• The start time
• The update time
• The status (cancelling)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command cancels the bundle task with the ID bun-cla322b9.
PROMPT> ec2-cancel-bundle-task bun-cla322b9
BUNDLE bun-cla322b9 i-2674d22r myawsbucket winami 2008-09-15T17:15:20+0000 2008-
09-15T17:15:20+0000 cancelling
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CancelBundleTask
Related Commands
• ec2-bundle-instance (p. 54)
• ec2-describe-bundle-tasks (p. 255)
API Version 2013-08-15
61
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-cancel-conversion-task
Description
Cancels an active conversion task. The task can be the import of an instance or volume. The command
removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion
is complete or is in the process of transferring the final disk image, the command fails and returns an
exception.
For more information, see Using the Command Line Tools to Import Your Virtual Machine to Amazon
EC2 in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2cct.
Syntax
ec2-cancel-conversion-task task_id
Options
Description Name
The ID of the conversion task.
Type: String
Default: None
Required: Yes
Example: import-i-fh95npoc
task_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
62
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-conversion-task
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
63
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The CONVERSION-TASK identifier
• The ID of the conversion task
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command cancels the conversion task with the ID import-i-fh95npoc.
PROMPT> ec2-cancel-conversion-task import-i-fh95npoc
CONVERSION-TASK import-i-fh95npoc
If the task fails, you receive the following error:
Client.DeleteConversionTask Error: Failed to delete conversion task import-i-
fh95npoc
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CancelConversionTask
Related Commands
• ec2-delete-disk-image (p. 179)
• ec2-describe-conversion-tasks (p. 260)
• ec2-import-instance (p. 495)
• ec2-import-volume (p. 506)
• ec2-resume-import (p. 613)
API Version 2013-08-15
64
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-cancel-export-task
Description
Cancels an active export task. The command removes all artifacts of the export, including any partially
created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk
image, the command fails and returns an error.
The short version of this command is ec2cxt.
Syntax
ec2-cancel-export-task task_id
Options
Description Name
The ID of the export task. This is the ID returned by
ec2-create-instance-export-task.
Type: String
Default: None
Required: Yes
Example: export-i-fgelt0i7
task_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
65
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-export-task
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
66
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The EXPORT-TASK identifier
• The ID of the export task
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command cancels the export task with the ID export-i-fgelt0i7.
PROMPT> ec2-cancel-export-task export-i-fgelt0i7
EXPORT-TASK export-i-fgelt0i7
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CancelExportTask
Related Commands
• ec2-create-instance-export-task (p. 102)
• ec2-describe-export-tasks (p. 273)
API Version 2013-08-15
67
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-cancel-reserved-instances-listing
Description
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
For more information about Reserved Instance Marketplace, see Reserved Instance Marketplace in the
Amazon Elastic Compute Cloud User Guide.
Syntax
ec2-cancel-reserved-instances-listing LISTING
Options
Description Name
The ID of the Reserved Instance listing to be canceled.
Type: String
Required: Yes
Default: None
LISTING
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
68
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-reserved-instances-listing
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
69
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
The command returns a table that contains the following information:
The listing information
• The LISTING identifier
• Reserved Instance listing ID
• Reserved Instance ID
• Create Date
• Update Date
• Status
• Status Message
One or more rows that contain instance count information
• The INSTANCE-COUNT identifier
• The instance count state
• The instance count
One or more rows that contain price schedule information
• The PRICE-SCHEDULE identifier
• The term
• The price
• Whether or not the schedule is active
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command cancels a Reserved Instance listing in the Reserved Instance Marketplace.
PROMPT> ec2-cancel-reserved-instances-listing 095c0e18-c9e6-4692-97e5-653e0ex
ample
Amazon EC2 returns output similar to the following:
PROMPT> ec2-cancel-reserved-instances-listing
Type ReservedInstancesListingId ReservedInstancesId CreateDate UpdateDate Status
StatusMessage
LISTING 095c0e18-c9e6-4692-97e5-653e0example b847fa93-c736-4eae-bca1-e3147example
Tue Aug 28 18:21:07 PDT 2012 Tue Aug 28 18:21:07 PDT 2012 cancelled cancelled
INSTANCE-COUNT available 0
INSTANCE-COUNT sold 0
INSTANCE-COUNT cancelled 1
INSTANCE-COUNT pending 0
PRICE-SCHEDULE 5 $1.2 true
API Version 2013-08-15
70
Amazon Elastic Compute Cloud CLI Reference
Output
PRICE-SCHEDULE 4 $1.2 false
PRICE-SCHEDULE 3 $1.2 false
PRICE-SCHEDULE 2 $1.2 false
PRICE-SCHEDULE 1 $1.2 true
Related Operations
• ec2-describe-reserved-instances-listings (p. 358)
• ec2-create-reserved-instances-listing (p. 128)
• ec2-describe-reserved-instances (p. 352)
API Version 2013-08-15
71
Amazon Elastic Compute Cloud CLI Reference
Related Operations
ec2-cancel-spot-instance-requests
Description
Cancels one or more Spot Instance requests. Spot Instances are instances that Amazon EC2 starts on
your behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2
periodically sets the Spot Price based on available Spot Instance capacity and current Spot Instance
requests. For more information about Spot Instances, see Spot Instances in the Amazon Elastic Compute
Cloud User Guide.
Important
Canceling a Spot Instance request does not terminate running Spot Instances associated with
the request.
The short version of this command is ec2csir.
Syntax
ec2-cancel-spot-instance-requests request_id [request_id...]
Options
Description Name
One or more Spot Instance request IDs.
Type: String
Default: None
Required: Yes
Example: sir-8456a32b
request_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
72
Amazon Elastic Compute Cloud CLI Reference
ec2-cancel-spot-instance-requests
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
73
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SPOTINSTANCEREQUEST identifier
• The Spot Instance request ID
• The current state
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command cancels a Spot Instance request.
PROMPT> ec2-cancel-spot-instance-requests sir-1a2b3c4d sir-2a2b3c4d
SPOTINSTANCEREQUEST sir-1a2b3c4d cancelled
SPOTINSTANCEREQUEST sir-2a2b3c4d cancelled
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CancelSpotInstanceRequests
Related Commands
• ec2-describe-spot-instance-requests (p. 394)
• ec2-describe-spot-price-history (p. 402)
• ec2-request-spot-instances (p. 589)
API Version 2013-08-15
74
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-confirm-product-instance
Description
Determines whether a product code is associated with an instance. This command can only be run by
the owner of the product code. It is useful when a product code owner needs to verify whether another
user's instance is eligible for support.
The short version of this command is ec2cpi.
Syntax
ec2-confirm-product-instance product_code -i instance_id
Options
Description Name
The product code. This must be an Amazon DevPay product
code that you own.
Type: String
Default: None
Required: Yes
Example: 774F4FF8
product_code
The instance.
Type: String
Default: None
Required: Yes
Example: -i i-10a64379
-i instance_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
75
Amazon Elastic Compute Cloud CLI Reference
ec2-confirm-product-instance
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
76
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The product code
• The ID of the instance
• A Boolean value indicating whether the product code is attached to the instance
• The instance owner's account ID (if the product code is attached)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command determines whether the specified product code is associated with the specified
instance.
PROMPT> ec2-confirm-product-instance 774F4FF8 -i i-10a64379
774F4FF8 i-10a64379 true 111122223333
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ConfirmProductInstance
Related Commands
• ec2-describe-instances (p. 307)
• ec2-run-instances (p. 624)
API Version 2013-08-15
77
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-copy-image
Description
Initiates the copy of an AMI from the specified source region to the specified destination region.
The short version of this command is ec2cpimg.
Syntax
At a command prompt, switch to the destination region, and then type the following:
ec2-copy-image -r source_region -s source_ami_id [-n ami_name] [-d
ami_description] [-c token]
Options
Description Name
The name of the region that contains the AMI to be copied
(source).
Type: String
Default: None
Required: Yes
Example: us-west-2
-r, --source-region
source_region
The ID of the AMI to copy.
Type: String
Default: None
Required: Yes
Example: ami-4fa54026
-s, --source-ami-id
source_ami_id
The name of the new AMI in the destination region.
Type: String
Default: Same name as the AMI being copied.
Required: No
Example: My-Standard-AMI
-n, --name ami_name
A description for the new AMI in the destination region.
Type: String
Default: Same description as the AMI being copied.
Constraints: Up to 255 characters.
Required: No
Example: -d "This is the new version of My-Standard-AMI"
-d, --description
ami_description
API Version 2013-08-15
78
Amazon Elastic Compute Cloud CLI Reference
ec2-copy-image
Description Name
Unique, case-sensitive identifier you provide to ensure
idempotency of the request. For more information, see How
to Ensure Idempotency in the Amazon Elastic Compute Cloud
User Guide.
Type: String
Default: None
Constraints: Up to 255 characters
Required: No
Example: 550e8400-e29b-41d4-a716-446655440000
-c, --client-token token
Tip
You can use the common option --region to specify the destination region.
Output
This command returns a table that contains the following information:
• The IMAGE identifier
• The ID of the new image
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command copies the AMI with the ID ami-4d3c2b1a in region us-west-2, naming the new
AMI My-Standard-AMI:
PROMPT> ec2-copy-image -r us-west-2 -i ami-4d3c2b1a -n "My-Standard-AMI" -d
"This is a copy of ami-4fa54026 --My-standard-AMI-- from us-west-2" -c 550e8400-
e29b-41d4-a716-46655440001
IMAGE ami-1a2b3c4d
Example 2
This example command copies the AMI with the ID ami-4d3c2b1a in region us-east-1 to ap-northeast-1,
naming the new AMI My-Standard-AMI:
PROMPT> ec2-copy-image -r us-east-1 --region ap-northeast-1 -i ami-4d3c2b1a -n
"My-Standard-AMI" -d "This is a copy of ami-4fa54026 --My-Standard-AMI-- from
us-east-1" -c 550e8400-e29b-41d4-a716-46655440000
IMAGE ami-1a2b3c4d
API Version 2013-08-15
79
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CopyImage
Related Commands
• ec2-describe-images (p. 286)
• ec2-deregister (p. 239)
API Version 2013-08-15
80
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-copy-snapshot
Description
Copies a point-in-time snapshot of an Amazon Elastic Block Store (Amazon EBS) volume and stores it
in Amazon Simple Storage Service (Amazon S3). You can copy the snapshot within the same region or
from one region to another.You can use the snapshot to create Amazon EBS volumes or Amazon Machine
Images (AMIs). For more information about Amazon EBS, see Amazon Elastic Block Store (Amazon
EBS).
The short version of this command is ec2cpsnap.
Syntax
ec2-copy-snapshot -r source_region -s source_snapshot_id [-d description]
Options
Description Name
The name of the region that contains the snapshot to be
copied.
Type: String
Default: None
Required: Yes
Example: us-west-1
-r, --source-region
source_region
The ID of the Amazon EBS snapshot to copy.
Type: String
Default: None
Required: Yes
Example: snap-4d826724
-s, --source-snapshot-id
source_snapshot_id
A description for the destination Amazon EBS snapshot.
Type: String
Default: The source's snapshot description or "[Copied from
SOURCE_REGION]" if source snapshot doesn't have a
description.
Constraints: Up to 255 characters.
Required: No
Example: -d "Copy of user data from us-west-1"
-d, --description description
API Version 2013-08-15
81
Amazon Elastic Compute Cloud CLI Reference
ec2-copy-snapshot
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
82
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SNAPSHOT identifier
• The ID of the new snapshot
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command copies the snapshot in the us-west-1 region with the ID snap-1a2b3c4d.
PROMPT> ec2-copy-snapshot -r us-west-1 -s snap-1a2b3c4d --description "Copy of
user data from us-west-1"
SNAPSHOT snap-2a2b3c4d
API Version 2013-08-15
83
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CopySnapshot
Related Commands
• ec2-create-snapshot (p. 139)
• ec2-delete-snapshot (p. 211)
• ec2-describe-snapshots (p. 385)
API Version 2013-08-15
84
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-create-customer-gateway
Description
Provides information to AWS about your VPN customer gateway device. The customer gateway is the
appliance at your end of the VPN connection. (The device on the AWS side of the VPN connection is the
virtual private gateway.) You must provide the Internet-routable IP address of the customer gateway's
external interface. The IP address must be static and can't be behind a device performing network address
translation (NAT).
You must provide the Internet-routable IP address of the customer gateway's external interface. The IP
address must be static and can't be behind a device performing network address translation (NAT).
For devices that use Border Gateway Protocol (BGP), you can also provide the device's BGP Autonomous
System Number (ASN). You can use an existing ASN assigned to your network. If you don't have an ASN
already, you can use a private ASN (in the 64512 - 65534 range).
Note
Amazon EC2 supports all 2-byte ASN numbers in the range of 1 - 65534, with the exception of
7224, which is reserved in the US East (Northern Virginia) Region, and 9059, which is reserved
in the EU (Ireland) Region.
For more information about ASNs, see the Wikipedia article.
For more information about VPN customer gateways, see Adding a Hardware Virtual Private Gateway
to Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2addcgw.
Syntax
ec2-create-customer-gateway -t type -i ip_address -b bgp_asn
Options
Description Name
The type of VPN connection this customer gateway supports.
Type: String
Valid values: ipsec.1
Default: None
Required: Yes
Example: -t ipsec.1
-t type
The Internet-routable IP address for the customer gateway's
outside interface. The address must be static.
Type: String
Default: None
Required: Yes
Example: -i 12.1.2.3
-i ip_address
API Version 2013-08-15
85
Amazon Elastic Compute Cloud CLI Reference
ec2-create-customer-gateway
Description Name
For devices that support BGP, the customer gateway's Border
Gateway Protocol (BGP) Autonomous System Number (ASN).
Type: Integer
Default: None
Required: Yes
Example: -b 65534
-b bgp_asn
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
86
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The CUSTOMERGATEWAY identifier
• The customer gateway ID, which uniquely identifies the customer gateway
• The current state of the customer gateway (pending, available, deleting, deleted)
• The type of VPN connection the customer gateway supports
• The Internet-routable IP address for the customer gateway's outside interface
• The customer gateway's BGP ASN
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
87
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command passes information to AWS about the customer gateway with the IP address
12.1.2.3 and ASN 65534.
PROMPT> ec2-create-customer-gateway -t ipsec.1 -i 12.1.2.3 -b 65534
CUSTOMERGATEWAY cgw-b4dc3961 pending ipsec.1 12.1.2.3 65534
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateCustomerGateway
Related Commands
• ec2-delete-customer-gateway (p. 173)
• ec2-describe-customer-gateways (p. 263)
API Version 2013-08-15
88
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-dhcp-options
Description
Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC,
causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The
following table lists the individual DHCP options you can specify. For more information about the options,
see RFC 2132.
Description DHCP Option Name
The IP addresses of up to four domain name servers, or
AmazonProvidedDNS. The default DHCP option set specifies
AmazonProvidedDNS.
domain-name-servers
If you're using AmazonProvidedDNS in US East (Northern Virginia) Region,
specify compute-1.amazonaws.com. If you're using AmazonProvidedDNS in
another region, specify region.compute.amazonaws.com. Otherwise, specify
a domain name (for example, MyCompany.com).
domain-name
The IP addresses of up to four Network Time Protocol (NTP) servers. ntp-servers
The IP addresses of up to four NetBIOS name servers. netbios-name-servers
The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2
(broadcast and multicast are not currently supported). For more information
about these node types, see RFC 2132.
netbios-node-type
Important
By default, your VPC has a set of DHCP options that includes only a DNS server that we provide
(AmazonProvidedDNS). If you create a set of DHCP options, and your VPC has an Internet
gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS
or to a domain name server of your choice.
For more information about DHCP options sets, see DHCP Options Sets in the Amazon Virtual Private
Cloud User Guide.
The short version of this command is ec2adddopt.
Syntax
ec2-create-dhcp-options name=value[,value...] [ name=value[,value...] ... ]
API Version 2013-08-15
89
Amazon Elastic Compute Cloud CLI Reference
ec2-create-dhcp-options
Options
Description Name
The DHCP option (including the option's name and its value).
You can specify more than one option in the request, and
more than one value per option. If you're using the command
line tools on a Windows system, you might need to use
quotation marks (for example, "name=value,value").
Type: String
Default: None
Required: Yes
Example: "domain-name-servers=10.2.5.1,10.2.5.2"
name=value,value
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
API Version 2013-08-15
90
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The DHCPOPTIONS identifier
• The ID of the DHCP options set
• The OPTION identifier
• The name of the option and its value
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
91
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command creates a set of DHCP options with a domain name mydomain.com and two
DNS servers (10.2.5.1 and 10.2.5.2).
PROMPT> ec2-create-dhcp-options "domain-name=mydomain.com" "domain-name-serv
ers=10.2.5.1,10.2.5.2"
DHCPOPTIONS dopt-7a8b9c2d
OPTION domain-name mydomain.com
OPTION domain-name-servers 10.2.5.1,10.2.5.2
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateDhcpOptions
Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-delete-dhcp-options (p. 176)
• ec2-describe-dhcp-options (p. 268)
API Version 2013-08-15
92
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-group
Description
Creates a security group.
Important
EC2-Classic: You can create up to 500 security groups.
EC2-VPC: You can create up to 100 security groups per VPC.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For
more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide
and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
When you create a security group, you specify a friendly name of your choice. You can have a security
group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you
can't have two security groups for use in EC2-Classic with the same name or two security groups for use
in a VPC with the same name.
You have a default security group for EC2-Classic and a default security group for your VPC. If you don't
specify a security group when you launch an instance, the instance is launched into the appropriate default
security group. A default security group includes a default rule that grants instances unrestricted network
access to each other.
You can add or remove rules from your security groups using the ec2-authorize and ec2-revoke
commands.
The short version of this command is ec2addgrp.
Syntax
ec2-create-group group_name -d description [-c vpc_id]
Options
Description Name
The name of the security group.
Type: String
Default: None
Constraints: Up to 255 characters in length
Constraints for EC2-Classic: ASCII characters
Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and
._-:/()#,@[]+=&;{}!$*
Required: Yes
Example: websrv
group_name
API Version 2013-08-15
93
Amazon Elastic Compute Cloud CLI Reference
ec2-create-group
Description Name
A description for the security group. This is informational only.
Type: String
Default: None
Constraints: Up to 255 characters in length
Constraints for EC2-Classic: ASCII characters
Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and
._-:/()#,@[]+=&;{}!$*
Required: Yes
Example: -d "Web Servers"
-d, --description description
[EC2-VPC] The ID of the VPC.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-VPC
Example: -c vpc-1a2b3c4d
-c, --vpc vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
94
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
API Version 2013-08-15
95
Amazon Elastic Compute Cloud CLI Reference
Output
• The GROUP identifier
• The ID of the new security group
• The name of the security group
• The description of the security group
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command creates a security group named websrv for EC2-Classic.
PROMPT> ec2-create-group websrv -d "Web Servers"
GROUP sg-1a2b3c4d websrv Web Servers
Example 2
This example command creates a security group named WebServerSG for the VPC with the ID
vpc-3325caf2.
PROMPT> ec2-create-group WebServerSG -d "Web Servers" -c vpc-3325caf2
GROUP sg-0a42d66a WebServerSG Web Servers
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateSecurityGroup
Related Commands
• ec2-authorize (p. 47)
• ec2-delete-group (p. 182)
• ec2-describe-group (p. 276)
• ec2-revoke (p. 618)
• ec2-run-instances (p. 624)
API Version 2013-08-15
96
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-image
Description
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or
stopped.
Note
If you customized your instance with instance store volumes or Amazon EBS volumes in addition
to the root device volume, the new AMI contains block device mapping information for those
volumes. When you launch an instance from this new AMI, the instance automatically launches
with those additional volumes.
For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute
Cloud User Guide.
The short version of this command is ec2cim.
Syntax
ec2-create-image instance_id --name name [--description description]
[--no-reboot] [-b, --blockdevicemapping mapping ]
Options
Description Name
The ID of the instance.
Type: String
Default: None
Required: Yes
Example: i-10a64379
instance_id
A name for the new image.
Type: String
Default: None
Constraints: 3-128 alphanumeric characters, parenthesis (()),
commas (,), slashes (/), dashes (-), or underscores(_). Allows
spaces if the name is enclosed in quotation marks.
Required: Yes
Example: -n "Standard Web Server"
-n, --name name
A description for the new image.
Type: String
Default: None
Constraints: Up to 255 characters
Required: No
Example: -d Fedora_v11
-d, --description description
API Version 2013-08-15
97
Amazon Elastic Compute Cloud CLI Reference
ec2-create-image
Description Name
When this option is absent, Amazon EC2 attempts to cleanly
shut down the instance before image creation and reboots
the instance. When this option is used, Amazon EC2 doesn't
shut down the instance before creating the image; therefore,
file system integrity on the created image can't be guaranteed.
Type: Boolean
Default: false
Required: No
Example: --no-reboot
--no-reboot
The block device mapping for the instance. This argument is
passed in the form of
=. The
devicename is the device name of the physical device on
the instance to map. The blockdevice can be one of the
following values:
• none - Suppresses an existing mapping of the device from
the AMI used to launch the instance. For example:
"/dev/sdc=none".
• ephemeral[0..3] - An instance store volume to be
mapped to the device. For example:
"/dev/sdc=ephemeral0".
• [snapshot-id]:[volume-size]:[true|false]:[standard|io1[:iops]]
- An EBS volume to be mapped to the device. [snapshot-id]
To create a volume from a snapshot, specify the snapshot
ID. [volume-size] To create an empty EBS volume, omit
the snapshot ID and specify a volume size instead. For
example: "/dev/sdh=:20". [delete-on-termination] To
prevent the volume from being deleted on termination of
the instance, specify false. The default is true.
[volume-type] To create a Provisioned IOPS volume, specify
io1. The default volume type is standard. If the volume
type is io1, you can also provision the number of IOPS
that the volume supports. For example,
"/dev/sdh=snap-7eb96d16::false:io1:500".
You can specify multiple blockdevicemapping arguments
in one call.
For more information, see Block Device Mapping in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: -b "/dev/sdc=snap-7eb96d16:100:false:io1:500"
Note
On Windows, the mapping argument must be
enclosed in double quotes, as shown in the example.
-b, --block-device-mapping
mapping
API Version 2013-08-15
98
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
99
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The IMAGE identifier
• The ID of the new AMI
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates an AMI from the instance with the ID i-10a64379.
PROMPT> ec2-create-image i-10a64379 --name "Standard Web Server" --description
"Standard web server AMI"
IMAGE ami-4fa54026
API Version 2013-08-15
100
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateImage
Related Commands
• ec2-describe-instances (p. 307)
• ec2-run-instances (p. 624)
• ec2-terminate-instances (p. 644)
API Version 2013-08-15
101
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-create-instance-export-task
Description
Exports a running or stopped instance to an Amazon S3 bucket. For information about the supported
operating systems, image formats, and known limitations for the types of instances you can export, see
Exporting EC2 Instances in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2addixt.
Syntax
ec2-create-instance-export-task instance_id -e target_environment -f
disk_image_format [-c container_format] -b S3_bucket [-p S3_prefix] [-d
description]
Options
Description Name
The ID of the instance.
Required: Yes
instance_id
The target environment. VMware supports VMware 4 and 5.
Citrix targets Xen 6.
Type: String
Valid values: vmware | citrix
Required: Yes
-e, --target-environment
target_environment
The disk image file format used to represent the exported
disk.
Type: String
Valid values: vmdk | vhd
Default: If -e = vmware, then -f = vmdk; otherwise vhd
Required: No
-f, --disk-image-format
disk_image_format
The container format used to combine disk images with
metadata (such as OVF). If absent, only the disk image will
be exported.
Type: String
Valid values: OVA
Default: If -e = VMware, then -c = OVA; otherwise empty
Required: No
-c, --container-format
container_format
The name of the destination Amazon S3 bucket where the
file will be exported. The destination bucket must exist and
grant WRITE and READ_ACL permissions to the AWS
account [email protected].
Type: String
Required: Yes
-b, --bucket S3_bucket
API Version 2013-08-15
102
Amazon Elastic Compute Cloud CLI Reference
ec2-create-instance-export-task
Description Name
The prefix for the Amazon S3 key (object name) used for the
exported file. The maximum length is 1000 bytes of UTF-8
character encoding. The final key is composed from this prefix
(if supplied), the export-task-id, and other relevant parameters.
Type: String
Required: No
Example: my-export-, incoming/vm-export/
-p, --prefix S3_prefix
A description for the conversion task or the resource being
exported. The maximum length is 255 bytes.
Type: String
Required: No
-d, --description description
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
API Version 2013-08-15
103
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The EXPORTTASK identifier
• The ID of the export task
• The state of the conversion task (active | cancelling | cancelled | completed)
• The instance being exported
API Version 2013-08-15
104
Amazon Elastic Compute Cloud CLI Reference
Output
• The target virtualization environment (vmware | citrix)
• The format for the exported image (vmdk | vhd)
• The Amazon S3 bucket for the destination image.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a task to export an instance.
PROMPT> ec2-create-instance-export-task i-38e485d8 -e vmware -f vmdk -c ova -b
myexportbucket
EXPORTTASK export-i-fgelt0i7 active i-38e485d8 vmware vmdk
myexportbucket export-i-fgelt0i7.vmdk
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateInstanceExportTask
Related Commands
• ec2-cancel-export-task (p. 65)
• ec2-describe-export-tasks (p. 273)
API Version 2013-08-15
105
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-internet-gateway
Description
Creates an Internet gateway for use with a VPC. After creating the Internet gateway, you attach it to a
VPC using ec2-attach-internet-gateway.
For more information about your VPC and Internet gateway, see the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2addigw.
Syntax
ec2-create-internet-gateway
Options
This command has no options.
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
106
Amazon Elastic Compute Cloud CLI Reference
ec2-create-internet-gateway
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
API Version 2013-08-15
107
Amazon Elastic Compute Cloud CLI Reference
Output
• The INTERNETGATEWAY identifier
• The ID of the Internet gateway
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates an Internet gateway.
PROMPT> ec2-create-internet-gateway
INTERNETGATEWAY igw-c0a643a9
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateInternetGateway
Related Commands
• ec2-attach-internet-gateway (p. 34)
• ec2-delete-internet-gateway (p. 186)
• ec2-describe-internet-gateways (p. 320)
• ec2-detach-internet-gateway (p. 454)
API Version 2013-08-15
108
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-keypair
Description
Creates a 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays
the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded
PKCS#8 private key. If a key with the specified name already exists, Amazon EC2 returns an error.
You can have up to five thousand key pairs per region.
Tip
The key pair returned to you is available only in the region in which you create it. To create a
key pair that is available in all regions, use ec2-import-keypair (p. 502).
For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2addkey.
Syntax
ec2-create-keypair key
Options
Description Name
A unique name for the key pair.
Type: String
Default: None
Constraints: Accepts alphanumeric characters, spaces,
dashes, and underscores.
Required: Yes
Example: my-key-pair
key
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
109
Amazon Elastic Compute Cloud CLI Reference
ec2-create-keypair
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
110
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The KEYPAIR identifier
• The name of the key pair
• The private key fingerprint
• The private key contents
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a key pair named my-key-pair.
PROMPT> ec2-create-keypair my-key-pair
KEYPAIR my-key-pair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
---- BEGIN RSA PRIVATE KEY ----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE
-----END RSA PRIVATE KEY-----
Create a file named my-key-pair.pem and paste the entire key in this file, including the following lines.
"---- BEGIN RSA PRIVATE KEY ----"
"-----END RSA PRIVATE KEY-----"
API Version 2013-08-15
111
Amazon Elastic Compute Cloud CLI Reference
Output
Confirm that the file contents are similar to the following and save the file to a local directory.
---- BEGIN RSA PRIVATE KEY ----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE
-----END RSA PRIVATE KEY-----
Keep this file in a safe place; it is required to decrypt login information when you connect to an instance
that you launched using this key pair.
If you're using an SSH client on a Linux computer to connect to your instance, use the following command
to set the permissions of your private key file so that only you can read it.
$ chmod 400 my-key-pair.pem
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateKeyPair
Related Commands
• ec2-delete-keypair (p. 189)
• ec2-describe-keypairs (p. 324)
• ec2-run-instances (p. 624)
API Version 2013-08-15
112
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-create-network-acl
Description
Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (on top of security
groups) for the instances in your VPC.
For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2addnacl.
Syntax
ec2-create-network-acl vpc_id
Options
Description Name
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: vpc-9ea045f7
vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
113
Amazon Elastic Compute Cloud CLI Reference
ec2-create-network-acl
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
114
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The NETWORKACL identifier
• The ACL ID
• The ID of the VPC for the network ACL
• The default ENTRY elements
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a network ACL in the VPC with the ID vpc-11ad4878. Notice that the
response includes a default entry for egress, and another for ingress, each with a very high rule number
(32767). These are the last entries that we process to decide whether traffic is allowed into our out of an
associated subnet. If the traffic doesn't match any rules with a lower rule number, then these default
entries ultimately deny the traffic. The -1 means all protocols and ports.
PROMPT> ec2-create-network-acl vpc-11ad4878
NETWORKACL acl-5fb85d36 vpc-11ad4878
ENTRY egress 32767 deny 0.0.0.0/0 all
ENTRY ingress 32767 deny 0.0.0.0/0 all
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateNetworkAcl
Related Commands
• ec2-delete-network-acl (p. 192)
• ec2-describe-network-acls (p. 328)
• ec2-replace-network-acl-association (p. 569)
API Version 2013-08-15
115
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-create-network-acl-entry
Description
Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set
of numbered ingress rules and a separate set of numbered egress rules. When determining whether a
packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the
ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and
a separate set of egress rules.
Tip
We recommend that you leave room between the rule numbers (for example, 100, 110, 120,
...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes
it easier to add a new rule between existing ones without having to renumber the rules.
After you add an entry, you can't modify it; you must either replace it or create a new entry and delete
the old one.
For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2addnae.
Syntax
ec2-create-network-acl-entry acl_id -n rule_number [--egress] -P protocol -r
cidr [-p port_range] [-t icmp_type_code] { --allow | --deny }
Options
Description Name
The ID of the ACL for the entry.
Type: String
Default: None
Required: Yes
Example: acl-5fb85d36
acl_id
The rule number to assign to the entry (for example, 100).
ACL entries are processed in ascending order by rule number.
Type: Number
Default: None
Constraints: Positive integer from 1 to 32766
Required: Yes
Example: -n 100
-n, --rule-number rule_number
Indicates that the rule be applied to traffic leaving the subnet.
Default: If not specified, the rule applies to ingress traffic into
the subnet.
Required: No
--egress
API Version 2013-08-15
116
Amazon Elastic Compute Cloud CLI Reference
ec2-create-network-acl-entry
Description Name
The IP protocol. You can specify all or -1 to mean all
protocols.
Type: String
Valid values: all | -1 | tcp | udp | icmp or any protocol
number (for a list, see Protocol Numbers).
Required: Yes
Example: -P 6
-P, --protocol protocol
The CIDR range to allow or deny, in CIDR notation.
Type: String
Default: None
Required: Yes
Example: -r 172.16.0.0/24
-r, --cidr cidr
For TCP or UDP: The range of ports to allow.
Type: String
Valid values: A single integer or a range (min-max). You can
specify -1 to mean all ports (for example, port range 0-65535).
Default: None
Required: Conditional
Condition: Required if specifying tcp or udp (or the equivalent
number) for the protocol.
Example: -p 80-84
-p, --port-range port_range
For ICMP: The ICMP type and code using format type:code,
where both are integers. You can use -1 for the type or code
to mean all types or all codes
Type: String
Default: None
Required: Conditional
Condition: Required if specifying icmp (or the equivalent
number) for the protocol.
Example: -t -1:-1
-t, --icmp-type-code
icmp_type_code
Specifies that any traffic matching the rule is allowed.
Required: Conditional
Condition: You must specify either --allow or --deny, but not
both options.
--allow
Specifies that any traffic matching the rule is denied.
Required: Conditional
Condition: You must specify either --allow or --deny, but not
both.
--deny
API Version 2013-08-15
117
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
118
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ENTRY identifier
• The traffic allowed or denied (ingress | egress)
• The rule number
• Indicates what to do with the traffic (allow | deny)
• The CIDR range to allow or deny
• The protocol
• The first port in the range
• The last port in the range
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
119
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command creates an entry with rule number 100 in the network ACL with the ID
acl-2cb85d45. The rule allows ingress traffic from anywhere (0.0.0.0/0) on UDP port 53 into any
associated subnet.
PROMPT> ec2-create-network-acl-entry acl-2cb85d45 -n 100 -r 0.0.0.0/0 -P udp -
p 53 --allow
ENTRY ingress 100 allow 0.0.0.0/0 udp 53
53
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateNetworkAclEntry
Related Commands
• ec2-delete-network-acl-entry (p. 195)
• ec2-describe-network-acls (p. 328)
• ec2-replace-network-acl-entry (p. 572)
API Version 2013-08-15
120
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-network-interface
Description
Creates a network interface in the specified subnet.
For more information about network interfaces, see Elastic Network Interfaces in the Amazon Elastic
Compute Cloud User Guide.
The short version of this command is ec2addnic.
Syntax
ec2-create-network-interface -d, --description description [--private-ip-address
ip_address] [--secondary-private-ip-address ip_address]
[--secondary-private-ip-address-count address_count] [-g, --group
security_group_id]
Options
Description Name
A description for the network interface.
Type: String
Default: None
Required: No
Example: -d "My ENI"
-d, --description description
The primary private IP address of the network interface. If
you don't specify an IP address, Amazon EC2 selects one
from the subnet range.
Type: String
Default: None
Required: No
Example: --private-ip-address 10.0.2.17
--private-ip-address ip_address
The IP address to be assigned as a secondary private IP
address to the network interface. You can use this option
multiple times to assign multiple secondary IP addresses to
the network interface.
If you don't specify an IP address, Amazon EC2 selects one
from the subnet range.
You can't specify this parameter when also specifying
--secondary-private-ip-address-count.
Type: String
Default: None
Required: No
Example: --secondary-private-ip-address 10.0.2.18
-secondary-private-ip-address 10.0.2.28
--secondary-private-ip-address
ip_address
API Version 2013-08-15
121
Amazon Elastic Compute Cloud CLI Reference
ec2-create-network-interface
Description Name
The number of secondary IP addresses to assign to the
network interface. You can't specify this parameter when you
also specify --secondary-private-ip-address.
Type: Integer
Default: None
Required: No
Example: --secondary-private-ip-address-count 2
--secondary-private-ip-address-count
address_count
A security group to add to the network interface. You can use
this option multiple times to add multiple groups.
Type: String
Default: None. If no security group is specified, the interface
will become a member of the default security group.
Required: No
Example: -g sg-bba1bcd7 -g sg-6d495601
-g, --group security_group_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
API Version 2013-08-15
122
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the ENI ID for the network interface that was created, along with the subnet ID,
VPC ID, Availability Zone, private IP addresses, and security group membership.
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
123
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command creates a network interface in the specified subnet.
PROMPT> ec2-create-network-interface -d "My ENI" -g sg-bba1bcd7 --private-ip-
address 10.0.2.17 subnet-fd04ff94
NETWORKINTERFACE eni-3b9f6552 My ENI subnet-fd04ff94 vpc-e604ff8f us-east-
1b 089818748305 false pending 02:1a:80:41:52:9c 10.0.2.17 true
GROUP sg-bba1bcd7 default
PRIVATEIPADDRESS 10.0.2.17
Example 2
This example command creates a network interface address with a primary private IP address of
10.0.0.117, and two secondary private IP addresses: one secondary private IP address of 10.0.0.118
and another secondary private IP address that is selected by Amazon EC2.
PROMPT> ec2-create-network-interface -d "My ENI" -g sg-b1b508d8 --private-ip-
address 10.0.0.117 --secondary-private-ip-address 10.0.0.118 subnet-b1b508d8
NETWORKINTERFACE eni-f907b890 My ENI subnet-b1b508d8 vpc-a2b508cb ap-
southeast-1a 013274050172 false pending 02:75:42:60:6c:05
10.0.0.117 true
GROUP sg-82b3a1ee default
PRIVATEIPADDRESS 10.0.0.117
PRIVATEIPADDRESS 10.0.0.118
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateNetworkInterface
Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
124
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-placement-group
Description
Creates a placement group that you launch cluster instances into.You must give the group a name unique
within the scope of your account.
For more information about placement groups and cluster instances, see Cluster Instances in the Amazon
Elastic Compute Cloud User Guide.
The short version of this command is ec2addpgrp.
Syntax
ec2-create-placement-group placement_group -s strategy
Options
Description Name
A name for the placement group.
Type: String
Default: None
Required: Yes
Example: XYZ-cluster
placement_group
The placement strategy.
Type: String
Valid values: cluster
Default: cluster
Required: Yes
Example: -s cluster
-s strategy
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
125
Amazon Elastic Compute Cloud CLI Reference
ec2-create-placement-group
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
126
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The PLACEMENTGROUP identifier
• The placement group name
• The placement strategy
• The state of the placement group
Examples
Example
This example command creates a placement group named XYZ-cluster.
PROMPT> ec2-create-placement-group XYZ-cluster -s cluster
PLACEMENTGROUP XYZ-cluster cluster available
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreatePlacementGroup
Related Commands
• ec2-delete-placement-group (p. 202)
• ec2-describe-placement-groups (p. 344)
API Version 2013-08-15
127
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-create-reserved-instances-listing
Description
Creates a listing for Amazon EC2 Reserved Instances that will be sold in the Reserved Instance
Marketplace. You can submit one Reserved Instance listing at a time.
The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that
they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought
from third-party sellers through the Reserved Instance Marketplace work like any other Reserved Instances.
If you want to sell your Reserved Instances, you must first register as a Seller in the Reserved Instance
Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace
listing of some or all of your Reserved Instances, and specify the upfront price you want to receive for
them. Your Reserved Instance listings then become available for purchase.
For more information about Reserved Instance Marketplace, see Reserved Instance Marketplace in the
Amazon Elastic Compute Cloud User Guide.
Syntax
ec2-create-reserved-instances-listing --reserved-instance RESERVED-INSTANCE
--instance-count INSTANCE-COUNT [--client-token TOKEN] MONTH:PRICE
[MONTH:PRICE[...]]
Options
Description Name
The ID of the active Reserved Instance.
Type: String
Default: None
Required: Yes
--reserved-instance
RESERVED-INSTANCE
The number of instances that are a part of a Reserved
Instance account that will be listed in the Reserved Instance
Marketplace. This number should be less or equal to the
instance count associated with the Reserved Instance ID
specified in this command.
Type: Integer
Default: Total number of Reserved Instances active for the
account
Required: Yes
--instance-count INSTANCE-COUNT
The price and schedule entry, using the format
MONTH:PRICE, where MONTH is the number of months and
PRICE is the numerical part of the price you want for the
specified months of the term. For example, 14:12.34 means
you want to sell 14 months at the price of $12.34.
Type: String
Default: None
Required: Yes
MONTH:PRICE
API Version 2013-08-15
128
Amazon Elastic Compute Cloud CLI Reference
ec2-create-reserved-instances-listing
Description Name
Unique, case-sensitive identifier you provide to ensure
idempotency of your listings. This helps avoid duplicate
listings. For more information, see Ensuring Idempotency in
the Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
--client-token TOKEN
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
129
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns a table that contains the following information:
The listing information
• The LISTING identifier
• Reserved Instance listing ID
• Reserved Instance ID
• Create Date
• Update Date
• Status
• Status Message
API Version 2013-08-15
130
Amazon Elastic Compute Cloud CLI Reference
Output
One or more rows that contain instance count information
• The INSTANCE-COUNT identifier
• The instance count state
• The instance count
One or more rows that contain price schedule information
• The PRICE-SCHEDULE identifier
• The term
• The price
• Whether or not the schedule is active
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a Reserved Instance Marketplace listing from the existing Reserved
Instance b847fa93-c736-4eae-bca1-e3147example, which has 5 months remaining in its term. In
this example, we set the upfront price at $1.20.
The command looks like this:
PROMPT> ec2-create-reserved-instances-listing --reserved-instance b847fa93-c736-
4eae-bca1-3147example --instance-count 1 05:01.20
Amazon EC2 returns output similar to the following:
Type ReservedInstancesListingId ReservedInstancesId CreateDate UpdateDate Status
StatusMessage
LISTING 095c0e18-c9e6-4692-97e5-653e0example b847fa93-c736-4eae-bca1-e3147example
Tue Aug 28 18:21:07 PDT 2012 Tue Aug 28 18:21:07 PDT 2012 active active
INSTANCE-COUNT available 1
INSTANCE-COUNT sold 0
INSTANCE-COUNT cancelled 0
INSTANCE-COUNT pending 0
PRICE-SCHEDULE 5 $1.2 true
PRICE-SCHEDULE 4 $1.2 false
PRICE-SCHEDULE 3 $1.2 false
PRICE-SCHEDULE 2 $1.2 false
PRICE-SCHEDULE 1 $1.2 true
Related Operations
• ec2-cancel-reserved-instances-listing (p. 68)
• ec2-describe-reserved-instances-listings (p. 358)
API Version 2013-08-15
131
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-route
Description
Creates a route in a route table within a VPC. The route's target can be an Internet gateway attached to
the VPC or a NAT instance in the VPC.
When determining how to route traffic, we use the route with the most specific match. For example, let's
say the traffic is destined for 192.0.2.3, and the route table includes the following two routes:
• 192.0.2.0/24 (goes to some target A)
• 192.0.2.0/28 (goes to some target B)
Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a
smaller number of IP addresses and is therefore more specific, so we use that route to determine where
to target the traffic.
For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2addrt.
Syntax
ec2-create-route route_table_id -r cidr {-g gateway_id | -i instance_id | -n
interface_id}
Options
Description Name
The ID of the route table for the route.
Type: String
Default: None
Required: Yes
Example: rtb-5da34634
route_table_id
The CIDR address block used for the destination match.
Routing decisions are based on the most specific match.
Type: String
Default: None
Required: Yes
Example: -r 0.0.0.0/0
-r, --cidr cidr
The ID of an Internet gateway attached to your VPC.
Type: String
Default: None
Required: Conditional
Condition:You must specify one of the following: --gateway,
--instance, or --network-interface.
Example: -g igw-68a34601
-g, --gateway gateway_id
API Version 2013-08-15
132
Amazon Elastic Compute Cloud CLI Reference
ec2-create-route
Description Name
The ID of a NAT instance in your VPC. The operation fails if
you specify an instance ID unless exactly one network
interface is attached.
Type: String
Default: None
Required: Conditional
Condition:You must specify one of the following: --gateway,
--instance, or --network-interface.
Example: -i i-a7c871e3
-i, --instance instance_id
The network interface associated with the route.
Type: String
Default: None
Required: Conditional
Condition:You must specify one of the following: --gateway,
--instance, or --network-interface.
Example: -n eni-5b729933
-n, --network-interface
interface_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
133
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
API Version 2013-08-15
134
Amazon Elastic Compute Cloud CLI Reference
Output
• The ROUTE identifier
• The ID of the target
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command creates a route in the route table with the ID rtb-e4ad488d. The route matches
all traffic (0.0.0.0/0) and routes it to the Internet gateway with the ID igw-eaad4883.
PROMPT> ec2-create-route rtb-e4ad488d -r 0.0.0.0/0 -g igw-eaad4883
ROUTE igw-eaad4883 0.0.0.0/0
Example 2
This example command creates a route in the route table with the ID rtb-g8ff4ea2. The route sends
all traffic (0.0.0.0/0) to the NAT instance with the ID i-1a2b3c4d.
PROMPT> ec2-create-route rtb-g8ff4ea2 -r 0.0.0.0/0 -i i-1a2b3c4d
ROUTE i-1a2b3c4d 0.0.0.0/0
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateRoute
Related Commands
• ec2-delete-route (p. 205)
• ec2-describe-route-tables (p. 376)
• ec2-replace-route (p. 576)
API Version 2013-08-15
135
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-route-table
Description
Creates a route table for the specified VPC. After you create a route table, you can add routes and
associate the table with a subnet.
For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2addrtb.
Syntax
ec2-create-route-table vpc_id
Options
Description Name
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: vpc-9ea045f7
vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
136
Amazon Elastic Compute Cloud CLI Reference
ec2-create-route-table
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
137
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ROUTETABLE identifier
• The ID of the route table
• The ID of the VPC
• Information about the default route for every new route table
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a route table for the VPC with the ID vpc-9ea045f7.
PROMPT> ec2-create-route-table vpc-9ea045f7
ROUTETABLE rtb-6aa34603 vpc-9ea045f7
ROUTE local active 172.16.0.0/16
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateRouteTable
Related Commands
• ec2-associate-route-table (p. 30)
• ec2-create-route (p. 132)
• ec2-delete-route-table (p. 208)
• ec2-describe-route-tables (p. 376)
• ec2-disassociate-route-table (p. 475)
• ec2-replace-route-table-association (p. 580)
API Version 2013-08-15
138
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-create-snapshot
Description
Creates a snapshot of an Amazon EBS volume and stores it in Amazon S3. You can use snapshots for
backups, to make copies of instance store volumes, and to save data before shutting down an instance.
When a snapshot is created, any AWS Marketplace product codes from the volume are propagated to
the snapshot.
You can take a snapshot of an attached volume that is in use. However, snapshots only capture data
that has been written to your Amazon EBS volume at the time the snapshot command is issued. This
may exclude any data that has been cached by any applications or the operating system. If you can pause
any file writes to the volume long enough to take a snapshot, your snapshot should be complete. However,
if you can't pause all file writes to the volume, you should unmount the volume from within the instance,
issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot.
You may remount and use your volume while the snapshot status is pending.
To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance
before taking the snapshot.
To unmount the volume in Linux/UNIX, use the following command:
umount -d device_name
Where device_name is the device name (for example, /dev/sdh).
To unmount the volume in Windows, open Disk Management, right-click the volume to unmount, and
select Change Drive Letter and Path. Select the mount point to remove, and then click Remove.
For more information about Amazon EBS, see Amazon Elastic Block Store in the Amazon Elastic Compute
Cloud User Guide.
The short version of this command is ec2addsnap.
Syntax
ec2-create-snapshot volume_id [-d description]
Options
Description Name
The ID of the Amazon EBS volume.
Type: String
Default: None
Required: Yes
Example: vol-4d826724
volume_id
API Version 2013-08-15
139
Amazon Elastic Compute Cloud CLI Reference
ec2-create-snapshot
Description Name
A description for the snapshot.
Type: String
Default: None
Constraints: Up to 255 characters
Required: No
Example: -d "Daily backup"
-d, --description description
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
140
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SNAPSHOT identifier
• The ID of the snapshot
• The ID of the volume
• The state of the snapshot (pending, completed, error)
• The time stamp when the snapshot initiated
• The percentage of completion
• The ID of the snapshot owner
• The size of the volume
• The description of the snapshot
API Version 2013-08-15
141
Amazon Elastic Compute Cloud CLI Reference
Output
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a snapshot of the volume with the ID vol-1a2b3c4d.
PROMPT> ec2-create-snapshot vol-1a2b3c4d --description "Daily Backup"
SNAPSHOT snap-1a2b3c4d vol-1a2b3c4d pending YYYY-MM-DDTHH:MM:SS+0000
111122223333 30 Daily Backup
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateSnapshot
Related Commands
• ec2-delete-snapshot (p. 211)
• ec2-describe-snapshots (p. 385)
API Version 2013-08-15
142
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-spot-datafeed-subscription
Description
Creates the data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create
one data feed per account. For more information about Spot Instances, see Spot Instances in the Amazon
Elastic Compute Cloud User Guide.
The short version of this command is ec2addsds.
Syntax
ec2-create-spot-datafeed-subscription --bucket bucket [--prefix prefix]
Options
Description Name
The Amazon S3 bucket in which to store the Spot Instance
datafeed.
Type: String
Default: None
Constraints: Must be a valid bucket associated with your
account.
Required: Yes
Example: -b myawsbucket
-b, --bucket bucket
A prefix for the datafeed file names.
Type: String
Default: None
Required: No
Example: -p spotdata_
-p, --prefix bucket
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
143
Amazon Elastic Compute Cloud CLI Reference
ec2-create-spot-datafeed-subscription
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
144
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SPOTDATAFEEDSUBSCRIPTION identifier
• The AWS account ID of the owner
• The Amazon S3 bucket where the data feed is located
• The prefix for the data feed file names
• The state (Active | Inactive)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates the data feed for the account.
PROMPT> ec2-create-spot-datafeed-subscription -b myawsbucket -p spotdata_
SPOTDATAFEEDSUBSCRIPTION 111122223333 myawsbucket spotdata_ Active
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateSpotDatafeedSubscription
Related Commands
• ec2-delete-spot-datafeed-subscription (p. 214)
• ec2-describe-spot-datafeed-subscription (p. 391)
API Version 2013-08-15
145
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-create-subnet
Description
Creates a subnet in an existing VPC.
When you create each subnet, you provide the ID of the VPC and the CIDR block you want for the subnet.
After you create a subnet, you can't change its CIDR block. The subnet's CIDR block can be the same
as the VPC's CIDR block (assuming you want only a single subnet in the VPC), or a subset of the VPC's
CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap.
The smallest subnet (and VPC) you can create uses a /28 netmask (16 IP addresses), and the largest
uses a /16 netmask (65,536 IP addresses).
Important
We reserve both the first four and the last IP address in each subnet's CIDR block. They're not
available for use.
If you add more than one subnet to a VPC, they're set up in a star topology with a logical router in the
middle. By default, you can create up to 20 subnets in a VPC. If you need more than 20 subnets, you
can request more by going to Request to Increase Amazon VPC Limits.
If you launch an instance in a VPC using an Amazon EBS-backed AMI, the IP address doesn't change
if you stop and restart the instance (unlike a similar instance launched outside a VPC, which gets a new
IP address when restarted). It's therefore possible to have a subnet with no running instances (they're all
stopped), but no remaining IP addresses available. For more information about Amazon EBS-backed
AMIs, see AMI Basics in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2addsubnet.
Syntax
ec2-create-subnet -c vpc_id -i cidr [ -z zone ]
Options
Description Name
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: -c vpc-1a2b3c4d
-c vpc_id
The CIDR block for the subnet.
Type: String
Default: None
Required: Yes
Example: -i 10.0.1.0/24
-i cidr
API Version 2013-08-15
146
Amazon Elastic Compute Cloud CLI Reference
ec2-create-subnet
Description Name
The Availability Zone for the subnet.
Type: String
Default: Amazon EC2 selects one for you (recommended).
Required: No
Example: -z us-east-1a
-z zone
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
147
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SUBNET identifier
• The ID of the subnet
• The current state of the subnet (pending or available)
• The ID of the VPC the subnet is in
• The CIDR block assigned to the subnet
• The number of IP addresses in the subnet that are available
• The Availability Zone the subnet is in
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
148
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command creates a subnet with CIDR block 10.0.1.0/24 in the VPC with the ID
vpc-1a2b3c4d.
PROMPT> ec2-create-subnet -c vpc-1a2b3c4d -i 10.0.1.0/24
SUBNET subnet-9d4a7b6c pending vpc-1a2b3c4d 10.0.1.0/24 251 us-east-
1a
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateSubnet
Related Commands
• ec2-delete-subnet (p. 217)
• ec2-describe-subnets (p. 408)
API Version 2013-08-15
149
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-tags
Description
Adds or overwrites one or more tags for the specified resource or resources. Each resource can have a
maximum of 10 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
The short version of this command is ec2addtag.
Syntax
ec2-create-tags resource_id [resource_id ...] --tag key[=value] [--tag
key[=value] ...]
Options
Description Name
The IDs of one or more resources to tag.
Type: String
Default: None
Required: Yes
Example: ami-1a2b3c4d
resource_id
The key and optional value of the tag, separated by an equals
sign (=). If you don't include a value, we set the value to an
empty string.
If you're using the command line tools on a Windows system,
you might need to use quotation marks (for example,
"key=value").
Type: String
Default: None
Constraints: The maximum tag key length is 127 Unicode
characters. The maximum tag value length is 255 Unicode
characters. Tag keys and values are case sensitive.
Required: Yes
Example: --tag "stack=Production"
--tag key or key=value
API Version 2013-08-15
150
Amazon Elastic Compute Cloud CLI Reference
ec2-create-tags
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
151
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The TAG identifier
• The resource type identifier
• The ID of the resource
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command adds (or overwrites) two tags for an AMI and an instance. One of the tags contains
just a key (webserver), with no value (we set the value to an empty string). The other tag consists of a
key (stack) and value (Production).
API Version 2013-08-15
152
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-create-tags ami-1a2b3c4d i-7d3e5a2f --tag webserver --tag
"stack=Production"
TAG image ami-1a2b3c4d webserver
TAG image ami-1a2b3c4d stack Production
TAG instance i-7d3e5a2f webserver
TAG instance i-7d3e5a2f stack Production
Example 2
The following example changes the value of the stack tag for one of your AMIs from Production to
Test.
PROMPT> ec2-create-tags ami-1a2b3c4d --tag "stack=Test"
TAG ami-1a2b3c4d image stack Test
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateTags
Related Commands
• ec2-delete-tags (p. 220)
• ec2-describe-tags (p. 413)
API Version 2013-08-15
153
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-create-volume
Description
Creates an Amazon EBS volume that can be attached to any instance in the same Availability Zone.
Any AWS Marketplace product codes from the snapshot are propagated to the volume.
For more information about Amazon EBS, see Amazon Elastic Block Store in the Amazon Elastic Compute
Cloud User Guide.
The short version of this command is ec2addvol.
Syntax
ec2-create-volume [--size size | --snapshot snapshot_id [--size size]]
--availability-zone zone [--type type [--iops iops]]
Options
Description Name
The size of the volume, in GiBs.
Type: String
Valid values: 1-1024
Constraints: If the volume type is io1, the minimum size of
the volume is 10 GiB.
Default: If you're creating the volume from a snapshot and
don't specify a volume size, the default is the snapshot size.
Condition: Required unless you're creating the volume from
a snapshot.
Required: Conditional
Example: -s 80
-s, --size size
The snapshot from which to create the volume.
Type: String
Default: None
Required: Conditional
Condition: Required if you are creating a volume from a
snapshot.
Example: --snapshot snap-78a54011
--snapshot snapshot_id
The Availability Zone in which to create the volume. Use
ec2-describe-availability-zones (p. 251) to list the Availability
Zones that are currently available to you.
Type: String
Default: None
Required: Yes
Example: -z us-east-1a
-z, --availability-zone zone
API Version 2013-08-15
154
Amazon Elastic Compute Cloud CLI Reference
ec2-create-volume
Description Name
The volume type.
Type: String
Valid values: standard | io1
Default: standard
Required: No
Example: -t io1
-t, --type type
The number of I/O operations per second (IOPS) that the
volume supports.
Type: Integer
Valid values: Range is 100 to 4000.
Default: None
Required: Conditional
Condition: Required when the volume type is io1; not used
with standard volumes.
Example: -iops 500
-i, --iops iops
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
155
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
API Version 2013-08-15
156
Amazon Elastic Compute Cloud CLI Reference
Output
• The VOLUME identifier
• The ID of the volume
• The size of the volume, in GiBs
• The snapshot from which the volume was created, if applicable
• The Availability Zone in which the volume was created
• The volume state (creating, available, in-use, deleting, deleted, error)
• The time stamp when volume creation was initiated
• The EBS volume type
• The I/O operations per second (IOPS) of a provisioned IOPS volume
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a 20 GiB volume in the Availability Zone us-east-1a.
PROMPT> ec2-create-volume --size 20 --availability-zone us-east-1a
VOLUME vol-1a2b3c4d 20 us-east-1a creating YYYY-MM-DDTHH:MM:SS+0000 standard
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateVolume
Related Commands
• ec2-attach-volume (p. 40)
• ec2-delete-volume (p. 224)
• ec2-describe-availability-zones (p. 251)
• ec2-describe-volumes (p. 428)
• ec2-detach-volume (p. 460)
API Version 2013-08-15
157
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-create-vpc
Description
Creates a VPC with the CIDR block you specify.
The smallest VPC you can create uses a /28 netmask (16 IP addresses), and the largest uses a /16
netmask (65,536 IP addresses). To help you decide how big to make your VPC, see Your VPC and
Subnets in the Amazon Virtual Private Cloud User Guide.
By default, each instance you launch in the VPC has the default DHCP options, which includes only a
default DNS server that we provide (AmazonProvidedDNS).
For more information about DHCP options, see DHCP Options Sets in the Amazon Virtual Private Cloud
User Guide.
The short version of this command is ec2addvpc.
Syntax
ec2-create-vpc cidr [tenancy]
Options
Description Name
The CIDR block for the VPC.
Type: String
Default: None
Required: Yes
Example: 10.0.0.0/16
cidr
The supported tenancy options for instances launched into
the VPC. A value of default means instances can be
launched with any tenancy; a value of dedicated means all
instances launched into the VPC are launched as dedicated
tenancy instances regardless of the tenancy assigned to the
instance at launch. Dedicated tenancy instances run on
single-tenant hardware.
Type: String
Valid values: default | dedicated
Default: default
Required: No
tenancy
API Version 2013-08-15
158
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpc
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
159
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPC identifier
• The ID of the VPC
• The CIDR block of the VPC
• The current state of the VPC (pending or available)
• The ID of the DHCP options associated with the VPC (or default if none)
• The supported tenancy options for instances launched into the VPC (default or dedicated).
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command creates a VPC with the CIDR block 10.0.0.0/16.
PROMPT> ec2-create-vpc 10.0.0.0/16
VPC vpc-1a2b3c4d pending 10.0.0.0/16 dopt-1a2b3c4d default
API Version 2013-08-15
160
Amazon Elastic Compute Cloud CLI Reference
Output
Example 2
This example command creates a VPC with the dedicated tenancy option.
PROMPT> ec2-create-vpc 10.0.0.0/16 --tenancy dedicated
VPC vpc-1a2b3c4d pending 10.0.0.0/16 dopt-1a2b3c4d dedicated
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateVpc
Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 89)
• ec2-delete-vpc (p. 227)
• ec2-describe-vpcs (p. 438)
API Version 2013-08-15
161
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-create-vpn-connection
Description
Creates a VPN connection between an existing virtual private gateway and customer gateway. The only
supported connection type is ipsec.1.
The output includes information that you need to give to your network administrator to configure your
customer gateway. The underlying native format of this information is XML; however, with the
ec2-create-vpn-connection command, you can transform the information into a different format based
on the vendor that makes your customer gateway (for example, Cisco or Juniper). If you use a vendor
other than Cisco or Juniper, you can set the --format option to generic, and the information is formatted
in a human readable format for your network administrator. If you want to see the native XML, you can
specify xml as the value of the --format option. If you want to write your own stylesheet, you can use
the --stylesheet option to specify that stylesheet and receive the output in your own format. Whereas
the ec2-create-vpn-connection command lets you choose a format for the configuration information,
the corresponding API action (CreateVpnConnection) returns only the native XML.
If you decide to shut down your VPN connection for any reason and later create a new one, you must
reconfigure your customer gateway with the new information returned from this command.
For more information about VPN connections, see Adding a Hardware Virtual Private Gateway to Your
VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2addvpn.
Syntax
ec2-create-vpn-connection -t type --customer-gateway customer_gateway_id
--vpn-gateway vpn_gateway_id [{--format format} | {--stylesheet your_stylesheet}]
Options
Description Name
The type of VPN connection.
Type: String
Valid values: ipsec.1
Default: None
Required: Yes
Example: -t ipsec.1
-t type
The ID of the customer gateway.
Type: String
Default: None
Required: Yes
Example: --customer-gateway cgw-b4dc3961
--customer-gateway
customer_gateway_id
API Version 2013-08-15
162
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpn-connection
Description Name
The ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
Example: --vpn-gateway vgw-8db04f81
--vpn-gateway vpn_gateway_id
Includes customer gateway configuration information in the
response, in the format specified. The returned information
can be formatted for various devices, including a Cisco device
(cisco-ios-isr) or Juniper device (juniper-junos-j), in human
readable format (generic), or in the native XML format (xml).
Type: String
Valid values: cisco-ios-isr | juniper-junos-j |
juniper-screenos-6.2 | juniper-screenos-6.1 |
generic | xml
Default: None
Required: No
Example: --format cisco-ios-isr
--format format
Includes customer gateway configuration information in the
response, formatted according to the custom XSL stylesheet
specified.
Type: String
Default: None
Required: No
Example: --stylesheet c:\my_stylesheet.xsl
--stylesheet your_stylesheet
Indicates whether the VPN connection requires static routes.
If you are creating a VPN connection for a device that does
not support BGP, you must specify this value as true.
Type: Boolean
Default: false
Required: No
--static-routes-only
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
163
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
164
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNCONNECTION identifier
• The ID of the VPN connection
• The current state of the VPN connection (pending, available, deleting, deleted)
• The type of VPN connection (ipsec.1)
• The ID of the customer gateway
• The ID of the virtual private gateway
• The configuration information for the customer gateway
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a VPN connection between the virtual private gateway with the ID
vgw-8db04f81 and the customer gateway with the ID cgw-b4dc3961. The example specifies that the
configuration information be formatted as needed for a Cisco customer gateway. Because it's a long set
of information, we haven't included the complete output here. To see an example of the information
returned, see the Amazon Virtual Private Cloud Network Administrator Guide.
PROMPT> ec2-create-vpn-connection -t ipsec.1 --customer-gateway cgw-b4dc3961 -
-vpn-gateway
vgw-8db04f81 --format cisco-ios-isr
VPNCONNECTION vpn-44a8938f pending ipsec.1 cgw-b4dc3961 vgw-8db04f81
Related Topics
Download
• Getting Started with the Command Line Tools
API Version 2013-08-15
165
Amazon Elastic Compute Cloud CLI Reference
Output
Related Action
• CreateVpnConnection
Related Commands
• ec2-attach-vpn-gateway (p. 44)
• ec2-create-subnet (p. 146)
• ec2-create-vpc (p. 158)
• ec2-delete-vpn-connection (p. 230)
• ec2-describe-vpn-connections (p. 443)
API Version 2013-08-15
166
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-create-vpn-connection-route
Description
Creates a static route associated with a VPN connection between an existing virtual private gateway and
a VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to
the VPN customer gateway.
For more information about VPN connections, see Adding a Hardware Virtual Private Gateway to Your
VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2cvcr.
Syntax
ec2-create-vpn-connection-route --vpn-connection vpn_connection_id --cidr
cidr_block
Options
Description Name
The ID of the VPN connection.
Type: String
Default: None
Required: Yes
--vpn-connection
vpn_connection_id
The CIDR block associated with the local subnet of the
customer network.
Type: String
Default: None
Required: Yes
--cidr cidr_block
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
167
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpn-connection-route
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
168
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns true if the operation succeeds or an error if the operation does not succeed.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a static route to the VPN connection for the VPN connection with the ID
vpn-83ad48ea to the destination CIDR block 11.12.0.0/16.
PROMPT> ec2-create-vpn-connection-route --cidr "11.12.0.0/16" --vpn-connection
vpn-83ad48ea
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateVpnConnectionRoute
API Version 2013-08-15
169
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-create-vpn-gateway
Description
Creates a virtual private gateway. A virtual private gateway is the VPC-side endpoint for your VPN
connection. You can create a virtual private gateway before creating the VPC itself.
For more information about virtual private gateways, see Adding a Hardware Virtual Private Gateway to
Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2addvgw.
Syntax
ec2-create-vpn-gateway -t type
Options
Description Name
The type of VPN connection this virtual private gateway
supports.
Type: String
Valid values: ipsec.1
Default: None
Required: Yes
Example: -t ipsec.1
-t type
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
170
Amazon Elastic Compute Cloud CLI Reference
ec2-create-vpn-gateway
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
171
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNGATEWAY identifier
• The ID of the virtual private gateway
• The current state of the virtual private gateway (pending, available, deleting, deleted)
• The type of VPN connection the virtual private gateway supports (ipsec.1)
• The Availability Zone for the virtual private gateway
• Information about VPCs attached to the virtual private gateway (there are none attached when you first
create a virtual private gateway)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a virtual private gateway.
PROMPT> ec2-create-vpn-gateway -t ipsec.1
VPNGATEWAY vgw-8db04f81 pending ipsec.1
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• CreateVpnGateway
Related Commands
• ec2-attach-vpn-gateway (p. 44)
• ec2-delete-vpn-gateway (p. 236)
• ec2-describe-vpn-gateways (p. 449)
• ec2-detach-vpn-gateway (p. 464)
API Version 2013-08-15
172
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-customer-gateway
Description
Deletes the specified VPN customer gateway. You must delete the VPN connection before you can delete
the customer gateway.
For more information about VPN customer gateways, see Adding a Hardware Virtual Private Gateway
to Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delcgw.
Syntax
ec2-delete-customer-gateway customer_gateway_id
Options
Description Name
The ID of the customer gateway.
Type: String
Default: None
Required: Yes
Example: cgw-b4dc3961
customer_gateway_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
173
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-customer-gateway
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
174
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The CUSTOMERGATEWAY identifier
• The ID of the customer gateway
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the customer gateway with the ID cgw-b4dc3961.
PROMPT> ec2-delete-customer-gateway cgw-b4dc3961
CUSTOMERGATEWAY cgw-b4dc3961
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteCustomerGateway
Related Commands
• ec2-create-customer-gateway (p. 85)
• ec2-describe-customer-gateways (p. 263)
API Version 2013-08-15
175
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-dhcp-options
Description
Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you
can delete it. You can disassociate the set of DHCP options by associating either a new set of options
or the default set of options with the VPC.
For more information about DHCP options sets, see DHCP Options Sets in the Amazon Virtual Private
Cloud User Guide.
The short version of this command is ec2deldopt.
Syntax
ec2-delete-dhcp-options dhcp_options_id
Options
Description Name
The ID of the DHCP options set.
Type: String
Default: None
Required: Yes
Example: dopt-7a8b9c2d
dhcp_options_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
176
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-dhcp-options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
177
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The DHCPOPTIONS identifier
• The ID of the DHCP options set
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the set of DHCP options with the ID dopt-7a8b9c2d.
PROMPT> ec2-delete-dhcp-options dopt-7a8b9c2d
DHCPOPTIONS dopt-7a8b9c2d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteDhcpOptions
Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 89)
• ec2-describe-dhcp-options (p. 268)
API Version 2013-08-15
178
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-disk-image
Description
Deletes the specified partially or fully uploaded disk image for conversion from Amazon S3. You can
specify either the conversion task ID or the URL to the import manifest file in Amazon S3. For more
information, see Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2 in the
Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2ddi.
Syntax
ec2-delete-disk-image { -t task_id | -u url } -o owner_access_key_id -w
owner_secret_access_key [--ignore-active-task]
Options
Description Name
The Task ID of the conversion task that is no longer active.
Type: String
Default: None
Required: Conditional
Condition: Either the task ID or the URL to the manifest is
required.
Example: -t import-i-fh95npoc
-t, --task task_id
The URL for an existing import manifest file. Use this option
to delete the uploaded disk image even if one or more active
conversion tasks still reference the manifest.
Type: String
Default: None
Required: Conditional
Condition: Either the task ID or the URL to the manifest is
required.
Example: -u http://s3.example.com/mydisk-to-delete.vmdk
-u, --manifest-url url
The access Key ID of the owner of the bucket containing the
uploaded disk image to be deleted. This parameter value is
not sent to Amazon EC2.
Type: String
Default: None
Required: Yes
Example: -o AKIAIOSFODNN7EXAMPLE
-o, --owner-akid
owner_access_key_id
API Version 2013-08-15
179
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-disk-image
Description Name
The AWS secret access key of the owner of the bucket
containing the uploaded disk image to be deleted. This
parameter value is not sent to Amazon EC2.
Type: String
Default: None
Required: Yes
Example: -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
owner_secret_access_key
Delete the uploaded disk image despite having an active task.
Using this option may cause active tasks to fail. Use this option
at your own risk.
Type: String
Default: None
Required: No
Example: --ignore-active-task
--ignore-active-task
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
180
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
API Version 2013-08-15
181
Amazon Elastic Compute Cloud CLI Reference
Output
• The ID of the task
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the disk image with the ID import-i-fh95npoc.
PROMPT> ec2-delete-disk-image -t import-i-fh95npoc -o AKIAIOSFODNN7EXAMPLE -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
DELETE-TASK import-i-fh95npoc
Related Topics
Download
• Getting Started with the Command Line Tools
Related Commands
• ec2-cancel-conversion-task (p. 62)
• ec2-import-instance (p. 495)
• ec2-import-volume (p. 506)
• ec2-resume-import (p. 613)
ec2-delete-group
Description
Deletes the specified security group.
Important
If you attempt to delete a security group that is associated with an instance, or is referenced by
another security group, the operation fails with InvalidGroup.InUse for EC2-Classic or
DependencyViolation for EC2-VPC.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For
more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide
and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delgrp.
Syntax
ec2-delete-group { group_name | group_id }
API Version 2013-08-15
182
Amazon Elastic Compute Cloud CLI Reference
Examples
Options
Description Name
The name of the security group.
Type: String
Default: None
Required: Conditional
Condition: For EC2-Classic and default VPCs, you can specify
either group_name or group_id.
Example: websrv
group_name
The ID of the security group.
Type: String
Default: None
Required: Conditional
Condition: Required for a nondefault VPC; for EC2-Classic
or a default VPC, you can specify either group_name or
group_id.
Example: sg-32fa9d3e
group_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
183
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
184
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command deletes the security group for EC2-Classic named webserv.
PROMPT> ec2-delete-group websrv
RETURN true
Example 2
This example command deletes the security group for EC2-VPC with the ID sg-1a2b3c4d.
PROMPT> ec2-delete-group sg-1a2b3c4d
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteSecurityGroup
Related Commands
• ec2-authorize (p. 47)
• ec2-create-group (p. 93)
• ec2-describe-group (p. 276)
• ec2-revoke (p. 618)
API Version 2013-08-15
185
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-internet-gateway
Description
Deletes the specified Internet gateway. You must detach the Internet gateway from the VPC before you
can delete it. For more information about your VPC and Internet gateway, see the Amazon Virtual Private
Cloud User Guide.
The short version of this command is ec2deligw.
Syntax
ec2-delete-internet-gateway internet_gateway_id
Options
Description Name
The ID of the Internet gateway.
Type: String
Default: None
Required: Yes
Example: igw-8db04f81
internet_gateway_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
186
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-internet-gateway
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
187
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the Internet gateway with the ID igw-eaad4883.
PROMPT> ec2-delete-internet-gateway igw-eaad4883
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteInternetGateway
Related Commands
• ec2-attach-internet-gateway (p. 34)
• ec2-create-internet-gateway (p. 106)
• ec2-describe-internet-gateways (p. 320)
• ec2-detach-internet-gateway (p. 454)
API Version 2013-08-15
188
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-keypair
Description
Deletes the specified key pair, by removing the public key from Amazon EC2. You must own the key pair.
The short version of this command is ec2delkey.
Syntax
ec2-delete-keypair key_pair
Options
Description Name
The name of the key pair.
Type: String
Default: None
Required: Yes
Example: primary_keypair
key_pair
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
189
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-keypair
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
190
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The KEYPAIR identifier
• The name of the deleted key pair
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the key pair named my-key-pair.
PROMPT> ec2-delete-keypair my-key-pair
KEYPAIR my-key-pair
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteKeyPair
Related Commands
• ec2-create-keypair (p. 109)
• ec2-describe-keypairs (p. 324)
API Version 2013-08-15
191
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-network-acl
Description
Deletes the specified network ACL. You can't delete the ACL if it's associated with any subnets. You can't
delete the default network ACL. For more information about network ACLs, see Network ACLs in the
Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delnacl.
Syntax
ec2-delete-network-acl acl_id
Options
Description Name
The ID of the network ACL.
Type: String
Default: None
Required: Yes
Example: acl-2cb85d45
acl_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
192
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-network-acl
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
193
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the network ACL with the ID acl-2cb85d45.
PROMPT> ec2-delete-network-acl acl-2cb85d45
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteNetworkAcl
Related Commands
• ec2-create-network-acl (p. 113)
• ec2-describe-network-acls (p. 328)
• ec2-replace-network-acl-association (p. 569)
API Version 2013-08-15
194
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-network-acl-entry
Description
Deletes the specified ingress or egress entry (rule) from the specified network ACL. For more information
about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delnae.
Syntax
ec2-delete-network-acl-entry acl_id -n rule_number [--egress]
Options
Description Name
The ID of the network ACL.
Type: String
Default: None
Required: Yes
Example: acl-5fb85d36
acl_id
The rule number for the entry to delete.
Type: Number
Default: None
Required: Yes
Example: 100
-n, --rule-number rule_number
Indicates that the rule is an egress rule.
Default: If not specified, the rule is an ingress rule.
Required: No
--egress
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
195
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-network-acl-entry
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
196
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command deletes the ingress entry with rule number 100 from the network ACL with the
ID acl-2cb85d45.
PROMPT> ec2-delete-network-acl-entry acl-2cb85d45 -n 100
RETURN true
Example 2
This example command deletes the egress entry with rule number 200 from the network ACL with the ID
acl-2cb85d45.
PROMPT> ec2-delete-network-acl-entry acl-2cb85d45 -n 200 --egress
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteNetworkAclEntry
API Version 2013-08-15
197
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-create-network-acl-entry (p. 116)
• ec2-describe-network-acls (p. 328)
• ec2-replace-network-acl-entry (p. 572)
API Version 2013-08-15
198
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-delete-network-interface
Description
Deletes the specified network interface. You must detach the network interface before you can delete it.
The short version of this command is ec2delnic.
Syntax
ec2-delete-network-interface interface_id
Options
Description Name
The ID of the network interface.
Type: String
Default: None
Required: Yes
Example: eni-3a9f6553
interface_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
199
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-network-interface
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
200
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The NETWORKINTERFACE identifier
• The ID of the network interface that you deleted
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the network interface with the ID eni-3a9f6553.
PROMPT> ec2-delete-network-interface eni-3a9f6553
NETWORKINTERFACE eni-3a9f6553
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteNetworkInterface
Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 121)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
201
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-placement-group
Description
Deletes the specified placement group. You must terminate all instances in a placement group before
you can delete the placement group. For more information about placement groups and cluster instances,
see Cluster Instances in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2delpgrp.
Syntax
ec2-delete-placement-group placement_group
Options
Description Name
The name of the placement group.
Type: String
Default: None
Required: Yes
Example: XYZ-cluster
placement_group
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
202
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-placement-group
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
203
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns the following information:
• The PLACEMENTGROUP identifier
• The name of the placement group
• The status of the placement group (deleted)
Examples
Example
This example command deletes the placement group named XYZ-cluster.
PROMPT> ec2-delete-placement-group XYZ-cluster
PLACEMENTGROUP XYZ-cluster deleted
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeletePlacementGroup
Related Commands
• ec2-create-placement-group (p. 125)
• ec2-describe-placement-groups (p. 344)
API Version 2013-08-15
204
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-route
Description
Deletes the specified route from the specified route table. For more information about route tables, see
Route Tables in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delrt.
Syntax
ec2-delete-route route_table_id -r cidr
Options
Description Name
The ID of the route table.
Type: String
Default: None
Required: Yes
Example: rtb-5da34634
route_table_id
The CIDR range for the route. The value you specify must
match the CIDR for the route exactly.
Type: String
Default: None
Required: Yes
Example: 0.0.0.0/0
-r, --cidr cidr
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
205
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-route
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
206
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the route with the destination CIDR 172.16.1.0/24 from the route
table with the ID rtb-e4ad488d.
PROMPT> ec2-delete-route rtb-e4ad488d -r 172.16.1.0/24
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteRoute
Related Commands
• ec2-create-route (p. 132)
• ec2-describe-route-tables (p. 376)
• ec2-replace-route (p. 576)
API Version 2013-08-15
207
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-route-table
Description
Deletes the specified route table. You must disassociate the route table from any subnets before you can
delete it. You can't delete the main route table. For more information about route tables, see Route Tables
in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delrtb.
Syntax
ec2-delete-route-table route_table_id
Options
Description Name
The ID of the route table.
Type: String
Default: None
Required: Yes
Example: rtb-7aa34613
route_table_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
208
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-route-table
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
209
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the route table with the ID rtb-7aa34613.
PROMPT> ec2-delete-route-table rtb-7aa34613
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteRouteTable
Related Commands
• ec2-associate-route-table (p. 30)
• ec2-create-route-table (p. 136)
• ec2-describe-route-tables (p. 376)
• ec2-disassociate-route-table (p. 475)
• ec2-replace-route-table-association (p. 580)
API Version 2013-08-15
210
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-snapshot
Description
Deletes the specified snapshot.
Note
• If you make periodic snapshots of a volume, the snapshots are incremental so that only the
blocks on the device that have changed since your last snapshot are saved in the new snapshot.
Even though snapshots are saved incrementally, the snapshot deletion process is designed
so that you need to retain only the most recent snapshot in order to restore the volume.
• You cannot delete a snapshot of the root device of an EBS volume used by a registered AMI.
You must first de-register the AMI before you can delete the snapshot.
The short version of this command is ec2delsnap.
Syntax
ec2-delete-snapshot snapshot_id
Options
Description Name
The ID of the Amazon EBS snapshot.
Type: String
Default: None
Required: Yes
Example: snap-78a54011
snapshot_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
211
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-snapshot
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
212
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SNAPSHOT identifier
• The ID of the snapshot
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the snapshot with the ID snap-1a2b3c4d.
PROMPT> ec2-delete-snapshot snap-1a2b3c4d
SNAPSHOT snap-1a2b3c4d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteSnapshot
Related Commands
• ec2-create-snapshot (p. 139)
• ec2-describe-snapshots (p. 385)
API Version 2013-08-15
213
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-spot-datafeed-subscription
Description
Deletes the data feed for Spot Instances. For more information about Spot Instances, see Spot Instances
in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2delsds.
Syntax
ec2-delete-spot-datafeed-subscription
Options
This command has no options.
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
API Version 2013-08-15
214
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-spot-datafeed-subscription
Description Option
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns no output.
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
215
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command deletes the data feed for the account.
PROMPT> ec2-delete-spot-datafeed-subscription
-
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteSpotDatafeedSubscription
Related Commands
• ec2-create-spot-datafeed-subscription (p. 143)
• ec2-describe-spot-datafeed-subscription (p. 391)
API Version 2013-08-15
216
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-delete-subnet
Description
Deletes the specified subnet. You must terminate all running instances in the subnet before you can
delete the subnet.
The short version of this command is ec2delsubnet.
Syntax
ec2-delete-subnet subnet_id
Options
Description Name
The ID of the subnet.
Type: String
Default: None
Required: Yes
Example: subnet-9d4a7b6c
subnet_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
217
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-subnet
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
218
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The SUBNET identifier
• The ID of the subnet
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the subnet with the ID subnet-9d4a7b6c.
PROMPT> ec2-delete-subnet subnet-9d4a7b6c
SUBNET subnet-9d4a7b6c
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteSubnet
Related Commands
• ec2-create-subnet (p. 146)
• ec2-describe-subnets (p. 408)
API Version 2013-08-15
219
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-tags
Description
Deletes the specified set of tags from the specified set of resources. This command is designed to follow
the ec2-describe-tags command.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
The short version of this command is ec2deltag.
Syntax
ec2-delete-tags resource_id [resource_id ... ] --tag key[=value] [--tag
key[=value] ...]
Options
Description Name
One or more resource IDs.
Type: String
Default: None
Required: Yes
Example: i-1a2b3c4d
resource_id
The key and optional value of the tag, separated by an equals
sign (=). You can specify more than one tag to remove.
Type: String
Default: None
Required: Yes
Example: --tag "stack=Production"
--tag key or key=value
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
220
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-tags
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
221
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information for tags that were deleted:
• The TAG identifier
• The resource type identifier
• The ID of the resource
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example deletes the tags for the AMI with the ID ami-1a2b3c4d. First, get a list of the tags using
the following command.
PROMPT> ec2-describe-tags --filter "resource-id=ami-1a2b3c4d"
TAG ami-1a2b3c4d image webserver
TAG ami-1a2b3c4d image stack Production
Next, delete the tags.
PROMPT> ec2-delete-tags ami-1a2b3c4d --tag webserver --tag "stack=Production"
It's optional to specify the value for any tag with a value. If you specify a value for the key, the tag is
deleted only if the tag's value matches the one you specified. If you specify the empty string as the value,
the tag is deleted only if the tag's value is the empty string. The following example specifies the empty
string as the value for the tag to delete (notice the equals sign after Owner).
PROMPT> ec2-delete-tags snap-4dfg39a --tag "Owner="
Example 2
This example command deletes the stack tag from two particular instances.
API Version 2013-08-15
222
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-delete-tags i-5f4e3d2a i-12345678 --tag stack
Example 3
You can specify a tag key without a corresponding tag value if you want to delete the tag regardless of
its value. This example command deletes all tags for the specified resources that have a key of Purpose,
regardless of the tag value.
PROMPT> ec2-delete-tags i-5f4e3d2a i-4d5h8a9b i-1d3d4fae --tag Purpose
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteTags
Related Commands
• ec2-create-tags (p. 150)
• ec2-describe-tags (p. 413)
API Version 2013-08-15
223
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-delete-volume
Description
Deletes the specified Amazon EBS volume. The volume must be in the available state (not attached
to an instance). For more information about Amazon EBS, see Amazon Elastic Block Store in the Amazon
Elastic Compute Cloud User Guide.
Note
The volume remains in the deleting state for several minutes after you run this command.
The short version of this command is ec2delvol.
Syntax
ec2-delete-volume volume_id
Options
Description Name
The ID of the volume.
Type: String
Default: None
Required: Yes
Example: vol-4282672b
volume_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
224
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-volume
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
225
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VOLUME identifier
• The ID of the volume that was deleted
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the volume with the ID vol-1a2b3c4d.
PROMPT> ec2-delete-volume vol-1a2b3c4d
VOLUME vol-1a2b3c4d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteVolume
Related Commands
• ec2-attach-volume (p. 40)
• ec2-create-volume (p. 154)
• ec2-describe-volumes (p. 428)
• ec2-detach-volume (p. 460)
API Version 2013-08-15
226
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-vpc
Description
Deletes the specified VPC. You must detach or delete all gateways and resources that are associated
with the VPC before you can delete it. For example, you must terminate all instances running in the VPC,
delete all security groups associated with the VPC (except the default one), delete all route tables
associated with the VPC (except the default one), and so on.
The short version of this command is ec2delvpc.
Syntax
ec2-delete-vpc vpc_id
Options
Description Name
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: vpc-1a2b3c4d
vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
227
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpc
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
228
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The VPC identifier
• The ID of the VPC
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the VPC with the ID vpc-1a2b3c4d.
PROMPT> ec2-delete-vpc vpc-1a2b3c4d
VPC vpc-1a2b3c4d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteVpc
Related Commands
• ec2-create-vpc (p. 158)
• ec2-describe-vpcs (p. 438)
API Version 2013-08-15
229
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-vpn-connection
Description
Deletes the specified VPN connection.
If you're deleting the VPC and its associated components, we recommend that you detach the virtual
private gateway from the VPC and delete the VPC before deleting the VPN connection.
Another reason to use this command is if you believe that the tunnel credentials for your VPN connection
have been compromised. In that situation, you can delete the VPN connection and create a new one that
has new keys, without needing to delete the VPC or virtual private gateway. If you create a new VPN
connection, you must reconfigure the customer gateway using the new configuration information returned
with the new VPN connection ID.
For more information about VPN connections, see Adding a Hardware Virtual Private Gateway to Your
VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delvpn.
Syntax
ec2-delete-vpn-connection vpn_connection_id
Options
Description Name
The ID of the VPN connection.
Type: String
Default: None
Required: Yes
Example: vpn-44a8938f
vpn_connection_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
230
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpn-connection
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
231
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNCONNECTION identifier
• The ID of the VPN connection
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the VPN connection with the ID vpn-44a8938f.
PROMPT> ec2-delete-vpn-connection vpn-44a8938f
VPNCONNECTION vpn-44a8938f
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteVpnConnection
Related Commands
• ec2-create-vpn-connection (p. 162)
• ec2-delete-vpc (p. 227)
• ec2-describe-vpn-connections (p. 443)
• ec2-detach-vpn-gateway (p. 464)
API Version 2013-08-15
232
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-vpn-connection-route
Description
Deletes the specified static route associated with a VPN connection between an existing virtual private
gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private
gateway to the VPN customer gateway.
The short version of this command is ec2dvcr.
Syntax
ec2-delete-vpn-connection-route --vpn-connection vpn_connection_id --cidr
cidr_block
Options
Description Name
The ID of the VPN connection.
Type: String
Default: None
Required: Yes
--vpn-connection
vpn_connection_id
The CIDR block associated with the local subnet of the
customer network.
Type: String
Default: None
Required: Yes
--cidr cidr_block
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
233
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpn-connection-route
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
234
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns true if the operation succeeds or an error if the operation does not succeed.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes a static route to the destination CIDR block 11.12.0.0/16 associated
with the VPN connection with the ID vpn-83ad48ea.
PROMPT> ec2-delete-vpn-connection-route--cidr "11.12.0.0/16" --vpn-connection
vpn-83ad48ea
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteVpnConnectionRoute
API Version 2013-08-15
235
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-delete-vpn-gateway
Description
Deletes the specified virtual private gateway. We recommend that before you delete a virtual private
gateway, you detach it from the VPC and delete the VPN connection. Note that you don't need to delete
the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and
your network.
For more information about virtual private gateways, see Adding a Hardware Virtual Private Gateway to
Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2delvgw.
Syntax
ec2-delete-vpn-gateway vpn_gateway_id
Options
Description Name
The ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
Example: vgw-8db04f81
vpn_gateway_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
236
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-vpn-gateway
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
237
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNGATEWAY identifier
• The ID of the virtual private gateway
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deletes the virtual private gateway with the ID vgw-8db04f81.
PROMPT> ec2-delete-vpn-gateway vgw-8db04f81
VPNGATEWAY vgw-8db04f81
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeleteVpnGateway
Related Commands
• ec2-create-vpn-gateway (p. 170)
• ec2-delete-vpn-connection (p. 230)
• ec2-describe-vpn-gateways (p. 449)
API Version 2013-08-15
238
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-deregister
Description
Deregisters the specified AMI. After you deregister an AMI, it can't be used to launch new instances.
Note
This command does not delete the AMI. To delete the AMI, use ec2-delete-bundle (p. 671) for
Amazon S3-backed AMIs, or ec2-delete-snapshot (p. 211) for Amazon EBS-backed AMIs.
The short version of this command is ec2dereg.
Syntax
ec2-deregister ami_id
Options
Description Name
The ID of the AMI.
Type: String
Default: None
Required: Yes
Example: ami-4fa54026
ami_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
239
Amazon Elastic Compute Cloud CLI Reference
ec2-deregister
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
240
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The IMAGE identifier
• The ID of the AMI
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command deregisters the AMI with the ID ami-1a2b3c4d.
PROMPT> ec2-deregister ami-1a2b3c4d
IMAGE ami-1a2b3c4d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DeregisterImage
Related Commands
• ec2-describe-images (p. 286)
• ec2-register (p. 559)
API Version 2013-08-15
241
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-describe-account-attributes
Description
Describes the specified attribute of your AWS account.
The short version of this command is ec2daa.
Syntax
ec2-describe-account-attributes { supported-platforms | default-vpc }
Options
Description Name
Indicates whether your account can launch instances into
EC2-Classic and EC2-VPC, or only into EC2-VPC. For more
information, see Supported Platforms.
Required: No
supported-platforms
The ID of the default VPC for your account, or none. For more
information, see Your Default VPC and Subnets.
Required: No
default-vpc
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
242
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-account-attributes
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
243
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The ACCOUNTATTRIBUTE identifier
• The attribute name
• The VALUE identifier
• The attribute value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the platforms that are supported by your account.
PROMPT> ec2-describe-account-attributes supported-platforms
The following is example output for an account that must launch instances into a VPC, such as the default
VPC.
ACCOUNTATTRIBUTE supported-platforms
VALUE EC2-VPC
The following is example output for an account that can launch instances into EC2-Classic or into a VPC.
ACCOUNTATTRIBUTE supported-platforms
VALUE EC2-Classic
VALUE EC2-VPC
Example 2
This example command describes the ID of the default VPC.
PROMPT> ec2-describe-account-attributes default-vpc
The following is example output for an account with a default VPC.
ACCOUNTATTRIBUTE default-vpc
VALUE vpc-1a2b3c4d
The following is example output for an account without a default VPC.
ACCOUNTATTRIBUTE default-vpc
VALUE none
API Version 2013-08-15
244
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeAccountAttributes
API Version 2013-08-15
245
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-addresses
Description
Describes one or more of your Elastic IP addresses.
An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see
Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2daddr.
Syntax
ec2-describe-addresses [public_ip ... | allocation_id ...] [[--filter
"name=value"] ...]
Options
Description Name
[EC2-Classic] One or more Elastic IP addresses.
Type: String
Default: Describes all your Elastic IP addresses.
Required: No
Example: 198.51.100.1
public_ip
[EC2-VPC] One or more allocation IDs.
Type: String
Default: Describes all your Elastic IP addresses.
Required: No
Example: eipalloc-9558a4fc
allocation_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Elastic IP addresses, or only those
you specified.
Required: No
Example: --filter "instance-id=i-1a2b3c4d"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain Elastic IP addresses.
For example, you can use a filter to specify that you're interested in addresses that have a specific tag.
You can specify multiple values for a filter. The response includes information for an address only if it
matches at least one of the filter values that you specified.
API Version 2013-08-15
246
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-addresses
You can specify multiple filters; for example, specify addresses of a specific value that have a specific
tag. The response includes information for an address only if it matches all the filters that you specified.
If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
domain
Indicates whether the address is for use in a VPC.
Type: String
Valid values: standard | vpc
instance-id
The instance the address is associated with (if any).
Type: String
public-ip
The Elastic IP address.
Type: String
allocation-id
The allocation ID for the address (VPC only).
Type: String
association-id
The association ID for the address (VPC only).
Type: String
network-interface-id
The network interface (if any) that the address is associated with (VPC only).
Type: String
network-interface-owner-id
The owner IID.
Type: String
private-ip-address
The private IP address associated with the Elastic IP address (VPC only).
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
247
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
248
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ADDRESS identifier
• The Elastic IP address
• The ID of the instance to which the IP address is associated, if any
• The domain of the Elastic IP address (standard or vpc)
• [EC2-VPC] The allocation ID
• [EC2-VPC] The association ID
• [EC2-VPC] The private IP address associated with the Elastic IP address
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the Elastic IP address 192.0.2.1, which is assigned to an instance
in EC2-Classic with the ID i-f15ebb98.
PROMPT> ec2-describe-addresses 192.0.2.1
ADDRESS 192.0.2.1 i-f15ebb98 standard
Example 2
This example command describes the Elastic IP address with the allocation ID eipalloc-282d9641,
which is assigned to an instance in EC2-VPC with the ID i-7a00642.
PROMPT> ec2-describe-addresses eipalloc-9258a4fb
Type Address Instance Domain AllocationId
AssociationId NetworkInterfaceID
PrivateIP ADDRESS 203.0.113.0 i-7a00642e vpc eipalloc-282d9641
eipassoc-252d964c eni-d83388b1 10.0.0.14 4
Example 3
This example command describes all your Elastic IP addresses (for both platforms).
API Version 2013-08-15
249
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-describe-addresses
ADDRESS 203.0.113.12 i-f15ebb98 standard
ADDRESS 203.0.113.22 i-9e9da4e9 vpc eipalloc-9258a4fb eipassoc-
0659a56f
ADDRESS 203.0.113.32 vpc eipalloc-9558a4fc
Example 4
This example command describes your Elastic IP addresses for EC2-VPC only.
PROMPT> ec2-describe-addresses --filter "allocation-id=*" -H
ec2-describe-addresses -H
Type Address Instance Domain AllocationId
AssociationId NetworkInterfaceID
PrivateIP ADDRESS 203.0.113.10 vpc eipalloc-1b5fe072
eipassoc-eb5fe082 eni-0689366f 10.0.1.35
ADDRESS 203.0.113.20 i-c844219c vpc eipalloc-b463dcdd
eipassoc-d218a3bb eni-ea67dc83 10.0.0.174
ADDRESS 203.0.113.140 i-ba6a0d vpc eipalloc-1266dd7b
eipassoc-39e15b50 eni-73e05a1a 10.0.0.85
ADDRESS 203.0.113.140 i-7a00642 vpc eipalloc-f38a359a
eipassoc-1f239876 eni-d83388b1 10.0.0.12
ADDRESS 203.0.113.177 i-7a00642e vpc eipalloc-282d9641
eipassoc-252d964c eni-d83388b1 10.0.0.14
Example 5
This example command describes the Elastic IP address associated with a particular private IP address
in EC2-VPC.
PROMPT> ec2-describe-addresses --filter "private-ip-address=10.0.0.94"
ADDRESS 203.0.113.155 vpc eipalloc-fdfc4394 eipassoc-52fa453b
eni-66fc430f 10.0.0.94
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeAddresses
Related Commands
• ec2-allocate-address (p. 13)
• ec2-associate-address (p. 21)
• ec2-disassociate-address (p. 471)
• ec2-release-address (p. 565)
API Version 2013-08-15
250
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-availability-zones
Description
Describes one or more of the Availability Zones that are available to you. The results include Availability
Zones only for the region you're currently using.
Note
Availability Zones are not the same across accounts. The Availability Zone us-east-1a for account
A is not necessarily the same as us-east-1a for account B. Availability Zone assignments are
mapped independently for each account.
The short version of this command is ec2daz.
Syntax
ec2-describe-availability-zones [zone_name ...] [[--filter "name=value"] ...]
Options
Description Name
One or more Availability Zone names.
Type: String
Default: Describes all Availability Zones in the region.
Required: No
Example: us-east-1a
zone_name
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all Availability Zones in the region, or only
those you specified.
Required: No
Example: --filter "region-name=ap-southeast-1"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain Availability Zones. For
example, you can use a filter to specify that you're interested in Availability Zones in the available
state. You can specify multiple values for a filter. The response includes information for an Availability
Zone only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify Availability Zones that are in a particular region and
are in the available state. The response includes information for an Availability Zone only if it matches
all the filters that you specified. If there's no match, no special message is returned, the response is simply
empty.
API Version 2013-08-15
251
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-availability-zones
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
message
Information about the Availability Zone.
Type: String
region-name
The region for the Availability Zone (for example, us-east-1).
Type: String
state
The state of the Availability Zone
Type: String
Valid values: available
zone-name
The name of the zone.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
252
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information for each Availability Zone retrieved:
API Version 2013-08-15
253
Amazon Elastic Compute Cloud CLI Reference
Output
• The AVAILABILITYZONE identifier
• The name of the Availability Zone
• The state of the Availability Zone
• The region that the Availability Zone belongs to
• Any messages associated with the Availability Zone
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the Availability Zones that are available to you. The output includes
Availability Zones only for the current region.
PROMPT> ec2-describe-availability-zones
AVAILABILITYZONE us-east-1a available us-east-1
AVAILABILITYZONE us-east-1b available us-east-1
AVAILABILITYZONE us-east-1c available us-east-1
Example 2
This example command describes the Availability Zones that are available to you in the us-east-1
region.
PROMPT> ec2-describe-availability-zones --region us-east-1
AVAILABILITYZONE us-east-1a available us-east-1
AVAILABILITYZONE us-east-1b available us-east-1
AVAILABILITYZONE us-east-1c available us-east-1
AVAILABILITYZONE us-east-1d available us-east-1
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeAvailabilityZones
Related Commands
• ec2-describe-regions (p. 348)
• ec2-run-instances (p. 624)
API Version 2013-08-15
254
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-bundle-tasks
Description
Describes one or more of your bundling tasks.
Note
Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the
list, you can still register an AMI from it. Just use the ec2-register command with the Amazon
S3 bucket name and image manifest name you provided to the bundle task.
The short version of this command is ec2dbun.
Syntax
ec2-describe-bundle-tasks [bundle ...] [[--filter "name=value"] ...]
Options
Description Name
One or more bundle task IDs.
Type: String
Default: Describes all your bundle tasks.
Required: No
Example: bun-cla432a3
bundle
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your bundle tasks, or only those you
specified.
Required: No
Example: --filter "state=pending"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain bundle tasks. For example,
you can use a filter to specify that you're interested in the bundle tasks in the complete state. You can
specify multiple values for a filter. The response includes information for a bundle task only if it matches
at least one of the filter values that you specified.
You can specify multiple filters; for example, specify bundles that are stored in a specific Amazon S3
bucket and are in the complete state. The response includes information for a bundle task only if it
matches all the filters that you specified. If there's no match, no special message is returned, the response
is simply empty.
API Version 2013-08-15
255
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-bundle-tasks
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
bundle-id
The ID of the bundle task.
Type: String
error-code
If the task failed, the error code returned.
Type: String
error-message
If the task failed, the error message returned.
Type: String
instance-id
The ID of the instance that was bundled.
Type: String
progress
The level of task completion, as a percentage (for example, 20%).
Type: String
s3-bucket
The Amazon S3 bucket to store the AMI.
Type: String
s3-prefix
The beginning of the AMI name.
Type: String
start-time
The time the task started (for example, 2008-09-15T17:15:20.000Z).
Type: DateTime
state
The state of the task.
Type: String
Valid values: pending | waiting-for-shutdown | bundling | storing | cancelling | complete
| failed
update-time
The time of the most recent update for the task (for example, 2008-09-15T17:15:20.000Z).
Type: DateTime
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
256
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
257
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The BUNDLE identifier
• The ID of the bundle
• The ID of the instance
• The bucket name
• The prefix
• The start time
• The update time
• The current state (pending, waiting-for-shutdown, bundling, storing, cancelling, complete,
failed)
• The progress as a % if state is bundling
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the status of the bundle task with the ID bun-c1a540a8.
PROMPT> ec2-describe-bundle-tasks bun-c1a540a8
BUNDLE bun-c1a540a8 i-2674d22r myawsbucket winami 2008-09-15T17:15:20.000Z
2008-09-15T17:15:20.000Z bundling 3%
API Version 2013-08-15
258
Amazon Elastic Compute Cloud CLI Reference
Output
Example 2
This example filters the response to include only bundle tasks whose state is either complete or failed,
and in addition are targeted for the Amazon S3 bucket named myawsbucket.
PROMPT> ec2-describe-bundle-tasks --filter "s3-bucket=myawsbucket" --filter
"state=complete" --filter "state=failed"
BUNDLE bun-1a2b3c4d i-8765abcd myawsbucket linuxami 2008-09-14T08:32:43.000Z
2008-09-14T08:32:43.000Z complete
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeBundleTasks
Related Commands
• ec2-bundle-instance (p. 54)
• ec2-cancel-bundle-task (p. 59)
API Version 2013-08-15
259
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-conversion-tasks
Description
Describes one or more of your conversion tasks. For more information, see Using the Command Line
Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2dct.
Syntax
ec2-describe-conversion-tasks [task_id ...] [--show-transfer-details]
Options
Description Name
One or more conversion task IDs.
Type: String
Default: Describes all your conversion tasks.
Required: No
Example: import-i-ffvko9js
task_id
Any additional details for uploading the disk image. The
ec2-upload-disk-image command automatically returns
this information.
Required: No
Example: --show-transfer-details
--show-transfer-details
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
260
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-conversion-tasks
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
261
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the following information:
• Information about the task, such as the task ID, task type, expiration, status, and number of bytes
received
• Information about the image, such as the image size, format, volume ID, and volume size
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command shows the status of your import instance task.
PROMPT> ec2-describe-conversion-tasks import-i-ffvko9js
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeConversionTasks
Related Commands
• ec2-cancel-conversion-task (p. 62)
• ec2-delete-disk-image (p. 179)
• ec2-import-instance (p. 495)
• ec2-import-volume (p. 506)
• ec2-resume-import (p. 613)
API Version 2013-08-15
262
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-describe-customer-gateways
Description
Describes one or more of your customer gateways.
For more information about VPN customer gateways, see Adding a Hardware Virtual Private Gateway
to Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2dcgw.
Syntax
ec2-describe-customer-gateways [ customer_gateway_id ... ] [[--filter
"name=value"] ...]
Options
Description Name
One or more customer gateway IDs.
Type: String
Default: Describes all your customer gateways.
Required: No
Example: cgw-b4dc3961
customer_gateway_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your customer gateways, or only those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain customer gateways. For
example, you can use a filter to specify that you're interested in customer gateways in the pending or
available state. You can specify multiple values for a filter. The response includes information for a
customer gateway only if it matches at least one of the of the filter values that you specified.
You can specify multiple filters; for example, specify customer gateways that have a specific IP address
for the Internet-routable external interface and are in the pending or available state. The response
includes information for a customer gateway only if it matches all the filters that you specified. If there's
no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
API Version 2013-08-15
263
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-customer-gateways
The following are the available filters.
bgp-asn
The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).
Type: String
customer-gateway-id
The ID of the customer gateway.
Type: String
ip-address
The IP address of the customer gateway's Internet-routable external interface (for example,
12.1.2.3).
Type: String
state
The state of the customer gateway.
Type: String
Valid values: pending | available | deleting | deleted
type
The type of customer gateway. Currently the only supported type is ipsec.1.
Type: String
Valid values: ipsec.1
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
264
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
265
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The CUSTOMERGATEWAY identifier
• The ID of the customer gateway
• The state of the customer gateway (pending, available, deleting, deleted)
• The type of VPN connection the customer gateway supports (ipsec.1)
• The Internet-routable IP address of the customer gateway's outside interface
• The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)
• Any tags assigned to the customer gateway
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the customer gateway with the ID cgw-b4dc3961.
PROMPT> ec2-describe-customer-gateways cgw-b4dc3961
CUSTOMERGATEWAY cgw-b4dc3961 available ipsec.1 12.1.2.3 65534
Example 2
This example command uses filters to describe any customer gateway you own whose IP address is
12.1.2.3, and whose state is either pending or available.
API Version 2013-08-15
266
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-describe-customer-gateways --filter "ip-address=12.1.2.3" --filter
"state=pending" --filter "state=available"
CUSTOMERGATEWAY cgw-b4dc3961 available ipsec.1 12.1.2.3 65534
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeCustomerGateways
Related Commands
• ec2-create-customer-gateway (p. 85)
• ec2-delete-customer-gateway (p. 173)
API Version 2013-08-15
267
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-dhcp-options
Description
Describes one or more of your DHCP options sets.
For more information about DHCP options sets, see DHCP Options Sets in the Amazon Virtual Private
Cloud User Guide.
The short version of this command is ec2ddopt.
Syntax
ec2-describe-dhcp-options [ dhcp_options_id ... ] [[--filter "name=value"]
...]
Options
Description Name
The IDs of one or more DHCP options sets.
Type: String
Default: Describes all your DHCP options sets.
Required: No
Example: dopt-7a8b9c2d
dhcp_options_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your DHCP options sets, or only those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain sets of DHCP options.
For example, you can use a filter to specify that you're interested in sets of DHCP options with a particular
value for the domain-name option. You can specify multiple values for a filter. The response includes
information for a set of DHCP options only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify sets of DHCP options that have a specific value for
the domain-name option and a specific tag. The response includes information for a set of DHCP options
only if it matches all the filters that you specified. If there's no match, no special message is returned, the
response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
API Version 2013-08-15
268
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-dhcp-options
The following are the available filters.
dhcp-options-id
The ID of a set of DHCP options.
Type: String
key
The key for one of the options (for example, domain-name).
Type: String
value
The value for one of the options.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
269
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
270
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The DHCPOPTIONS identifier
• The ID of the DHCP options set
• The name and values for each option in the set
• Any tags assigned to the set
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the DHCP options set with the ID dopt-7a8b9c2d.
PROMPT> ec2-describe-dhcp-options dopt-7a8b9c2d
DHCPOPTIONS dopt-7a8b9c2d
OPTION domain-name mydomain.com
OPTION domain-name-servers 10.2.5.1,10.2.5.2
Example 2
This example command uses filters to describe any DHCP options set that includes a domain-name
option whose value includes the string example.
PROMPT> ec2-describe-dhcp-options --filter "key=domain-name" --filter
"value=*example*"
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeDhcpOptions
API Version 2013-08-15
271
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 89)
• ec2-delete-dhcp-options (p. 176)
API Version 2013-08-15
272
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-export-tasks
Description
Describes one or more of your export tasks, including the most recent canceled and completed tasks.
The short version of this command is ec2dxt.
Syntax
ec2-describe-export-tasks [ task_id ... ]
Options
Description Name
One or more export task IDs. These are returned by
ec2-create-instance-export-task.
Type: String
Default: Describes all your export tasks.
Required: No
task_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
273
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-export-tasks
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
274
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns information about the export task including:
• The EXPORTTASK identifier
• The ID of the task
• The status of the task
• The export progress
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes the export task with the ID export-i-fgelt0i7.
PROMPT> ec2-describe-export-tasks export-i-fgelt0i7
EXPORTTASK export-i-fgelt0i7 active i-81428ee7 vmware vmdk
myexportbucket export-i-fgelt0i7.vmdk
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeExportTasks
Related Commands
• ec2-cancel-export-task (p. 65)
• ec2-create-instance-export-task (p. 102)
API Version 2013-08-15
275
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-describe-group
Description
Describes one or more of your security groups.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For
more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide
and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2dgrp.
Syntax
ec2-describe-group [ec2_group_name_or_id | vpc_group_id ...] [[--filter
"name=value"] ...]
Options
Description Name
EC2-Classic, default VPC: One or more security group names
or IDs.
Nondefault VPC: One more security group IDs.
Type: String
Default: Describes all your security groups.
Required: No
Example: websrv
ec2_group_name_or_id or
vpc_group_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your security groups, or only those you
specified.
Required: No
Example: --filter "group-name=*webserver*"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain security groups. For
example, you can use a filter to specify that you're interested in groups whose name contains a specific
string. You can specify multiple values for a filter. The response includes information for a security group
only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify group's whose name contains a specific string, and
that give permission to another security group with a different string in its name. The response includes
information for a group only if it matches all the filters that you specified. If there's no match, no special
message is returned, the response is simply empty.
API Version 2013-08-15
276
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-group
Important
Filters are based on literal strings only. This is important to remember when you want to use
filters to return only security groups with access allowed on a specific port number or numbers.
For example, suppose that you want to get all groups that have access on port 22, and that
GroupA gives access on a range of ports using fromPort=20 and toPort=30. If you filter with
ip-permission.from-port=22 or ip-permission.to-port=22 (or both), the response
does not contain information for GroupA. You get information for GroupA only if you specify
ip-permission.from-port=20 or ip-permission.to-port=30 (or both).
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
description
The description of the security group.
Type: String
group-id
The ID of the security group.
Type: String
group-name
The name of the security group.
Type: String
ip-permission.cidr
The CIDR range that has been granted the permission.
Type: String
ip-permission.from-port
The start of port range for the TCP and UDP protocols, or an ICMP type number.
Type: String
ip-permission.group-name
The name of security group that has been granted the permission.
Type: String
ip-permission.protocol
The IP protocol for the permission.
Type: String
Valid values: tcp | udp | icmp or a protocol number
ip-permission.to-port
The end of port range for the TCP and UDP protocols, or an ICMP code.
Type: String
ip-permission.user-id
The ID of an AWS account that has been granted the permission.
Type: String
owner-id
The AWS account ID of the owner of the security group.
Type: String
tag-key
The key of a tag assigned to the security group.
Type: String
tag-value
The value of a tag assigned to the security group.
Type: String
API Version 2013-08-15
277
Amazon Elastic Compute Cloud CLI Reference
Options
vpc-id
Only return the security groups that belong to the specified EC2-VPC ID.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
API Version 2013-08-15
278
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
A line containing the group information
• The GROUP identifier
• The ID of the security group
• The AWS account ID of the owner of the security group
• The name of the security group
• A description of the security group
• [EC2-VPC] The ID of the VPC the group belongs to
One of each of the following lines for each permission defined by the group:
• The PERMISSION identifier
• The AWS account ID of the owner of the security group
• The name of the security group granting permission
• The type of rule. Currently, only ALLOWS rules are supported
API Version 2013-08-15
279
Amazon Elastic Compute Cloud CLI Reference
Output
• The protocol to allow (for example, tcp and udp)
• The start of port range
• The end of port range
• FROM for an ingress rule or TO for an egress rule
• The source type (for ingress rules) or destination type (for egress rules)
• The source (for ingress rules) or destination (for egress rules)
• [USER only] The name of the source or destination entity
• [USER only] The ID of the security group
• Whether the rule is ingress rule or an egress rule
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the security group for EC2-Classic named StandardGroup.
PROMPT> ec2-describe-group StandardGroup
GROUP sg-1a2b3c4d 111122223333 StandardGroup A standard EC2 group
PERMISSION 111122223333 StandardGroup ALLOWS tcp 80 80 FROM CIDR 102.11.43.32/32
ingress
Example 2
This example command describes the security group for EC2-VPC with the ID sg-1a2b3c4d.
PROMPT> ec2-describe-group sg-1a2b3c4d
GROUP sg-1a2b3c4d 111122223333 WebServerSG web servers vpc-1a2b3c4d
PERMISSION 111122223333 WebServerSG ALLOWS tcp 80 80 FROM CIDR 162.5.5.5/32
ingress
PERMISSION 111122223333 WebServerSG ALLOWS tcp 80 80 FROM USER 111122223333
NAME default ID sg-1a2b3c4d ingress
PERMISSION 111122223333 WebServerSG ALLOWS tcp 443 443 FROM USER 111122223333
NAME default ID sg-1a2b3c4d ingress
PERMISSION 111122223333 WebServerSG ALLOWS all TO CIDR 0.0.0.0/0 egress
PERMISSION 111122223333 WebServerSG ALLOWS tcp 433 433 TO USER 111122223333
NAME default ID sg-1a2b3c4d egress
Example 3
This example describes all security groups that grant access over TCP specifically on port 22 from
instances in either the app_server_group or database_group.
PROMPT> ec2-describe-group --filter "ip-permission.protocol=tcp"
--filter "ip-permission.from-port=22" --filter "ip-permission.to-port=22"
--filter "ip-permission.group-name=app_server_group" --filter "ip-permis
sion.group-name=database_group"
API Version 2013-08-15
280
Amazon Elastic Compute Cloud CLI Reference
Examples
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSecurityGroups
Related Commands
• ec2-authorize (p. 47)
• ec2-create-group (p. 93)
• ec2-delete-group (p. 182)
• ec2-revoke (p. 618)
API Version 2013-08-15
281
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-image-attribute
Description
Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
The short version of this command is ec2dimatt.
Syntax
ec2-describe-image-attribute ami_id {-l | -p | -B | --kernel | --ramdisk}
Options
Description Name
The ID of the AMI.
Type: String
Default: None
Required: Yes
Example: ami-4fa54026
ami_id
The launch permissions of the AMI.
Type: String
Default: None
Required: No
Example: -l
-l, --launch-permission
The product codes associated with the AMI.
Type: String
Default: None
Required: No
Example: -p
-p, --product-code
The block device mapping for the AMI.
Type: String
Default: None
Required: No
Example: -B
-B, --block-device-mapping
The ID of the kernel for the AMI.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: --kernel
--kernel
API Version 2013-08-15
282
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-image-attribute
Description Name
The ID of the RAM disk for the AMI.
Type: String
Default: None
Required: No
Example: --ramdisk
--ramdisk
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
283
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the AMI
• Information about the attribute
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
284
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command describes the launch permissions for the AMI with the ID ami-1a2b3c4d.
PROMPT> ec2-describe-image-attribute ami-1a2b3c4d -l
launchPermission ami-1a2b3c4d group all
launchPermission ami-1a2b3c4d userId 111122223333
Example 2
This example command describes the product code for the AMI with the ID ami-1a2b3c4d.
PROMPT> ec2-describe-image-attribute ami-1a2b3c4d -p
productCodes ami-1a2b3c4d productCode [marketplace: a1b2c3d4e5f6g7h8i9j10k11]
Example 3
This example command describes the RAM disk for the AMI with the ID ami-1a2b3c4d using the
--show-empty-fields option.
PROMPT> ec2-describe-image-attribute ami-1a2b3c4d --ramdisk --show-empty-fields
ramdisk ami-1a2b3c4d (nil) ari-96c527ff
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeImageAttribute
Related Commands
• ec2-describe-images (p. 286)
• ec2-modify-image-attribute (p. 518)
• ec2-reset-image-attribute (p. 600)
API Version 2013-08-15
285
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-images
Description
Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. Images available to you
include public images, private images that you own, and private images owned by other AWS accounts
but for which you have explicit launch permissions.
Launch permissions fall into three categories.
Description Launch
Permission
The owner of the image granted launch permissions for the image to the all group.
All AWS accounts have launch permissions for these images.
public
The owner of the image granted launch permissions to a specific AWS account. explicit
An AWS account has implicit launch permissions for all the images it owns. implicit
The list of images returned can be modified by specifying IDs, owners, or AWS accounts with launch
permissions. If no options are specified, Amazon EC2 returns all images for which you have launch
permissions.
If you specify one or more image IDs, only images that have the specified IDs are returned. If you specify
an image to which you don't have access, it's not included in the returned results.
If you specify one or more owners, only images from the specified owners and to which you have access
are returned. The results can include the account IDs of the specified owners—amazon for images owned
by Amazon, aws-marketplace for images owned by AWS Marketplace, or self for images that you
own.
Note
For an overview of the AWS Marketplace, see
https://aws.amazon.com/marketplace/help/200900000. For details on how to use the AWS
Marketplace, see AWS Marketplace.
If you specify a list of users with launch permissions, only images with launch permissions for those users
are returned. You can specify account IDs (if you own the images), self for images that you own or have
explicit permissions for, or all for public images.
Note
Deregistered images are included in the returned results for an unspecified interval after
deregistration.
The short version of this command is ec2dim.
Syntax
ec2-describe-images [ami_id ...] [-a] [-o owner ...] [-x user_id ...] [[--filter
"name=value"] ...]
API Version 2013-08-15
286
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-images
Options
Description Name
One or more image IDs.
Type: String
Default: Describes all images available to you.
Required: No
Example: ami-78a54011
ami_id
Describes all images available to you.
Type: String
Default: None
Required: No
Example: -a
-a, --all
Describes images owned by the specified owners. Use the
IDs amazon, aws-marketplace, and self to describe
images owned by Amazon, AWS Marketplace, or you,
respectively.
Type: String
Valid values: amazon | aws-marketplace | self | AWS
account ID | all
Default: None
Required: No
Example: -o self
-o, --owner owner
Describes images for which the specified user has explicit
launch permissions. The user can be an AWS account ID,
self to return images for which the sender of the request
has explicit launch permissions, or all to return images with
public launch permissions.
Type: String
Valid values: all | self | AWS account ID
Default: None
Required: No
Example: -x self
-x, --executable-by user_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all images available to you, or only those
you specified.
Required: No
Example: --filter "tag-value=Production"
-F, --filter name=value
API Version 2013-08-15
287
Amazon Elastic Compute Cloud CLI Reference
Options
Supported Filters
You can specify filters so that the response includes information for only certain images. For example,
you can use a filter to specify that you're interested in images that use a specific kernel. You can specify
multiple values for a filter. The response includes information for an image only if it matches at least one
of the filter values that you specified.
You can specify multiple filters; for example, specify images that use a specific kernel and use an Amazon
EBS volume as the root device. The response includes information for an image only if it matches all the
filters that you specified. If there's no match, no special message is returned, the response is simply
empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
architecture
The image architecture.
Type: String
Valid values: i386 | x86_64
block-device-mapping.delete-on-termination
Whether the Amazon EBS volume is deleted on instance termination.
Type: Boolean
block-device-mapping.device-name
The device name (for example, /dev/sdh) for the Amazon EBS volume.
Type: String
block-device-mapping.snapshot-id
The ID of the snapshot used for the Amazon EBS volume.
Type: String
block-device-mapping.volume-size
The volume size of the Amazon EBS volume, in GiB.
Type: Integer
block-device-mapping.volume-type
The volume type of the Amazon EBS volume.
Type: String
Valid values: standard | io1
description
The description of the image (provided during image creation).
Type: String
image-id
The ID of the image.
Type: String
image-type
The image type.
Type: String
Valid values: machine | kernel | ramdisk
is-public
Whether the image is public.
Type: Boolean
API Version 2013-08-15
288
Amazon Elastic Compute Cloud CLI Reference
Options
kernel-id
The kernel ID.
Type: String
manifest-location
The location of the image manifest.
Type: String
name
The name of the AMI (provided during image creation).
Type: String
owner-alias
The AWS account alias (for example, amazon).
Type: String
owner-id
The AWS account ID of the image owner.
Type: String
platform
The platform. To only list Windows-based AMIs, use windows.
Type: String
Valid value: windows
product-code
The product code.
Type: String
product-code.type
The type of the product code.
Type: String
Valid values: devpay | marketplace
ramdisk-id
The RAM disk ID.
Type: String
root-device-name
The name of the root device volume (for example, /dev/sda1).
Type: String
root-device-type
The type of the root device volume.
Type: String
Valid values: ebs | instance-store
state
The state of the image.
Type: String
Valid values: available | pending | failed
state-reason-code
The reason code for the state change.
Type: String
state-reason-message
The message for the state change.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
API Version 2013-08-15
289
Amazon Elastic Compute Cloud CLI Reference
Options
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
virtualization-type
The virtualization type.
Type: String
Valid values: paravirtual | hvm
hypervisor
The hypervisor type.
Type: String
Valid values: ovm | xen
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
290
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
291
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following rows of information for each image. Each field
is separated by a comma. Some of these values may be empty.
1. The image information
• The IMAGE identifier
• The ID of the image
• The source of the image
• The ID of the image owner
• The status of the image
• The visibility of the image (public or private)
• The product codes, if any, that are attached to the instance
• The architecture of the image (i386 or x86_64)
• The image type (machine, kernel, or ramdisk)
• The ID of the kernel associated with the image (machine images only)
• The ID of the RAM disk associated with the image (machine images only)
Important
This applies only to legacy AKIs; we recommend that you use PV-GRUB instead of kernels
and RAM disks. For more information, see PV-GRUB: A New Amazon Kernel Image in
the Amazon Elastic Compute Cloud User Guide.
• The platform of the image
• The type of root device (ebs or instance-store)
• The virtualization type (paravirtual or hvm)
• The Hypervisor type (xen or ovm)
2. Any Amazon EBS volumes associated with the instance. There will be one of the following for each
volume
• The BLOCKDEVICE identifier
• The device name
• The ID of the snapshot
• The volume size
• Indicates whether the volume is deleted on instance termination (true orfalse)
• The volume type
• The maximum IOPS of the volume
3. Any tags associated with the instance. There will be one of the following for each tag
• The TAG identifier
• The resource type identifier
• The ID of the resource
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
292
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command describes the AMI with the ID ami-1a2b3c4d.
PROMPT> ec2-describe-images ami-1a2b3c4d
IMAGE ami-1a2b3c4d amazon/getting-started-with-ebs-boot amazon available public
i386 machine aki-a13667e4 ari-a33667e6 ebs paravirtual xen
BLOCKDEVICEMAPPING /dev/sda1 snap-1a2b3c4d 15 standard
Example 2
This example filters the response to include only the public Windows images with an x86_64 architecture.
PROMPT> ec2-describe-images --filter "is-public=true" --filter "architec
ture=x86_64" --filter "platform=windows"
IMAGE ami-1a2b3c4d amazon/getting-started-with-ebs-boot amazon available
public x86_64 machine windows ebs hvm xen
IMAGE ami-2a2b3c4d amazon/SqlSvrStd2003r2-x86_64-Win-v1.07 amazon available
public x86_64 machine windows instance-store hvm xen
...
Example 3
This example filters the results to display only images with an AWS Marketplace product code.
PROMPT> ec2-describe-images -F product-code.type=marketplace -o self
IMAGE ami-1a2b3c4d 111122223333/My MP Image 111122223333 available private
[marketplace: a1b2c3d4e5f6g7h8i9j10k11] i386 machine ebs paravirtual xen
BLOCKDEVICEMAPPING /dev/sda1 snap-2de0d457 15 standard
BLOCKDEVICEMAPPING /dev/sdb snap-27e0d45d 100 standard
...
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeImages
Related Commands
• ec2-describe-image-attribute (p. 282)
API Version 2013-08-15
293
Amazon Elastic Compute Cloud CLI Reference
Examples
• ec2-describe-instances (p. 307)
API Version 2013-08-15
294
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-instance-attribute
Description
Describes the specified attribute of the specified instance. You can specify only one attribute at a time.
The short version of this command is ec2dinatt.
Syntax
ec2-describe-instance-attribute instance_id { --block-device-mapping |
--ebs-optimized | --disable-api-termination | --group-id |
--instance-initiated-shutdown-behavior | --instance-type | --kernel |
--product-code | --ramdisk | --root-device-name | --source-dest-check |
--user-data }
Options
Description Name
The ID of the instance.
Type: String
Required: Yes
Example: i-43a4412a
instance_id
The block device mapping for the instance.
Type: String
Required: No
Example: -b
-b, --block-device-mapping
Indicates whether the instance can be terminated using the
Amazon EC2 console, CLI, and API.
Type: Boolean
Required: No
Example: --disable-api-termination
--disable-api-termination
Indicates whether the instance is optimized for EBS I/O.
Type: Boolean
Required: No
Example: --ebs-optimized
--ebs-optimized Boolean
The security groups associated with the instance.
Type: String
Required: No
Example: -g
-g, --group-id
The product codes associated with an instance. Each product
code includes a product code and type.
Type: String
Required: No
Example: -p
-p, --product-code
API Version 2013-08-15
295
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-instance-attribute
Description Name
Indicates whether an instance stops or terminates when you
initiate shutdown from the instance (using the operating
system command for system shutdown).
Type: String
Required: No
Example: --instance-initiated-shutdown-behavior
--instance-initiated-shutdown-behavior
The instance type of the instance. See Available Instance
Types for more information.
Type: String
Required: No
Example: -t
-t, --instance-type
The ID of the kernel associated with the AMI.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Required: No
Example: --kernel
--kernel
The ID of the RAM disk associated with the AMI.
Type: String
Required: No
Example: --ramdisk
--ramdisk
The name of the root device (for example, /dev/sda1).
Type: String
Required: No
Example: --root-device-name
--root-device-name
Indicates whether source/destination checking is enabled. A
value of true means checking is enabled, and false means
checking is disabled. This value must be false for a NAT
instance to perform NAT. For more information, see NAT
Instances in the Amazon Virtual Private Cloud User Guide.
Type: String
Required: No
Example: --source-dest-check
--source-dest-check
Any user data made available to the instance.
Type: String
Required: No
Example: --user-data
--user-data
API Version 2013-08-15
296
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
297
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• If the --block-device-mapping attribute is requested, one of the following for each Amazon EBS
volume:
• The BLOCKDEVICE identifier
• The device name
• The ID of the volume
• The timestamp
• The DeleteOnTermination attribute value
• For all other attributes:
• The attribute type identifier
• The ID of the instance
• The attribute or attribute list item value
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
298
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command describes the instance type of the instance with the ID i-10a64379.
PROMPT> ec2-describe-instance-attribute i-10a64379 --instance-type
instanceType i-10a64379 t1.micro
Example 2
This example command lists the current value of the InstanceInitiatedShutdownBehavior attribute
for the i-10a64379 instance.
PROMPT> ec2-describe-instance-attribute i-10a64379 --initiated-shutdown-behavior
instanceInitiatedShutdownBehavior i-10a64379 stop
Example 3
This example command lists the current value of the DisableApiTermination attribute for the
i-10a64379 instance.
PROMPT> ec2-describe-instance-attribute i-10a64379 --disable-api-termination
disableApiTermination i-10a64379 false
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeInstanceAttribute
Related Commands
• ec2-describe-instances (p. 307)
• ec2-modify-instance-attribute (p. 523)
• ec2-reset-instance-attribute (p. 603)
API Version 2013-08-15
299
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-instance-status
Description
Describes the status of one or more instances, including any scheduled events.
Instance status has two main components:
• System Status reports impaired functionality that stems from issues related to the systems that support
an instance, such as such as hardware failures and network connectivity problems. The
DescribeInstanceStatus response elements report such problems as impaired reachability.
• Instance Status reports impaired functionality that arises from problems internal to the instance. The
DescribeInstanceStatus response elements report such problems as impaired reachability.
Instance status provides information about four types of scheduled events for an instance that may require
your attention:
• Scheduled Reboot: When Amazon EC2 determines that an instance must be rebooted, the instances
status will return one of two event codes: system-reboot or instance-reboot. System reboot
commonly occurs if certain maintenance or upgrade operations require a reboot of the underlying host
that supports an instance. Instance reboot commonly occurs if the instance must be rebooted, rather
than the underlying host. Rebooting events include a scheduled start and end time.
• System Maintenance: When Amazon EC2 determines that an instance requires maintenance that
requires power or network impact, the instance's status will return an event code called
system-maintenance. System maintenance is either power maintenance or network maintenance.
For power maintenance, your instance will be unavailable for a brief period of time and then rebooted.
For network maintenance, your instance will experience a brief loss of network connectivity. System
maintenance events include a scheduled start and end time. You will also be notified by email if one
of your instances is set for system maintenance. The email message indicates when your instance is
scheduled for maintenance.
• Scheduled Retirement: When Amazon EC2 determines that an instance must be shut down, the
instance's status returns an event code called instance-retirement. Retirement commonly occurs
when the underlying host is degraded and must be replaced. Retirement events include a scheduled
start and end time. You will also be notified by email if one of your instances is set to retiring. The email
message indicates when your instance will be permanently retired.
• Scheduled Stop: When Amazon EC2 determines that an instance must be shut down, the instances
status returns an event code called instance-stop. Stop events include a scheduled start and end
time. You will also be notified by email if one of your instances is set to stop. The email message
indicates when your instance will be stopped.
When your instance is retired, it will either be terminated (if its root device type is the instance-store) or
stopped (if its root device type is an EBS volume). Instances stopped due to retirement will not be restarted,
but you can do so manually.You can also avoid retirement of EBS-backed instances by manually restarting
your instance when its event code is instance-retirement. This ensures that your instance is started
on a different underlying host.
The short version of this command is ec2dins.
Syntax
ec2-describe-instance-status [instance_id ...] [-I, --hide-healthy ...] [-A,
--include-all-instances ...] [[--filter "name=value"] ...]
API Version 2013-08-15
300
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-instance-status
Options
Description Name
One or more instance IDs.
Type: String
Default: Describes all your instances.
Constraints: Maximum 100 explicitly specified instance IDs.
Required: No
Example: i-15a4417c
instance_id
Hide instances where all status checks pass.
Required: No
-I, --hide-healthy
Describes all running and non-running instances.
Required: No
-A, --include-all-instances
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your instances, or only those you
specified.
Required: No
Example: --filter "system-status.status=impaired"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain instances. For example,
you can use a filter to specify that you're interested in instances in a specific Availability Zone. You can
specify multiple values for a filter. The response includes information for an instance only if it matches at
least one of the filter values that you specified.
You can specify multiple filters; for example, specify instances that are in a specific Availability Zone and
have a status of retiring. The response includes information for an instance only if it matches all the
filters that you specified. If there's no match, no special message is returned, the response is simply
empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
availability-zone
The Availability Zone of the instance.
Type: String
event.code
The code identifying the type of event.
Type: String
API Version 2013-08-15
301
Amazon Elastic Compute Cloud CLI Reference
Options
Valid values: instance-reboot | system-reboot | system-maintenance |
instance-retirement | instance-stop
event.description
A description of the event.
Type: String
event.not-after
The latest end time for the scheduled event.
Type: DateTime
event.not-before
The earliest start time for the scheduled event.
Type: DateTime
instance-state-name
The state of the instance.
Type: String
Valid values: pending | running | shutting-down | terminated | stopping | stopped
instance-state-code
A code representing the state of the instance. The high byte is an opaque internal value and should
be ignored. The low byte is set based on the state represented
Type: Integer (16-bit unsigned integer)
Valid values: 0 (pending) | 16 (running) | 32 (shutting-down) | 48 (terminated) | 64 (stopping) | 80
(stopped)
system-status.status
The system status of the instance.
Type: String
Valid values: ok | impaired | initializing | insufficient-data | not-applicable
system-status.reachability
Filters on system status where the name is reachability.
Type: String
Valid values: passed | failed | initializing | insufficient-data
instance-status.status
The status of the instance.
Type: String
Valid values: ok | impaired | initializing | insufficient-data | not-applicable
instance-status.reachability
Filters on instance status where the name is reachability.
Type: String
Valid values: passed | failed |initializing | insufficient-data
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
302
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
303
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
The instance information
• The INSTANCE identifier
• The ID of the instance
• The availability zone of the instance
• The state name of the instance
• The state code of the instance
• The status of the instance
• The host system status
• The instance retirement status
• The instance retirement date
The host system status information
• The SYSTEMSTATUS identifier
• The host system status name
• The host system status
• The date and time that the host system became impaired, if applicable
The instance status information
• The INSTANCESTATUS identifier
• The instance status name
• The instance status
• The date and time that the instance became impaired, if applicable
API Version 2013-08-15
304
Amazon Elastic Compute Cloud CLI Reference
Output
Any events scheduled for the instance
• The EVENT identifier
• The event type
• The date and time of the opening of the event window
• The date and time of the closing of the event window
• The event description
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes the current state of the instances you own.
ec2-describe-instance-status
INSTANCE i-1a2b3c4d us-east-1d running 16 ok ok active
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
INSTANCE i-2a2b3c4d us-east-1d running 16 ok ok active
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
INSTANCE i-3a2b3c4d us-east-1d running 16 ok ok active
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
INSTANCE i-4a2b3c4d us-east-1d running 16 ok ok retiring YYYY-MM-DDTHH:MM:SS+0000
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
EVENT instance-stop YYYY-MM-DDTHH:MM:SS+0000 The instance is running on degraded
hardware
INSTANCE i-5a2b3c4d us-east-1d running 16 ok ok retiring YYYY-MM-DDTHH:MM:SS+0000
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
EVENT instance-retiring YYYY-MM-DDTHH:MM:SS+0000 The instance is running on
degraded hardware
INSTANCE i-6a2b3c4d us-east-1d running 16 ok ok retiring YYYY-MM-DDTHH:MM:SS+0000
SYSTEMSTATUS reachability passed
INSTANCESTATUS reachability passed
EVENT instance-stop YYYY-MM-DDTHH:MM:SS+0000 The instance is running on degraded
hardware
Related Topics
Download
• Getting Started with the Command Line Tools
API Version 2013-08-15
305
Amazon Elastic Compute Cloud CLI Reference
Examples
Related Action
• DescribeInstanceStatus
Related Commands
• ec2-report-instance-status (p. 584)
API Version 2013-08-15
306
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-instances
Description
Describes one or more of your instances.
If you specify one or more instance IDs, Amazon EC2 returns information for those instances. If you do
not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an
instance that you do not own, it's not included in the output.
Recently terminated instances might appear in the output. This interval is usually less than one hour.
The short version of this command is ec2din.
Syntax
ec2-describe-instances [instance_id ...] [[--filter "name=value"] ...]
Options
Description Name
One or more instance IDs.
Type: String
Default: Describes all your instances.
Required: No
Example: i-15a4417c
instance_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your instances, or only those you
specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain instances. For example,
you can use a filter to specify that you're interested in instances launched with a specific key pair. You
can specify multiple values for a filter. The response includes information for an instance only if it matches
at least one of the filter values that you specified.
You can specify multiple filters; for example, specify instances that are launched with a specific key pair
and use an Amazon EBS volume as the root device. The response includes information for an instance
only if it matches all the filters that you specified. If there's no match, no special message is returned, the
response is simply empty.
API Version 2013-08-15
307
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-instances
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
architecture
The instance architecture.
Type: String
Valid values: i386 | x86_64
availability-zone
The Availability Zone of the instance.
Type: String
block-device-mapping.attach-time
The attach time for an Amazon EBS volume mapped to the instance (for example,
2010-09-15T17:15:20.000Z)
Type: DateTime
block-device-mapping.delete-on-termination
Indicates whether the Amazon EBS volume is deleted on instance termination.
Type: Boolean
block-device-mapping.device-name
The device name (for example, /dev/sdh) for the Amazon EBS volume.
Type: String
block-device-mapping.status
The status for the Amazon EBS volume.
Type: String
Valid values: attaching | attached | detaching | detached
block-device-mapping.volume-id
The volume ID of the Amazon EBS volume.
Type: String
client-token
The idempotency token you provided when you launched the instance.
Type: String
dns-name
The public DNS name of the instance.
Type: String
group-id
The ID of the security group for the instance. If the instance is in EC2-Classic or a default VPC, you
can use group-name instead.
Type: String
group-name
The name of the security group for the instance. If the instance is in a nondefault VPC, you must use
group-id instead.
Type: String
image-id
The ID of the image used to launch the instance.
Type: String
instance-id
The ID of the instance.
Type: String
API Version 2013-08-15
308
Amazon Elastic Compute Cloud CLI Reference
Options
instance-lifecycle
Indicates whether this is a Spot Instance.
Type: String
Valid values: spot
instance-state-code
The state of the instance. The high byte is an opaque internal value and should be ignored. The low
byte is set based on the state represented.
Type: Integer (16-bit unsigned integer)
Valid values: 0 (pending) | 16 (running) | 32 (shutting-down) | 48 (terminated) | 64 (stopping) | 80
(stopped)
instance-state-name
The state of the instance.
Type: String
Valid values: pending | running | shutting-down | terminated | stopping | stopped
instance-type
The type of instance (for example, m1.small).
Type: String
instance.group-id
The ID of the security group for the instance. If the instance is in EC2-Classic or a default VPC, you
can use instance.group-name instead.
Type: String
instance.group-name
The name of the security group for the instance. If the instance is in a nondefault VPC, you must use
instance.group-id instead.
Type: String
ip-address
The public IP address of the instance.
Type: String
kernel-id
The kernel ID.
Type: String
key-name
The name of the key pair used when the instance was launched.
Type: String
launch-index
When launching multiple instances, this is the index for the instance in the launch group (for example,
0, 1, 2, and so on).
Type: String
launch-time
The time the instance was launched (for example, 2010-08-07T11:54:42.000Z).
Type: DateTime
monitoring-state
Indicates whether monitoring is enabled for the instance.
Type: String
Valid values: disabled | enabled
owner-id
The AWS account ID of the instance owner.
Type: String
placement-group-name
The name of the placement group for the instance.
API Version 2013-08-15
309
Amazon Elastic Compute Cloud CLI Reference
Options
Type: String
platform
The platform. Use windows if you have Windows based instances; otherwise, leave blank.
Type: String
Valid value: windows
private-dns-name
The private DNS name of the instance.
Type: String
private-ip-address
The private IP address of the instance.
Type: String
product-code
The product code associated with the AMI used to launch the instance.
Type: String
product-code.type
The type of product code.
Type: String
Valid values: devpay | marketplace
ramdisk-id
The RAM disk ID.
Type: String
reason
The reason for the current state of the instance (for example, shows "User Initiated [date]" when you
stop or terminate the instance). Similar to the state-reason-code filter.
Type: String
requester-id
The ID of the entity that launched the instance on your behalf (for example, AWS Management
Console, Auto Scaling, and so on)
Type: String
reservation-id
The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A
reservation ID has a one-to-one relationship with an instance launch request, but can be associated
with more than one instance if you launch multiple instances using the same launch request. For
example, if you launch one instance, you'll get one reservation ID. If you launch ten instances using
the same launch request, you'll also get one reservation ID.
Type: String
root-device-name
The name of the root device for the instance (for example, /dev/sda1).
Type: String
root-device-type
The type of root device the instance uses.
Type: String
Valid values: ebs | instance-store
source-dest-check
Indicates whether the instance performs source/destination checking. A value of true means that
checking is enabled, and false means checking is disabled. The value must be false for the
instance to perform network address translation (NAT) in your VPC.
Type: Boolean
spot-instance-request-id
The ID of the Spot Instance request.
API Version 2013-08-15
310
Amazon Elastic Compute Cloud CLI Reference
Options
Type: String
state-reason-code
The reason code for the state change.
Type: String
state-reason-message
A message that describes the state change.
Type: String
subnet-id
The ID of the subnet for the instance.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
virtualization-type
The virtualization type of the instance.
Type: String
Valid values: paravirtual | hvm
vpc-id
The ID of the VPC the instance is running in.
Type: String
hypervisor
The hypervisor type of the instance.
Type: String
Valid values: ovm | xen
network-interface.description
The description of the network interface.
Type: String
network-interface.subnet-id
The ID of the subnet for the network interface.
Type: String
network-interface.vpc-id
The ID of the VPC for the network interface.
Type: String
network-interface.network-interface.id
The ID of the network interface.
API Version 2013-08-15
311
Amazon Elastic Compute Cloud CLI Reference
Options
Type: String
network-interface.owner-id
The ID of the owner of the network interface.
Type: String
network-interface.availability-zone
The availability zone for the network interface.
Type: String
network-interface.requester-id
The requester ID for the network interface.
Type: String
network-interface.requester-managed
Indicates whether the network interface is being managed by AWS.
Type: Boolean
network-interface.status
The status of the network interface.
Type: String
Valid values: available | in-use
network-interface.mac-address
The MAC address of the network interface.
Type: String
Valid values: available | in-use
network-interface-private-dns-name
The private DNS name of the network interface.
Type: String
network-interface.source-destination-check
Whether the network interface performs source/destination checking. A value of true means checking
is enabled, and false means checking is disabled. The value must be false for the network interface
to perform network address translation (NAT) in your VPC.
Type: Boolean
network-interface.group-id
The ID of a security group associated with the network interface.
Type: String
network-interface.group-name
The name of a security group associated with the network interface.
Type: String
network-interface.attachment.attachment-id
The ID of the interface attachment.
Type: String
network-interface.attachment.instance-id
The ID of the instance to which the network interface is attached.
Type: String
network-interface.attachment.instance-owner-id
The owner ID of the instance to which the network interface is attached.
Type: String
network-interface.addresses.private-ip-address
The private IP address associated with the network interface.
Type: String
network-interface.attachment.device-index
The device index to which the network interface is attached.
API Version 2013-08-15
312
Amazon Elastic Compute Cloud CLI Reference
Options
Type: Integer
network-interface.attachment.status
The status of the attachment.
Type: String
Valid values: attaching | attached | detaching | detached
network-interface.attachment.attach-time
The time that the network interface was attached to an instance.
Type: Date
network-interface.attachment.delete-on-termination
Specifies whether the attachment is deleted when an instance is terminated.
Type: Boolean
network-interface.addresses.primary
Specifies whether the IP address of the network interface is the primary private IP address.
Type: Boolean
network-interface.addresses.association.public-ip
The ID of the association of an Elastic IP address with a network interface.
Type: String
network-interface.addresses.association.ip-owner-id
The owner ID of the private IP address associated with the network interface.
Type: String
association.public-ip
The address of the Elastic IP address bound to the network interface.
Type: String
association.ip-owner-id
The owner of the Elastic IP address associated with the network interface.
Type: String
association.allocation-id
The allocation ID that AWS returned when you allocated the Elastic IP address for your network
interface.
Type: String
association.association-id
The association ID returned when the network interface was associated with an IP address.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
313
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
314
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following rows of information for each instance. Each
field is separated by a comma. Some of these values may be empty.
1. The reservation information
• The RESERVATION identifier
• The ID of the reservation
• The AWS account ID of the instance owner
• The name of each security group the instance is in
2. The instance information
• The INSTANCE identifier
• The ID of the instance
• The AMI ID of the image on which the instance is based
• The public DNS name associated with the instance. This is only present for instances in the running
state.
• The private DNS name associated with the instance. This is only present for instances in the running
state.
• The state of the instance
• The key name. If a key was associated with the instance at launch, its name will appear.
• The AMI launch index
• The product codes associated with the instance
• The instance type
• The instance launch time
• The Availability Zone
• The ID of the kernel
• The ID of the RAM disk
• The platform (windows or empty)
• The monitoring state
• The public IP address
• The private IP address
• [EC2-VPC] The ID of the VPC
• [EC2-VPC] The ID of the subnet
• The type of root device (ebs or instance-store)
• The instance lifecycle
• The Spot Instance request ID
API Version 2013-08-15
315
Amazon Elastic Compute Cloud CLI Reference
Output
• The instance license
• The placement group the cluster instance is in
• The virtualization type (paravirtual or hvm)
• The hypervisor type (xen or ovm)
• The client token
• The ID of each security group the instance is in
• The tenancy of the instance (default or dedicated)
• Whether or not the instance is EBS optimized (true or false)
• The Amazon Resource Name (ARN) of the IAM role
3. Any Amazon EBS volumes associated with the instance. There will be one of the following for each
volume
• The BLOCKDEVICE identifier
• The device name
• The ID of the volume
• The volume attach timestamp
• Indicates whether the volume is deleted on instance termination (true or false)
• The volume type
• The I/O operations per second (IOPS)
4. [EC2-VPC] The network interface information. There will be a set of the following for each network
interface
a. The network interface information
• The NIC identifier
• The ID of the network interface
• The ID of the subnet
• The ID of the VPC
• The owner ID
• The network interface status
• The private IP address of the network interface
• The private DNS name
• Whether or not source destination check is enabled (true or false)
b. The network interface attachment information
• The NICATTACHMENT identifier
• The attachment ID
• The device index
• The device status
• The attachment timestamp
• Whether or not the attachment is deleted on termination (true or false)
c. The network interface association information
• The NICASSOCIATION identifier
• The public IP address
• The public IP address owner
• The private IP address
d. The security group information
• The GROUP identifier
• The security group identifier
• The security group name
API Version 2013-08-15
316
Amazon Elastic Compute Cloud CLI Reference
Output
e. The private IP address information
• The PRIVATEIPADDRESS identifier
• The private IP address
5. Any tags associated with the instance. There will be one of the following for each tag
• The TAG identifier
• The resource type identifier
• The ID of the resource
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes all instances you own.
PROMPT> ec2-describe-instances
RESERVATION r-1a2b3c4d 111122223333 my-security-group
INSTANCE i-1a2b3c4d ami-1a2b3c4d ec2-67-202-51-223.compute-1.amazonaws.com ip-
10-251-50-35.ec2.internal running my-key-pair 0 t1.micro YYYY-MM-
DDTHH:MM:SS+0000 us-west-2a aki-1a2b3c4d monitoring-disabled 184.73.10.99
10.254.170.223 ebs paravirtual xen ABCDE1234567890123 sg-1a2b3c4d default
false
BLOCKDEVICE /dev/sda1 vol-1a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
RESERVATION r-2a2b3c4d 111122223333 another-security-group
INSTANCE i-2a2b3c4d ami-2a2b3c4d ec2-67-202-51-223.compute-1.amazonaws.com ip-
10-251-50-35.ec2.internal running my-key-pair 0 t1.micro YYYY-MM-
DDTHH:MM:SS+0000 us-west-2c windows monitoring-disabled 50.112.203.9
10.244.168.218 ebs hvm xen ABCDE1234567890123 sg-2a2b3c4d default false
BLOCKDEVICE /dev/sda1 vol-2a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
Example 2
This example describes only the instances that have the m1.small or m1.large instance type and an
attached Amazon EBS volume that will be deleted on termination.
PROMPT> ec2-describe-instances --filter "instance-type=m1.small" --filter "in
stance-type=m1.large" --filter "block-device-mapping.status=attached" --filter
"block-device-mapping.delete-on-termination=true"
RESERVATION r-1a2b3c4d 111122223333 my-security-group
INSTANCE i-1a2b3c4d ami-1a2b3c4d ec2-67-202-51-223.compute-1.amazonaws.com ip-
10-251-50-35.ec2.internal running my-key-pair 0 t1.micro YYYY-MM-
DDTHH:MM:SS+0000 us-west-2a aki-1a2b3c4d monitoring-disabled 184.73.10.99
10.254.170.223 ebs paravirtual xen ABCDE1234567890123 sg-1a2b3c4d default
false
BLOCKDEVICE /dev/sdb vol-1a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
API Version 2013-08-15
317
Amazon Elastic Compute Cloud CLI Reference
Examples
Example 3
This example command describes all your instances that are running in a VPC.
PROMPT> ec2-describe-instances --filter "vpc-id=*"
RESERVATION r-1a2b3c4d 111122223333
INSTANCE i-1a2b3c4d ami-1a2b3c4d running my-key-pair 0 m1.small YYYY-MM-
DDTHH:MM:SS+0000 us-west-2b windows monitoring-disabled 50.112.172.209
10.0.0.167 vpc-1a2b3c4d subnet-1a2b3c4d ebs hvm xen ABCDE1234567890123 sg-
1a2b3c4d default false
BLOCKDEVICE /dev/sdb vol-1a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
NIC eni-1a2b3c4d subnet-1a2b3c4d vpc-1a2b3c4d 111122223333 in-use 10.0.1.167
true
NICATTACHMENT eni-attach-1a2b3c4d 0 attached YYYY-MM-DDTHH:MM:SS+0000 true
GROUP sg-1a2b3c4d my-security-group
PRIVATEIPADDRESS 10.0.1.167
PRIVATEIPADDRESS 10.0.1.12
TAG instance i-1a2b3c4d Name Windows
RESERVATION r-2a2b3c4d 111122223333
INSTANCE i-2a2b3c4d ami-2a2b3c4d running my-key-pair 0 c1.medium YYYY-MM-
DDTHH:MM:SS+0000 us-west-2b aki-1a2b3c4d monitoring-disabled 50.112.172.209
10.0.0.233 vpc-1a2b3c4d subnet-1a2b3c4d ebs hvm xen ABCDE1234567890123 sg-
1a2b3c4d default false
BLOCKDEVICE /dev/sda1 vol-2a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
NIC eni-2a2b3c4d subnet-1a2b3c4d vpc-1a2b3c4d 111122223333 in-use 10.0.1.233
true
NICATTACHMENT eni-attach-2a2b3c4d 0 attached YYYY-MM-DDTHH:MM:SS+0000 true
GROUP sg-1a2b3c4d my-security-group
PRIVATEIPADDRESS 10.0.1.233
PRIVATEIPADDRESS 10.0.1.20
TAG instance i-1a2b3c4d Name Linux
Example 4
This example command describes any instances with a network interface that has a private IP address
of 10.0.0.120.
PROMPT> ec2-describe-instances --filter "network-interface.addresses.private-
ip-address=10.0.0.120"
RESERVATION r-1a2b3c4d 111122223333
INSTANCE i-1a2b3c4d ami-1a2b3c4d running my-key-pair 0 c1.medium YYYY-MM-
DDTHH:MM:SS+0000 us-west-2b aki-1a2b3c4d monitoring-disabled 50.112.172.209
10.0.0.98 vpc-1a2b3c4d subnet-1a2b3c4d ebs hvm xen ABCDE1234567890123 sg-
1a2b3c4d default false
BLOCKDEVICE /dev/sdb vol-1a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
NIC eni-1a2b3c4d subnet-1a2b3c4d vpc-1a2b3c4d 111122223333 in-use 10.0.1.98
true
NICATTACHMENT eni-attach-1a2b3c4d 0 attached YYYY-MM-DDTHH:MM:SS+0000 true
GROUP sg-1a2b3c4d my-security-group
PRIVATEIPADDRESS 10.0.0.98
PRIVATEIPADDRESS 10.0.0.120
API Version 2013-08-15
318
Amazon Elastic Compute Cloud CLI Reference
Examples
Example 5
This example command describes any instances that have a tag with the key Owner and the value
DbAdmin.
PROMPT> ec2-describe-instances --filter "tag:Owner=DbAdmin"
RESERVATION r-1a2b3c4d 111122223333
INSTANCE i-1a2b3c4d ami-1a2b3c4d running my-key-pair 0 c1.medium YYYY-MM-
DDTHH:MM:SS+0000 us-west-2b aki-1a2b3c4d monitoring-disabled 50.112.172.209
10.0.0.98 vpc-1a2b3c4d subnet-1a2b3c4d ebs hvm xen ABCDE1234567890123 sg-
1a2b3c4d default false
BLOCKDEVICE /dev/sdb vol-1a2b3c4d YYYY-MM-DDTHH:MM:SS.SSSZ true
TAG instance i-1a2b3c4d Owner DbAdmin
To list all instances that have a tag with the key Owner, regardless of the value of the tag, use the following
command.
PROMPT> ec2-describe-instances --filter "tag-key=Owner"
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeInstances
Related Commands
• ec2-run-instances (p. 624)
• ec2-start-instances (p. 637)
• ec2-stop-instances (p. 640)
• ec2-terminate-instances (p. 644)
API Version 2013-08-15
319
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-internet-gateways
Description
Describes one or more of your Internet gateways.
The short version of this command is ec2digw.
Syntax
ec2-describe-internet-gateways [internet_gateway_id ...] [[--filter "name=value"]
...]
Options
Description Name
One or more Internet gateway IDs.
Type: String
Default: Describes all your Internet gateways.
Required: No
Example: igw-15a4417c
internet_gateway_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Internet gateways, or only those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain Internet gateways. For
example, you can use a filter to specify that you're interested in the Internet gateways with particular tags.
You can specify multiple values for a filter. The response includes information for an Internet gateway
only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify Internet gateways that are attached to a specific
VPC and have a specific tag. The response includes information for an Internet gateway only if it matches
all the filters that you specified. If there's no match, no special message is returned, the response is simply
empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
API Version 2013-08-15
320
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-internet-gateways
attachment.state
The current state of the attachment between the gateway and the VPC. Returned only if a VPC is
attached.
Type: String
Valid value: available
attachment.vpc-id
The ID of an attached VPC.
Type: String
internet-gateway-id
The ID of the Internet gateway.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
321
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
322
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The INTERNETGATEWAY identifier
• The ID of the Internet gateway
• The ATTACHMENT identifier
• The ID of the VPC (if the gateway is attached to a VPC)
• The state of the attachment (attaching, attached, detaching, detached)
• Any tags assigned to the Internet gateway
Examples
Example
This example command describes your Internet gateways.
PROMPT> ec2-describe-internet-gateways
INTERNETGATEWAY igw-dfa045b6
ATTACHMENT vpc-d9a045b0 available
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeInternetGateways
Related Commands
• ec2-attach-internet-gateway (p. 34)
• ec2-create-internet-gateway (p. 106)
• ec2-delete-internet-gateway (p. 186)
• ec2-detach-internet-gateway (p. 454)
API Version 2013-08-15
323
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-describe-keypairs
Description
Describes one or more of your key pairs.
The short version of this command is ec2dkey.
Syntax
ec2-describe-keypairs [keypair_name ...] [[--filter "name=value"] ...]
Options
Description Name
One or more key pair names.
Type: String
Default: Describes all your key pairs.
Required: No
Example: my-key-pair
keypair_name
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your key pairs, or only those you
specified.
Required: No
Example: --filter "tag-name=*Dave*"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain key pairs. For example,
you can use a filter to specify that you're interested in key pairs whose names include the string Dave.
You can specify multiple values for a filter. The response includes information for a key pair only if it
matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify key pairs whose names include the string Dave and
whose fingerprint is a specific value. The response includes information for a key pair only if it matches
all the filters that you specified. If there's no match, no special message is returned, the response is simply
empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
API Version 2013-08-15
324
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-keypairs
fingerprint
The fingerprint of the key pair.
Type: String
key-name
The name of the key pair.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
325
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains one of the following for each key pair:
• The KEYPAIR identifier
• The key pair name
• The private key fingerprint
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
326
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command describes the key pair named my-key-pair.
PROMPT> ec2-describe-keypairs my-key-pair
KEYPAIR my-key-pair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
Example Request
This example filters the response to include only key pairs whose names include the string Dave.
PROMPT> ec2-describe-keypairs --filter "key-name=*Dave*"
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeKeyPairs
Related Commands
• ec2-create-keypair (p. 109)
• ec2-delete-keypair (p. 189)
• ec2-import-keypair (p. 502)
API Version 2013-08-15
327
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-network-acls
Description
Describes one or more of your network ACLs.
For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2dnacl.
Syntax
ec2-describe-network-acls [network_acl_id...] [[--filter "name=value"] ...]
Options
Description Name
One or more network ACL IDs.
Type: String
Default: Describes all network ACLs in the VPC.
Required: No
Example: acl-7aa34613
network_acl_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all network ACLs in the VPC, or only those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain ACLs. For example, you
can use a filter to specify that you're interested in the ACLs associated with a particular subnet. You can
specify multiple values for a filter. The response includes information for an ACL only if it matches at least
one of the filter values that you specified.
You can specify multiple filters; for example, specify ACLs that are associated with a specific subnet and
have an egress entry that denies traffic to a specific port. The response includes information for an ACL
only if it matches all the filters that you specified. If there's no match, no special message is returned, the
response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
API Version 2013-08-15
328
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-network-acls
The following are the available filters.
association.association-id
The ID of an association ID for the ACL.
Type: String
association.network-acl-id
The ID of the network ACL involved in the association.
Type: String
association.subnet-id
The ID of the subnet involved in the association.
Type: String
default
Indicates whether the ACL is the default network ACL for the VPC.
Type: Boolean
entry.cidr
The CIDR range specified in the entry.
Type: String
entry.egress
Indicates whether the entry applies to egress traffic.
Type: Boolean
entry.icmp.code
The ICMP code specified in the entry, if any.
Type: Integer
entry.icmp.type
The ICMP type specified in the entry, if any.
Type: Integer
entry.port-range.from
The start of the port range specified in the entry.
Type: Integer
entry.port-range.to
The end of the port range specified in the entry.
Type: Integer
entry.protocol
The protocol specified in the entry.
Type: String
Valid values: tcp | udp | icmp or a protocol number
entry.rule-action
Indicates whether the entry allows or denies the matching traffic.
Type: String
Valid values: allow | deny
entry.rule-number
The number of an entry (in other words, rule) in the ACL's set of entries.
Type: Integer
network-acl-id
The ID of the network ACL.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
API Version 2013-08-15
329
Amazon Elastic Compute Cloud CLI Reference
Options
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
vpc-id
The ID of the VPC for the network ACL.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
API Version 2013-08-15
330
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
API Version 2013-08-15
331
Amazon Elastic Compute Cloud CLI Reference
Output
• The NETWORKACL, ENTRY, ASSOCIATION identifier
• The network ACL's ID, the ID of the VPC the ACL is in, and whether the ACL is the default ACL in the
VPC
• The entries (in other words, rules) contained in the ACL
• Associations between the ACL and any subnets
• Any tags assigned to the ACL
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes all your network ACLs.
PROMPT> ec2-describe-network-acls
NETWORKACL acl-5566953c vpc-5266953b default
ENTRY egress 100 allow 0.0.0.0/0 all
ENTRY egress 32767 deny 0.0.0.0/0 all
ENTRY ingress 100 allow 0.0.0.0/0 all
ENTRY ingress 32767 deny 0.0.0.0/0 all
NETWORKACL acl-5d659634 vpc-5266953b
ENTRY egress 110 allow 0.0.0.0/0 6 49152 65535
ENTRY egress 32767 deny 0.0.0.0/0 all
ENTRY ingress 110 allow 0.0.0.0/0 6 80 80
ENTRY ingress 120 allow 0.0.0.0/0 6 443 443
ENTRY ingress 32767 deny 0.0.0.0/0 all
ASSOCIATION aclassoc-5c659635 subnet-ff669596
ASSOCIATION aclassoc-c26596ab subnet-f0669599
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeNetworkAcls
Related Commands
• ec2-create-network-acl (p. 113)
• ec2-delete-network-acl (p. 192)
• ec2-replace-network-acl-association (p. 569)
• ec2-create-network-acl-entry (p. 116)
• ec2-delete-network-acl-entry (p. 195)
• ec2-replace-network-acl-entry (p. 572)
API Version 2013-08-15
332
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-network-interface-attribute
Description
Describes a network interface attribute. You can specify only one attribute at a time.
The short version of this command is ec2dnicatt.
Syntax
ec2-describe-network-interface-attribute interface_id --description description
--source-dest-check --group-set --attachment
Options
Description Name
The ID of the network interface.
Type: String
Default: None
Required: Yes
Example: eni-bc7299d4
interface_id
Describes the network interface.
Type: String
Required: Yes
-d, --description description
Indicates whether source/destination checking is enabled.
Type: String
Required: Yes
--source-dest-check
The security groups associated with the network interface.
Type: String
Required: Yes
--group-set
The attachment (if any) of the network interface.
Type: String
Required: Yes
-a, --attachment
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
333
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-network-interface-attribute
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
334
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the specified network interface attribute.
Amazon EC2 command line tools display errors on stderr.
Examples
Example Request
This example command describes the specified network interface.
PROMPT> ec2-describe-network-interface-attribute eni-b35da6da -d
NETWORKINTERFACE eni-b35da6da description
DESCRIPTION My ENI
This example command enables source/destination checking on traffic across the specified network
interface.
PROMPT> ec2-describe-network-interface-attribute eni-b35da6da --source-dest-
check
NETWORKINTERFACE eni-b35da6da sourceDestCheck
SOURCEDESTCHECK true
This example command describes the security groups for the specified network interface.
PROMPT> ec2-describe-network-interface-attribute eni-b35da6da --group-set
NETWORKINTERFACE eni-b35da6da group
GROUP sg-8ea1bce2 default
API Version 2013-08-15
335
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeNetworkInterfaceAttribute
Related Commands
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interfaces (p. 337)
• ec2-attach-network-interface (p. 37)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
336
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-network-interfaces
Description
Describes one or more of your network interfaces.
The short version of this command is ec2dnic.
Syntax
ec2-describe-network-interfaces [interface_id ...] [[--filter "name=value"]
...]
Options
Description Name
One or more network interface IDs.
Type: String
Default: Describes all your network interfaces.
Required: No
Example: eni-bc7299d4
interface_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your network interfaces, or only those
you specified.
Required: No
Example: -F "description=My ENI"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain network interfaces. For
example, you can use a filter to specify that you're interested in network interfaces launched in a specific
Availability Zone. You can specify multiple values for a filter. The response includes information for a
network interface only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify network interfaces in a specific Availability Zone,
and that have a specific owner ID. The response includes information for a network interface only if it
matches all the filters that you specified. If there's no match, no special message is returned, the response
is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
API Version 2013-08-15
337
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-network-interfaces
addresses.private-ip-address
The private IP addresses associated with the network interface.
Type: String
addresses.primary
Whether the private IP address is the primary IP address associated with the network interface.
Type: Boolean
Valid values: true | false
addresses.association.public-ip
The association ID returned when the network interface was associated with the Elastic IP address.
Type: String
addresses.association.owner-id
The owner ID of the addresses associated with the network interface.
Type: String
association.association-id
The association ID returned when the network interface was associated with an IP address.
Type: String
association.allocation-id
The allocation ID that AWS returned when you allocated the Elastic IP address for your network
interface.
Type: String
association.ip-owner-id
The owner of the Elastic IP address associated with the network interface.
Type: String
association.public-ip
The address of the Elastic IP address bound to the network interface.
Type: String
attachment.attachment-id
The ID of the interface attachment.
Type: String
attachment.instance-id
The ID of the instance to which the network interface is attached.
Type: String
attachment.instance-owner-id
The owner ID of the instance to which the network interface is attached.
Type: String
attachment.device-index
The device index to which the network interface is attached.
Type: Integer
attachment.status
The status of the attachment.
Type: String
Valid values: attaching | attached | detaching | detached
attachment.attach.time
The time that the network interface was attached to an instance.
Type: DateTime
attachment.delete-on-termination
Indicates whether the attachment is deleted when an instance is terminated.
Type: Boolean
API Version 2013-08-15
338
Amazon Elastic Compute Cloud CLI Reference
Options
availability-zone
The Availability Zone of the network interface.
Type: String
description
The description of the network interface.
Type: String
group-id
The ID of a security group associated with the network interface.
Type: String
group-name
The name of a security group associated with the network interface.
Type: String
mac-address
The MAC address of the network interface.
Type: String
network-interface-id
The ID of the network interface.
Type: String
owner-id
The AWS account ID of the network interface owner.
Type: String
private-ip-address
The private IP address or addresses of the network interface.
Type: String
private-dns-name
The private DNS name of the network interface.
Type: String
requester-id
The ID of the entity that launched the instance on your behalf (for example, AWS Management
Console, Auto Scaling, and so on).
Type: String
requester-managed
Indicates whether the network interface is being managed by an AWS service (for example, AWS
Management Console, Auto Scaling, and so on).
Type: Boolean
source-dest-check
Indicates whether the network interface performs source/destination checking. A value of true means
checking is enabled, and false means checking is disabled. The value must be false for the
network interface to perform Network Address Translation (NAT) in your VPC.
Type: Boolean
status
The status of the network interface. If the network interface is not attached to an instance, the status
shows available; if a network interface is attached to an instance the status shows in-use.
Type: String
Valid values: available | in-use
subnet-id
The ID of the subnet for the network interface.
Type: String
API Version 2013-08-15
339
Amazon Elastic Compute Cloud CLI Reference
Options
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
vpc-id
The ID of the VPC for the network interface.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
340
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
341
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
The command returns a table that contains the following information for each network interface.
• The NETWORKINTERFACE identifier
• The ID of the network interface
• The ID of the subnet
• The ID of the VPC
• The Availability Zone
• A description
• The ID of the account that created the network interface
• The ID of the entity that launched the instance on your behalf
• Indicates whether the network interface is being managed by AWS
• The status (available, attaching, in-use, detaching)
• The MAC address
• The private IP address
• The private DNS name
• Indicates whether traffic to or from the instance is validated
• The GROUP identifier
• The ID of the security group
• The name of the security group
• The ATTACHMENT identifier
• The ID of the instance
• The ID of the attachment
• The ASSOCIATION identifier
• The Elastic IP address
• The ID of the owner of the Elastic IP address
• The ID of the account that created the network association
• The ID of the association
• The private IP address
• The PRIVATEIPADDRESS identifier
• The private IP address
Amazon EC2 command line tools display errors on stderr.
Examples
Example Request
This example lists all network interfaces that you own.
PROMPT> ec2-describe-network-interfaces
NETWORKINTERFACE eni-5e318a37 subnet-c53c87ac vpc-cc3c87a5
ap-southeast-1b 053230519467 false in-use 02:81:60:c7:15:3d
10.0.0.79 true
GROUP sg-084b5664 quick-start-4
ATTACHMENT i-5a0f6b0e eni-attach-59bf7430 attached true
PRIVATEIPADDRESS 10.0.0.79
API Version 2013-08-15
342
Amazon Elastic Compute Cloud CLI Reference
Output
PRIVATEIPADDRESS 10.0.0.183
PRIVATEIPADDRESS 10.0.0.184
NETWORKINTERFACE eni-236dd74a My ENI subnet-c88a35a1 vpc-f28a359b
ap-southeast-1a 053230519467 false available 02:78:d7:32:3f:ba
10.0.0.117 true
GROUP sg-854954e9 LinuxGroup
PRIVATEIPADDRESS 10.0.0.117
NETWORKINTERFACE eni-69ce7500 Primary network interface subnet-
c
d8a35a4 vpc-f28a359b ap-southeast-1b 053230519467 false in-use
02:78:d7:18:ad:f0 10.0.1.152 true GROUP sg-dc4c51b0
quick-start-2
ATTACHMENT i-e0841fb4 eni-attach-696ba300 attached true
PRIVATEIPADDRESS 10.0.1.152
PRIVATEIPADDRESS 10.0.1.12
NETWORKINTERFACE eni-f25de69b subnet-c88a35a1 vpc-f28a359b
ap-southeast-1a 053230519467 false in-use 02:78:d7:2d:16:5b
10.0.0.133 true
This example filters for a network interface with the private IP address of 10.0.0.26.
PROMPT> ec2-describe-network-interfaces --filter "addresses.private-ip-ad
dress=10.0.0.26"
NETWORKINTERFACE eni-4cba0725 subnet-73ba071a vpc-6bba0702
ap-southeast-1b 013274050172 false available
02:75:3f:8e:3a:d3 10.0.0.26 true
GROUP sg-8fb3a1e3 default ASSOCIATION 203.0.113.12 013274050172
eipassoc-f008b799 10.0.0.26
PRIVATEIPADDRESS 10.0.0.26
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeNetworkInterfaces
Related Commands
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-attach-network-interface (p. 37)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
343
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-placement-groups
Description
Describes one or more of your placement groups. For more information about placement groups and
cluster instances, see Cluster Instances in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2dpgrp.
ec2-describe-placement-groups [group_name ...] [[--filter "name=value"] ...]
Options
Description Name
One or more placement group names.
Type: String
Default: Describes all placement groups you own.
Required: No
Example: XYZ-cluster
group_name
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your placement groups, or only those
you specified.
Required: No
Example: --filter "group-name=*Project*"
-F, --filter name=value
Supported Filters
You can specify filter so that the response includes information for only certain placement groups. For
example, you can use a filter to specify that you're interested in groups in the deleted state. You can
specify multiple values for a filter. The response includes information for a placement group only if it
matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify group's that are in the deleted state and have a
name that includes the string Project. The response includes information for a group only if it matches
all your filters. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
group-name
The name of the placement group.
Type: String
API Version 2013-08-15
344
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-placement-groups
state
The state of the placement group.
Type: String
Valid values: pending | available | deleting | deleted
strategy
The strategy of the placement group.
Type: String
Valid value: cluster
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
345
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the following information:
• The PLACEMENTGROUP identifier
• The placement group name
• The placement strategy
• The state of the placement group
API Version 2013-08-15
346
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command describes all your placement groups.
PROMPT> ec2-describe-placement-groups
PLACEMENTGROUP XYZ-cluster cluster available
PLACEMENTGROUP ABC-cluster cluster available
Example 2
This example filters the response to include only placement groups that include the string Project in
the name.
PROMPT> ec2-describe-placement-groups --filter "group-name=*Project*"
PLACEMENTGROUP Project-cluster cluster available
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribePlacementGroups
Related Commands
• ec2-create-placement-group (p. 125)
• ec2-delete-placement-group (p. 202)
API Version 2013-08-15
347
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-regions
Description
Describes one or more of the regions that are available to you.
For a list of the regions supported by Amazon EC2, see Regions and Endpoints.
The short version of this command is ec2dre.
Syntax
ec2-describe-regions [region...] [[--filter "name=value"] ...]
Options
Description Name
One or more region names.
Type: String
Default: Describes all your regions.
Required: No
Example: eu-west-1
region
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your regions, or only those you
specified.
Required: No
Example: --filter "endpoint=*ap*"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain regions.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
endpoint
The endpoint of the region (for example, ec2.us-east-1.amazonaws.com).
Type: String
region-name
The name of the region.
Type: String
API Version 2013-08-15
348
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-regions
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
349
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The REGION identifier
• The name of the region
• The service endpoint for the region
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes all the regions that are available to you.
PROMPT> ec2-describe-regions
REGION us-east-1 ec2.us-east-1.amazonaws.com
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
..
API Version 2013-08-15
350
Amazon Elastic Compute Cloud CLI Reference
Output
Example 2
This example displays information about all regions that have the string ap in the endpoint.
PROMPT> ec2-describe-regions --filter "endpoint=*ap*"
REGION ap-southeast-1 ec2.us-east-1.amazonaws.com
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeRegions
Related Commands
• ec2-describe-availability-zones (p. 251)
• ec2-run-instances (p. 624)
API Version 2013-08-15
351
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-reserved-instances
Description
Describes the Reserved Instances that you purchased.
Starting with the 2011-11-01 API version, AWS expanded its offering for Amazon EC2 Reserved Instances
to address a range of projected instance use. There are three types of Reserved Instances based on
customer utilization levels: Heavy Utilization, Medium Utilization, and Light Utilization. The Medium
Utilization offering type is equivalent to the Reserved Instance offering available before API version
2011-11-01. If you are using tools that predate the 2011-11-01 API version, you only have access to the
Medium Utilization Reserved Instance offering type.
For more information about Reserved Instances, see Reserved Instances in the Amazon Elastic Compute
Cloud User Guide.
The short version of this command is ec2dri.
Syntax
ec2-describe-reserved-instances [reservation_id ...] [[--filter "name=value"]
...]
Options
Description Name
The IDs of the Reserved Instances.
Type: String
Default: Describes all your Reserved Instances.
Required: No
Example: 4b2293b4-5813-4cc8-9ce3-1957fexample
reservation_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Reserved Instances, or only those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filter so that the response includes information for only certain Reserved Instances. For
example, you can use a filter to specify that you're interested in Reserved Instances in a specific Availability
Zone. You can specify multiple values for a filter. The response includes information for a Reserved
Instance only if it matches at least one of the filter values that you specified.
API Version 2013-08-15
352
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-reserved-instances
You can specify multiple filters; for example, specify Reserved Instances that are in a specific Availability
Zone and have a specific tag. The response includes information for a Reserved Instance only if it matches
all of the filters that you specified. If there's no match, no special message is returned, the response is
simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
availability-zone
The Availability Zone where the Reserved Instance can be used.
Type: String
duration
The duration of the Reserved Instance (one year or three years), in seconds.
Type: Long
Valid values: 31536000 | 94608000
end
The time when the Reserved Instance expires.
Type: DateTime
fixed-price
The purchase price of the Reserved Instance (for example, 9800.0)
Type: Double
instance-type
The instance type on which the Reserved Instance can be used.
Type: String
product-description
The product description of the Reserved Instance.
Type: String
Valid values: Linux/UNIX | Linux/UNIX (Amazon VPC) | Windows | Windows (Amazon VPC)
reserved-instances-id
The ID of the Reserved Instance.
Type: String
start
The time at which the Reserved Instance purchase request was placed (for example,
2010-08-07T11:54:42.000Z).
Type: DateTime
state
The state of the Reserved Instance.
Type: String
Valid values: pending-payment | active | payment-failed | retired
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
API Version 2013-08-15
353
Amazon Elastic Compute Cloud CLI Reference
Options
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
usage-price
The usage price of the Reserved Instance, per hour (for example, 0.84)
Type: Double
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
API Version 2013-08-15
354
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The RESERVEDINSTANCES identifier
• The ID of the Reserved Instance
• The Availability Zone in which the Reserved Instance can be used
• The instance type
• The Reserved Instance description (Linux/UNIX, Windows, Linux/UNIX (Amazon VPC), or Windows
(Amazon VPC))
API Version 2013-08-15
355
Amazon Elastic Compute Cloud CLI Reference
Output
• The duration of the Reserved Instance
• The upfront fee (fixed price) you pay for the Reserved Instance
• The fee (usage price) you pay per hour for using your Reserved Instance
• The number of Reserved Instances purchased
• The start date of the Reserved Instance term
• The time when the Reserved Instance expires.
• The state of the Reserved Instance purchase (payment-pending, active, payment-failed)
• The currency of the Reserved Instance purchased. It's specified using ISO 4217 standard code (for
example, USD, JPY).
• The tenancy of the reserved instance purchased. An instance with a tenancy of dedicated runs on
single-tenant hardware.
• The instance offering type
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the Reserved Instances you own.
PROMPT> ec2-describe-reserved-instances
RESERVEDINSTANCES 1ba8e2e3-2538-4a35-b749-1f444example us-east-1a m1.small
Linux/UNIX 3y 350.0 0.03 1 2009-03-13T16:01:39+0000 payment-pending USD default
Light Utilization
RESERVEDINSTANCES af9f760e-c1c1-449b-8128-1342dexample us-east-1d m1.xlarge
Linux/UNIX 1y 1820.0 0.24 1 2009-03-13T16:01:39+0000 active USD default Medium
Utilization
Example 2
This example filters the response to include only one-year, m1.small Linux/UNIX Reserved Instances.
If you want Linux/UNIX Reserved Instances specifically for use with a VPC, set the product description
to Linux/UNIX (Amazon VPC).
PROMPT> ec2-describe-reserved-instances --filter "duration=31536000" --filter
"instance-type=m1.small" --filter "product-description=Linux/UNIX"
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeReservedInstances
API Version 2013-08-15
356
Amazon Elastic Compute Cloud CLI Reference
Examples
Related Commands
• ec2-describe-reserved-instances-offerings (p. 368)
• ec2-purchase-reserved-instances-offering (p. 552)
• ec2-describe-reserved-instances-modifications (p. 363)
• ec2-modify-reserved-instances (p. 534)
API Version 2013-08-15
357
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-reserved-instances-listings
Description
Describes your account's Reserved Instance listings in the Reserved Instance Marketplace. This call
returns information about your listings, such as the identifiers of the Reserved Instances that are associated
with the Reserved Instances listings.
The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that
they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought
and sold through the Reserved Instance Marketplace work like any other Reserved Instances.
As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price
you want to receive for them. Your Reserved Instances are then listed in the Reserved Instance
Marketplace and are available for purchase.
As a buyer, you specify the configuration of the Reserved Instance you want to purchase, and the
Marketplace will match what you're searching for with what's available. The Marketplace will first sell the
lowest priced Reserved Instances to you, and continue to sell the available Reserved Instance listings
to you until your demand is met. You will be charged based on the total upfront price of all the Reserved
Instances that you purchase.
For more information about Reserved Instance Marketplace, see Reserved Instance Marketplace in the
Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2dril.
Syntax
ec2-describe-reserved-instances-listings [listing [listing [...]]] [[--filter
"name=value"] ...]
Options
Description Name
The ID of the Reserved Instance listing.
Type: String
Default: None
Required: No
listing
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Reserved Instances listings, or
only those you specified.
Required: No
Example: --filter "status=pending"
-F, --filter FILTER name=value
API Version 2013-08-15
358
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-reserved-instances-listings
Supported Filters
Our policy is to provide filters for all ec2-describe calls so that you can limit the response to your
specified criteria. Therefore, you can use filters to limit the response when describing Reserved Instances
listings, even though you can use other options instead.
For example, you can use a filter or an option to get the listing of Reserved Instances that are in an active
state. You can also specify multiple options or filters (for example, to limit the response to the Reserved
Instances listings that are in the closed state with a specific status message). The response includes
information for a listing only if it matches all options or filters. If there's no match, no special message is
returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
status
Status of the Reserved Instance listing.
Valid values: pending | active | cancelled | closed
Type: String
status-message
Reason for the status.
Type: String
reserved-instances-listing-id
The ID of the Reserved Instances listing.
Type: String
reserved-instances-id
The ID of the Reserved Instances.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
359
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
360
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns a table that contains the following information:
The listing information
• The LISTING identifier
• Reserved Instance listing ID
• Reserved Instance ID
• Create Date
• Update Date
• Status
• Status Message
One or more rows that contain instance count information
• The INSTANCE-COUNT identifier
• The instance count state
• The instance count
One or more rows that contain price schedule information
• The PRICE-SCHEDULE identifier
• The term
• The price
• Whether or not the schedule is active
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes a Reserved Instance listing that you own.
PROMPT> ec2-describe-reserved-instances-listings 095c0e18-c9e6-4692-97e5-
653e0example
Amazon EC2 returns output similar to the following:
API Version 2013-08-15
361
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-describe-reserved-instances-listings 095c0e18-c9e6-4692-97e5-
653e0example
Type ReservedInstancesListingId ReservedInstancesId CreateDate UpdateDate Status
StatusMessage
LISTING 095c0e18-c9e6-4692-97e5-653e0example b847fa93-c736-4eae-bca1-e3147example
Tue Aug 28 18:21:07 PDT 2012 Tue Aug 28 18:21:07 PDT 2012 active active
INSTANCE-COUNT available 1
INSTANCE-COUNT sold 0
INSTANCE-COUNT cancelled 0
INSTANCE-COUNT pending 0
PRICE-SCHEDULE 5 $1.2 false
PRICE-SCHEDULE 4 $1.2 true
PRICE-SCHEDULE 3 $1.2 false
PRICE-SCHEDULE 2 $1.2 false
PRICE-SCHEDULE 1 $1.2 true
Related Operations
• ec2-create-reserved-instances-listing (p. 128)
• ec2-cancel-reserved-instances-listing (p. 68)
• ec2-describe-reserved-instances (p. 352)
API Version 2013-08-15
362
Amazon Elastic Compute Cloud CLI Reference
Related Operations
ec2-describe-reserved-instances-modifications
Description
Describes the modifications made to your Reserved Instances. If no parameter is specified, information
about all your Reserved Instances modification requests will be returned. If a modification ID is specified,
only information about the specific modification will be returned.
For more information about modifying Reserved Instances, see Modifying Reserved Instances in the
Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2drim.
Syntax
ec2-describe-reserved-instances-modifications [modification-id [modification-id
[...]]] [[--filter "name=value"] ...]
Options
Description Name
The IDs of the modification requests for which you want
information.
Type: String
Default: Describes all your modification requests.
Required: No
Example: rimod-594f08ad-d0a4-41bc-a2c0-3d8e7example
modification-id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Reserved Instance modification
requests, or it describes only those modification requests that
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
Our policy is to provide filters for all ec2-describe calls so that you can limit the response to your
specified criteria. Therefore, you can use filters to limit the response when describing Reserved Instances
listings, even though you can use other options instead.
For example, you can use a filter or an option to get the listing of Reserved Instances that are in an active
state. You can also specify multiple options or filters (for example, to limit the response to the Reserved
Instances listings that are in the closed state with a specific status message). The response includes
information for a listing only if it matches all options or filters. If there's no match, no special message is
returned; the response is simply empty.
API Version 2013-08-15
363
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-reserved-instances-modifications
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
client-token
The idempotency token for the modification request.
Type: String
create-date
Time when the modification request was created.
Type: DateTime
effective-date
Time when the modification becomes effective.
Type: DateTime
modification-result.reserved-instances-id
ID for the Reserved Instances created as part of the modification request. This ID is only available
when the status of the modification is fulfilled.
Type: String
modification-result.target-configuration.availability-zone
The Availability Zone for the new Reserved Instances.
Type: String
modification-result.target-configuration.instance-count
The number of new Reserved Instances.
Type: Integer
modification-result.target-configuration.platform
The network platform of the new Reserved Instances. Valid values: EC2-Classic, EC2-VPC.
Type: String
reserved-instances-id
The ID of the Reserved Instances to modify.
Type: String
reserved-instances-modification-id
ID of the modification request.
Type: String
status
The status of the Reserved Instances modification request.
Type: String
Valid values: processing | fulfilled | failed
status-message
The reason for the status.
Type: String
update-date
Time when the modification request was last updated.
Type: DateTime
API Version 2013-08-15
364
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
365
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
The modification request information
• The Reserved Instances modification request ID
• The ID of the Reserved Instances submitted for modification
• The client token
• The create date
• The update date
• The effective date
• The status of the Reserved Instance modification request (processing, fulfilled, failed)
• Status Message
The modified Reserved Instances information
• The ID of the Reserved Instances created as a result of the modification. Only available if the modification
request was successful, and its status is fulfilled.
• The Availability Zone for the new Reserved Instances.
• The network platform in which the new Reserved Instances will be launched. Either EC2-Classic or
EC2-VPC.
API Version 2013-08-15
366
Amazon Elastic Compute Cloud CLI Reference
Output
• The number of Reserved Instances created as a result of the modification.
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes all the Reserved Instances modification requests that have been
submitted for your account.
PROMPT> ec2-describe-reserved-instances-modifications --headers
Type ReservedInstancesModificationId ClientToken CreateDate UpdateDate Effect
iveDate Status StatusMessage
RESERVEDINSTANCESMODIFICATION rimod-594f08ad-d0a4-41bc-a2c0-3d8e7example
a41fe718-1c07-43fb-b793-9bb51example 2013-08-30T21:43:24+0000 2013-08-
30T22:04:29+0000 2013-08-30T21:06:52+0000 fulfilled
Type ReservedInstancesId
RESERVEDINSTANCES 9d5cb137-8aba-4639-a0d5-d4d10example
Type AvailabilityZone InstanceCount Platform ReservedInstancesId
MODIFICATION-RESULT us-east-1a 1
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeReservedInstances
• ModifyReservedInstances
Related Commands
• ec2-modify-reserved-instances (p. 534)
• ec2-describe-reserved-instances (p. 352)
API Version 2013-08-15
367
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-reserved-instances-offerings
Description
Describes Reserved Instance offerings that are available for purchase. With Amazon EC2 Reserved
Instances, you purchase the right to launch instances for a period of time. During that time period you
will not receive insufficient capacity errors, and you will pay a lower usage rate than the rate charged for
On-Demand instances for the actual time used.
Starting with the 2011-11-01 API version, AWS expanded its offering of Amazon EC2 Reserved Instances
to address a range of projected instance usage. There are three types of Reserved Instances based on
customer utilization levels: Heavy Utilization, Medium Utilization, and Light Utilization. You determine the
type of the Reserved Instance offerings by including the optional offeringType parameter when calling
ec2-describe-reserved-instances-offerings. The Medium Utilization offering type is equivalent
to the Reserved Instance offering available before API version 2011-11-01. If you are using tools that
predate the 2011-11-01 API version, ec2-describe-reserved-instances-offerings will only list
information about the Medium Utilization Reserved Instance offering type.
For information about Reserved Instances Pricing Tiers, see Understanding Reserved Instance Pricing
Tiers in the Amazon Elastic Compute Cloud User Guide. For more information about Reserved Instances,
see Reserved Instances also in the Amazon Elastic Compute Cloud User Guide.
Starting with the 2012-08-15 API version, AWS offers the Reserved Instance Marketplace, where you
can buy and sell Reserved Instances. The Reserved Instance Marketplace makes it easy to buy and sell
Amazon EC2 Reserved Instances by matching sellers who own capacity that they no longer need with
buyers who are looking to purchase additional capacity. Reserved Instances bought and sold through
the Reserved Instance Marketplace work like any other Reserved Instances.
By default, with the 2012-08-15 API version, ec2-describe-reserved-instances-offerings
returns information about Amazon EC2 Reserved Instances available directly from AWS, plus instance
offerings available from third-party sellers, on the Reserved Instance Marketplace. If you are using tools
that predate the 2012-08-15 API version, ec2-describe-reserved-instances-offerings will only
list information about Amazon EC2 Reserved Instances available directly from AWS.
For more information about the Reserved Instance Marketplace, see Reserved Instance Marketplace in
the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2drio.
Syntax
ec2-describe-reserved-instances-offerings [offering_id ...] [--type instance_type
...] [--offering-type offering] [--availability-zone zone ...] [--description
description ...] [[--filter "name=value"] ...] [--tenancy tenancy]
[--exclude-marketplace] [--min-duration min_duration] [--max-duration
max_duration]
API Version 2013-08-15
368
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-reserved-instances-offerings
Options
Description Name
The ID of a Reserved Instance offering.
Type: String
Default: None
Required: No
Example: 438012d3-4967-4ba9-aa40-cbb1dexample
offering_id
The instance type on which the Reserved Instance can be
used.
Type: String
Default: None
Required: No
Example: -t m1.small
-t, --type instance_type
The Reserved Instance offering type.
Type: String
Valid values: "Heavy Utilization" | "Medium
Utilization" | "Light Utilization"
Default: None
Required: No
Example: --offering-type "Medium Utilization"
--offering-type offering-type
The Availability Zone in which the Reserved Instance can be
used.
Type: String
Default: None
Required: No
Example: -z us-east-1a
-z, --availability-zone zone
The Reserved Instance description. Instances that include
(Amazon VPC) in the description are for use with Amazon
VPC.
Type: String
Valid values: Linux/UNIX | Linux/UNIX (Amazon VPC)
| SUSE Linux | SUSE Linux (Amazon VPC) | Red Hat
Enterprise Linux | Red Hat Enterprise Linux
(Amazon VPC) | Windows | Windows (Amazon VPC) |
Windows with SQL Server Standard | Windows with
SQL Server Standard (Amazon VPC) | Windows with
SQL Server Web | Windows with SQL Server Web
(Amazon VPC)
Default: None
Required: No
Example: -d Linux/UNIX
-d, --description description
API Version 2013-08-15
369
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Reserved Instances offerings, or
those you specified.
Required: No
Example: --filter "instance-type=m1.small"
-F, --filter FILTER name=value
Specifies the tenancy of the Reserved Instance offering. A
Reserved Instance with tenancy of dedicated will run on
single-tenant hardware and can only be launched within a
VPC.
Type: String
Valid values: default | dedicated
Default: default
Required: No
--tenancy tenancy
Excludes the Reserved Instance Marketplace offerings in the
response.
Required: No
--exclude-marketplace
Specifies that only offerings that have a duration of at least
min_duration months should be returned.
Type: String
Default: None
Required: No
--min-duration min_duration
Specifies that only offerings that have a duration of at most
max_duration months should be returned.
Type: String
Default: None
Required: No
--max-duration max_duration
Supported Filters
Our policy is to provide filters for all ec2-describe calls so that you can limit the response to your
specified criteria. Therefore, you can use filters to limit the response when describing Reserved Instances
offerings, even though you can use other options instead.
For example, you could use an option or a filter to get the offerings for a specific instance type. You can
specify multiple options or filters (for example, limit the response to the m2.xlarge instance type, and only
for Windows instances). The response includes information for an offering only if it matches all options
or filters. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
API Version 2013-08-15
370
Amazon Elastic Compute Cloud CLI Reference
Options
availability-zone
The Availability Zone where the Reserved Instance can be used.
Type: String
duration
The duration of the Reserved Instance (for example, one year or three years), in seconds.
Type: Long
Valid values: 31536000 | 94608000
fixed-price
The purchase price of the Reserved Instance (for example, 9800.0)
Type: Double
instance-type
The Amazon EC2 instance type on which the Reserved Instance can be used.
Type: String
marketplace
Set to true to show only Reserved Instance Marketplace offerings. When this filter is not used, which
is the default behavior, all offerings from AWS and Reserved Instance Marketplace are listed.
Type: Boolean
product-description
The description of the Reserved Instance.
Type: String
Valid values: Linux/UNIX | Linux/UNIX (Amazon VPC) | Windows | Windows (Amazon VPC)
reserved-instances-offering-id
The Reserved Instances offering ID.
Type: String
usage-price
The usage price of the Reserved Instance, per hour (for example, 0.84)
Type: Double
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
371
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
372
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns a table that contains the following information:
The offering information
• The OFFERING identifier
• The source of the offering (AWS or 3rd Party)
• The offering ID
• The Availability Zone in which the Reserved Instance can be used
• The instance type
• The duration of the Reserved Instance
• The purchase price of the Reserved Instance. This may be contained in one or more subsequent
PRICING_DETAIL rows
• The usage price of the Reserved Instance, per hour. This may be contained in one or more subsequent
RECURRING-CHARGE rows
• The Reserved Instance description
• The currency of the Reserved Instance. It's specified using ISO 4217 standard (for example, USD). At
this time, the only supported currency is USD.
• The tenancy of the Reserved Instance.
• The instance offering type ("Heavy Utilization" | "Medium Utilization" | "Light
Utilization")
One or more rows that contain the recurring charge information, if any
• The RECURRING-CHARGE identifier
• The recurring charge frequency
• The recurring charge amount
One or more rows that contain the purchase price detail information, if any
• The PRICING_DETAIL identifier
• The number of times the purchase price must be paid
• The purchase price of the Reserved Instance
Amazon EC2 command line tools display errors on stderr.
Examples
Example Request
Check to see what m1.small Reserved Instances are available in a specific region.
API Version 2013-08-15
373
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-describe-reserved-instances-offerings -t m1.small -z sa-east-1b -d
Linux/UNIX --headers
Amazon EC2 returns output similar to the following example:
PROMPT> ec2-describe-reserved-instances-offerings
Type Source ReservedInstancesOfferingId AvailabilityZone InstanceType Duration
FixedPrice UsagePrice ProductDescription Currency InstanceTenancy OfferingType
OFFERING AWS 4b2293b4-3236-49f5-978d-a74c3example sa-east-1b m1.small 3y 574.0
0.0 Linux/UNIX USD default Heavy Utilization
Type Frequency Amount
RECURRING-CHARGE Hourly 0.021
OFFERING AWS 3a98bf7d-07e1-4b33-8e11-e5314example sa-east-1b m1.small 3y 473.0
0.031 Linux/UNIX USD default Medium Utilization
OFFERING AWS 438012d3-5fc5-4e49-a88e-273edexample sa-east-1b m1.small 3y 203.0
0.055 Linux/UNIX USD default Light Utilization
OFFERING AWS d586503b-bb92-41fa-9065-e5b90example sa-east-1b m1.small 1y 372.94
0.0 Linux/UNIX USD default Heavy Utilization
Type Frequency Amount
RECURRING-CHARGE Hourly 0.03
OFFERING AWS ceb6a579-b235-41e2-9aad-15a23example sa-east-1b m1.small 1y 307.13
0.04 Linux/UNIX USD default Medium Utilization
OFFERING AWS 649fd0c8-4ffb-443d-824d-eae3fexample sa-east-1b m1.small 1y 131.63
0.07 Linux/UNIX USD default Light Utilization
OFFERING 3rd Party b6121943-9faf-4350-8047-bc6d4example sa-east-1b m1.small 10m
- 0.032 Linux/UNIX USD default Medium Utilization
Type Count Price
PRICING_DETAIL 2 $1.2
OFFERING 3rd Party 08edcff2-8143-4c1d-b23c-e4c11example sa-east-1b m1.small 5m
- 0.032 Linux/UNIX USD default Medium Utilization
Type Count Price
PRICING_DETAIL 19 $1.2
PRICING_DETAIL 4 $1.23
The preceding output shows a part of the overall offerings that are available.
Tip
You can filter this list to return only certain types of Reserved Instances offerings of interest to
you.
Example Request
This example filters the response to include only one-year, m1.small or m1.large Linux/UNIX Reserved
Instances. If you want Linux/UNIX Reserved Instances specifically for use with a VPC, set the product
description to Linux/UNIX (Amazon VPC).
PROMPT> ec2-describe-reserved-instances-offerings --filter "duration=31536000"
--filter "instance-type=m1.small" --filter "instance-type=m1.large" --filter
"product-description=Linux/UNIX" -H
Type ReservedInstancesOfferingId AvailabilityZone InstanceType Duration Fixed
Price UsagePrice ProductDescription Currency InstanceTenancy OfferingType
OFFERING 649fd0c8-7d25-4e81-959e-0e1bcexample us-east-1c m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING 438012d3-278f-4ad6-9cb9-e2318example us-east-1b m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING 4b2293b4-20f5-4b3d-9969-46341example us-east-1d m1.large 1y 910.0
API Version 2013-08-15
374
Amazon Elastic Compute Cloud CLI Reference
Examples
0.12 Linux/UNIX USD default Medium Utilization
OFFERING 3a98bf7d-abc6-47a0-870e-e2459example us-east-1a m1.large 1y 910.0
0.12 Linux/UNIX USD default Medium Utilization
OFFERING ceb6a579-757c-474b-b09b-52c84example us-east-1c m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
OFFERING 60dcfab3-06bb-4b68-9503-53bf8example us-east-1b m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
OFFERING 438012d3-80c7-42c6-9396-a209cexample us-east-1d m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
OFFERING 649fd0c8-5d76-4881-a522-fe522example us-east-1a m1.small 1y 227.5
0.03 Linux/UNIX USD default Medium Utilization
...
Related Operations
• ec2-purchase-reserved-instances-offering (p. 552)
• ec2-describe-reserved-instances (p. 352)
API Version 2013-08-15
375
Amazon Elastic Compute Cloud CLI Reference
Related Operations
ec2-describe-route-tables
Description
Describes one or more of your route tables.
For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User
Guide.
The short version of this command is ec2drtb.
Syntax
ec2-describe-route-tables [route_table_id...] [[--filter "name=value"] ...]
Options
Description Name
One or more route table IDs.
Type: String
Default: Describes all your route tables.
Required: No
Example: rtb-7aa34613
route_table_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your route tables, or only those you
specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain tables. For example, you
can use a filter to specify that you're interested in the tables associated with a particular subnet. You can
specify multiple values for a filter. The response includes information for a table only if it matches at least
one of the filter values that you specified.
You can specify multiple filters; for example, specify tables that have a specific route and are associated
with a specific subnet. The response includes information for a table only if it matches all the filters that
you specified. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
API Version 2013-08-15
376
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-route-tables
association.route-table-association-id
The ID of an association ID for the route table.
Type: String
association.route-table-id
The ID of the route table involved in the association.
Type: String
association.subnet-id
The ID of the subnet involved in the association.
Type: String
association.main
Indicates whether the route table is the main route table for the VPC.
Type: Boolean
route-table-id
The ID of the route table.
Type: String
route.destination-cidr-block
The CIDR range specified in a route in the table.
Type: String
route.gateway-id
The ID of a gateway specified in a route in the table.
Type: String
route.instance-id
The ID of an instance specified in a route in the table.
Type: String
route.origin
Describes how the route was created.
Type: String
Valid values: CreateRouteTable | CreateRoute | EnableVgwRoutePropagation
CreateRouteTable indicates that route was automatically created when the route table was created.
CreateRoute indicates that the route was manually added to the route table.
EnableVgwRoutePropagation indicates that the route was propagated by route propagation.
route.state
The state of a route in the route table. The blackhole state indicates that the route's target isn't
available (for example, the specified gateway isn't attached to the VPC, the specified NAT instance
has been terminated, and so on).
Type: String
Valid values: active | blackhole
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
API Version 2013-08-15
377
Amazon Elastic Compute Cloud CLI Reference
Options
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
vpc-id
The ID of the VPC for the route table.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
378
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ROUTETABLE identifier
• The ID of the route table
• The ID of the VPC the route table is in
• The ROUTE identifier
• The route's forwarding target (gateway or NAT instance)
• The route's state (active or blackhole). Blackhole means the route's forwarding target isn't available
(for example, the gateway is detached, the NAT instance is terminated)
• The route's destination CIDR range
• The ASSOCIATION identifier
API Version 2013-08-15
379
Amazon Elastic Compute Cloud CLI Reference
Output
• The association ID representing the association of the route table to a subnet (or to the VPC if it's the
main route table)
• Any tags assigned to the route table
• Network interfaces associated with the route.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes the route table with the ID rtb-6aa34603.
PROMPT> ec2-describe-route-tables rtb-6aa34603
ROUTETABLE rtb-6aa34603 vpc-9ea045f7
ec2-describe-route-tables
ROUTETABLE rtb-7f6e8217 vpc-7d6e8215
ROUTE vgw-56c1f422 active 13.4.5.0/24 CreateRoute
ROUTE local active 12.12.12.0/24 CreateRouteTable
ROUTE igw-906e82f8 active 0.0.0.0/0 CreateRoute
ROUTE vgw-56c1f422 active 13.0.0.0/8 EnableVgwRoutePropagation
ROUTE vgw-56c1f422 active 11.0.0.0/8 EnableVgwRoutePropagation
ROUTE vgw-56c1f422 active 10.0.0.0/8 EnableVgwRoutePropagation
PROPAGATINGVGW vgw-56c1f422
ASSOCIATION rtbassoc-706e8218 main
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeRouteTables
Related Commands
• ec2-associate-route-table (p. 30)
• ec2-delete-route-table (p. 208)
• ec2-disassociate-route-table (p. 475)
• ec2-replace-route-table-association (p. 580)
API Version 2013-08-15
380
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-snapshot-attribute
Description
Describes an attribute of a snapshot. You can specify only one attribute at a time.
The short version of this command is ec2dsnapatt.
Syntax
ec2-describe-snapshot-attribute snapshot_id attribute
Options
Description Name
The ID of the Amazon EBS snapshot.
Type: String
Default: None
Required: Yes
Example: snap-78a54011
snapshot_id
Describes the create volume permissions of the snapshot. If
you don't specify this attribute, you must specify another
attribute.
Type: String
Default: None
Required: Conditional
Example: -c
-c, --create-volume-permission
Describes the product codes associated with the snapshot.
Each product code contains a product code and a type. If you
don't specify this attribute, you must specify another attribute.
Type: String
Default: None
Required: Conditional
Example: -p
-p, --product-code
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
381
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-snapshot-attribute
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
382
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the snapshot
• The attribute value type
• The attribute value
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes the permissions for the snapshot with the ID snap-1a2b3c4d.
PROMPT> ec2-describe-snapshot-attribute snap-1a2b3c4d -c
createVolumePermission snap-1a2b3c4d userId 111122223333
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSnapshotAttribute
API Version 2013-08-15
383
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-create-snapshot (p. 139)
• ec2-describe-snapshots (p. 385)
• ec2-modify-snapshot-attribute (p. 538)
• ec2-reset-snapshot-attribute (p. 610)
API Version 2013-08-15
384
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-snapshots
Description
Describes one or more of the Amazon EBS snapshots available to you. Snapshots available to you include
public snapshots available for any AWS account to launch, private snapshots you own, and private
snapshots owned by another AWS account but for which you've been given explicit create volume
permissions.
The create volume permissions fall into the following categories.
Description Permission
The owner of the snapshot granted create volume permissions for the snapshot
to the all group. All AWS accounts have create volume permissions for these
snapshots.
public
The owner of the snapshot granted create volume permissions to a specific AWS
account.
explicit
An AWS account has implicit create volume permissions for all snapshots it owns. implicit
You can modify the list of snapshots returned by specifying snapshot IDs, snapshot owners, or AWS
accounts with create volume permissions. If you don't specify any options, Amazon EC2 returns all
snapshots for which you have create volume permissions.
If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you
specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not
have access, it will not be included in the returned results.
If you specify one or more snapshot owners, only snapshots from the specified owners and for which you
have access are returned. The results can include the AWS account IDs of the specified owners, amazon
for snapshots owned by Amazon, or self for snapshots that you own.
If you specify a list of restorable users, only snapshots with create snapshot permissions for those users
are returned. You can specify AWS account IDs (if you own the snapshots), self for snapshots for which
you own or have explicit permissions, or all for public snapshots.
Tip
Use the --help option to view examples of ways to use this command.
The short version of this command is ec2dsnap.
Syntax
ec2-describe-snapshots [snapshot_id ...] [-a] [-o owner ...] [-r user_id]
[[--filter "name=value"] ...]
API Version 2013-08-15
385
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-snapshots
Options
Description Name
One or more snapshot IDs.
Type: String
Default: Describes all snapshots for which you have launch
permissions.
Required: No
Example: snap-78a54011
snapshot_id
Describe all snapshots (public, private or shared) to which
you have access.
Type: String
Default: None
Required: No
Example: -a
-a, --all owner
Describes snapshots owned by the specified owner. Multiple
owners can be specified.
Type: String
Valid values: self | amazon | AWS account ID
Default: None
Required: No
Example: -o AKIAIOSFODNN7EXAMPLE
-o, --owner owner
The ID of an AWS account that can create volumes from the
snapshot.
Type: String
Valid values: self | all | AWS account ID
Default: None
Required: No
Example: -r self
-r, --restorable-by user_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all snapshots for which you have launch
permissions, or only those you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain snapshots. For example,
you can use a filter to specify that you're interested in snapshots whose status is pending. You can
specify multiple values for a filter. The response includes information for a snapshot only if it matches at
least one of the filter values that you specified.
API Version 2013-08-15
386
Amazon Elastic Compute Cloud CLI Reference
Options
You can specify multiple filters; for example, specify snapshot's that have a pending status, and have
a specific tag. The response includes information for a snapshot only if it matches all the filters that you
specified. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
description
A description of the snapshot.
Type: String
owner-alias
The AWS account alias (for example, amazon) that owns the snapshot.
Type: String
owner-id
The ID of the AWS account that owns the snapshot.
Type: String
progress
The progress of the snapshot, as a percentage (for example, 80%).
Type: String
snapshot-id
The snapshot ID.
Type: String
start-time
The time stamp when the snapshot was initiated.
Type: DateTime
status
The status of the snapshot.
Type: String
Valid values: pending | completed | error
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
volume-id
The ID of the volume the snapshot is for.
API Version 2013-08-15
387
Amazon Elastic Compute Cloud CLI Reference
Options
Type: String
volume-size
The size of the volume, in GiB (for example, 20).
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
API Version 2013-08-15
388
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
1. The snapshot information
• The SNAPSHOT identifier
• The ID of the snapshot
• The ID of the volume
• The state of the snapshot (pending, completed, error)
• The time stamp when the snapshot initiated
• The percentage of completion
• The ID of the snapshot owner
• The size of the volume
• The description of the snapshot
2. Any tags associated with the snapshot
• The TAG identifier
• The resource type identifier
• The ID of the resource
API Version 2013-08-15
389
Amazon Elastic Compute Cloud CLI Reference
Output
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the snapshot with the ID snap-1a2b3c4d.
PROMPT> ec2-describe-snapshots snap-1a2b3c4d
SNAPSHOT snap-1a2b3c4d vol-1a2b3c4d completed YYYY-MM-DDTHH:MM:SS.SSSZ 100%
111122223333 15 Daily Backup
TAG snapshot snap-1a2b3c4d Name Test
Example 2
This example filters the response to include only snapshots with the pending status, and that are also
tagged with a value that includes the string db_.
PROMPT> ec2-describe-snapshots --filter "status=pending" --filter "tag-
value=*db_*"
SNAPSHOT snap-1a2b3c4d vol-1a2b3c4d pending YYYY-MM-DDTHH:MM:SS.SSSZ 30%
111122223333 15 demo_db_14_backup
TAG snapshot snap-1a2b3c4d Purpose db_14
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSnapshots
Related Commands
• ec2-create-snapshot (p. 139)
• ec2-delete-snapshot (p. 211)
API Version 2013-08-15
390
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-spot-datafeed-subscription
Description
Describes the datafeed for Spot Instances. For more information about Spot Instances, see Spot Instances
in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2dsds.
Syntax
ec2-describe-spot-datafeed-subscription
Options
This command has no options.
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
API Version 2013-08-15
391
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-spot-datafeed-subscription
Description Option
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SPOTDATAFEEDSUBSCRIPTION identifier
• The AWS account ID of the owner
• The Amazon S3 bucket where the data feed is located
API Version 2013-08-15
392
Amazon Elastic Compute Cloud CLI Reference
Output
• The prefix for the data feed file names
• The state (Active | Inactive)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command describes the datafeed for the account.
PROMPT> ec2-describe-spot-datafeed-subscription
SPOTDATAFEEDSUBSCRIPTION 111122223333 myawsbucket spotdata_ Active
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSpotDatafeedSubscription
Related Commands
• ec2-create-spot-datafeed-subscription (p. 143)
• ec2-delete-spot-datafeed-subscription (p. 214)
API Version 2013-08-15
393
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-spot-instance-requests
Description
Describes the Spot Instance requests that belong to your account. Spot Instances are instances that
Amazon EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot
Price. Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current
Spot Instance requests. For more information about Spot Instances, see Spot Instances in the Amazon
Elastic Compute Cloud User Guide.
The short version of this command is ec2dsir.
Syntax
ec2-describe-spot-instance-requests [request_id ...] [[--filter "name=value"]
...]
Options
Description Name
The ID of the Spot Instance request.
Type: String
Default: None
Required: No
Example: sir-1a2b3c4d
request_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your Spot Instance requests, or those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain Spot Instance requests.
For example, you can use a filter to specify that you're interested in requests where the Spot Price is a
specific value. (You can't use a greater than or less than comparison, however you can use * and ?
wildcards.) You can specify multiple values for a filter. The response includes information for a Spot
Instance request only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify that the Spot Price is a specific value, and that the
instance type is m1.small. The response includes information for a request only if it matches all the filters
that you specified. If there's no match, no special message is returned, the response is simply empty.
API Version 2013-08-15
394
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-spot-instance-requests
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
availability-zone-group
The Availability Zone group. If you specify the same Availability Zone group for all Spot Instance
requests, all Spot Instances are launched in the same Availability Zone.
Type: String
create-time
The time stamp when the Spot Instance request was created.
Type: String
fault-code
The fault code related to the request.
Type: String
fault-message
The fault message related to the request.
Type: String
instance-id
The ID of the instance that fulfilled the request.
Type: String
launch-group
The Spot Instance launch group. Launch groups are Spot Instances that launch together and terminate
together.
Type: String
launch.block-device-mapping.delete-on-termination
Whether the Amazon EBS volume is deleted on instance termination.
Type: Boolean
launch.block-device-mapping.device-name
The device name (for example, /dev/sdh) for the Amazon EBS volume.
Type: String
launch.block-device-mapping.snapshot-id
The ID of the snapshot used for the Amazon EBS volume.
Type: String
launch.block-device-mapping.volume-size
The volume size of the Amazon EBS volume, in GiB.
Type: String
launch.block-device-mapping.volume-type
The volume type of the Amazon EBS volume.
Type: String
Valid values: standard | io1
launch.group-id
The security group for the instance.
Type: String
launch.image-id
The ID of the AMI.
Type: String
launch.instance-type
The type of instance (for example, m1.small).
Type: String
API Version 2013-08-15
395
Amazon Elastic Compute Cloud CLI Reference
Options
launch.kernel-id
The kernel ID.
Type: String
launch.key-name
The name of the key pair the instance launched with.
Type: String
launch.monitoring-enabled
Whether monitoring is enabled for the Spot Instance.
Type: Boolean
launch.ramdisk-id
The RAM disk ID.
Type: String
launch.network-interface.network-interface-id
The ID of the network interface.
Type: String
launch.network-interface.device-index
The index of the device for the network interface attachment on the instance.
Type: Integer
launch.network-interface.subnet-id
The ID of the subnet for the instance.
Type: String
launch.network-interface.description
A description of the network interface.
Type: String
launch.network-interface.private-ip-address
The primary private IP address of the network interface.
Type: String
launch.network-interface.delete-on-termination
Indicates whether the network interface is deleted when the instance is terminated.
Type: Boolean
launch.network-interface.group-id
The ID of the security group associated with the network interface.
Type: String
launch.network-interface.group-name
The name of the security group associated with the network interface.
Type: String
launch.network-interface.addresses.primary
Indicates whether the IP address is the primary private IP address.
Type: String
product-description
The product description associated with the instance.
Type: String
Valid values: Linux/UNIX | Windows
spot-instance-request-id
The Spot Instance request ID.
Type: String
spot-price
The maximum hourly price for any Spot Instance launched to fulfill the request.
Type: String
API Version 2013-08-15
396
Amazon Elastic Compute Cloud CLI Reference
Options
state
The state of the Spot Instance request. Spot bid status information can help you track your Amazon
EC2 Spot Instance requests. For information, see Tracking Spot Requests with Bid Status Codes in
the Amazon Elastic Compute Cloud User Guide.
Type: String
Valid values: open | active | closed | cancelled | failed
status-code
The short code describing the most recent evaluation of your Spot Instance request. For more
information, see Spot Bid Status in the Amazon Elastic Compute Cloud User Guide.
Type: String
status-message
The message explaining the status of the Spot Instance request.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
type
The type of Spot Instance request.
Type: String
Valid values: one-time | persistent
launched-availability-zone
The Availability Zone in which the bid is launched.
Type: String
valid-from
The start date of the request.
Type: DateTime
valid-until
The end date of the request.
Type: DateTime
API Version 2013-08-15
397
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
398
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
The Spot Instance request information
• The SPOTINSTANCEREQUEST identifier
• The ID of the Spot Instance request
• The Spot Instance bid price
• The Spot Instance type (one-time or persistent)
• The product description (Linux/UNIX or Windows)
• The state of the Spot Instance request (active, open, closed, cancelled, failed)
• The date and time the request was created
• The date and time that the request is valid until
• The date and time the request will be held until
• The launch group
• The Availability Zone group
• The ID of the instance
• The ID of the image
• The instance type
• The key pair name
API Version 2013-08-15
399
Amazon Elastic Compute Cloud CLI Reference
Output
• Any security groups the request belongs to
• The Availability Zone the instance belongs to
• The kernel ID of the instance
• The RAM disk ID of the instance
• The monitoring status
• The ID of the subnet
• The Availability Zone the instance was launched to
• The IAM profile
Any Spot Instance faults
• The SPOTINSTANCEFAULT identifier
• The Spot Instance fault code
• The Spot Instance fault message
The Spot Instance status information
• The SPOTINSTANCESTATUS identifier
• The Spot Instance status
• The date and time of the last update
• The Spot Instance status message
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes all of your Spot Instance requests.
PROMPT> ec2-describe-spot-instance-requests
SPOTINSTANCEREQUEST sir-1a2b3c4d 0.040000 one-time Linux/UNIX active YYYY-MM-
DDTHH:MM:SS-0800 i-1a2b3c4d ami-1a2b3c4d m1.small my-key-pair sg-1a2b3c4d
monitoring-disabled us-west-2c
SPOTINSTANCESTATUS fulfilled YYYY-MM-DDTHH:MM:SS-0800 Your Spot request is
fulfilled.
SPOTINSTANCEREQUEST sir-2a2b3c4d 0.040000 one-time Linux/UNIX active YYYY-MM-
DDTHH:MM:SS-0800 i-2a2b3c4d ami-1a2b3c4d m1.small my-key-pair sg-1a2b3c4d
monitoring-disabled us-west-2c
SPOTINSTANCESTATUS fulfilled YYYY-MM-DDTHH:MM:SS-0800 Your Spot request is
fulfilled.
SPOTINSTANCEREQUEST sir-3a2b3c4d 0.040000 one-time Linux/UNIX active YYYY-MM-
DDTHH:MM:SS-0800 i-3a2b3c4d ami-1a2b3c4d m1.small my-key-pair sg-1a2b3c4d
monitoring-disabled us-west-2c
SPOTINSTANCESTATUS fulfilled YYYY-MM-DDTHH:MM:SS-0800 Your Spot request is
fulfilled.
API Version 2013-08-15
400
Amazon Elastic Compute Cloud CLI Reference
Examples
Example 2
This example describes all persistent Spot Instance requests that have resulted in the launch of at least
one m1.small instance, that has been fulfilled in the us-east-1a Availability Zone, and that also has
monitoring enabled.
PROMPT> ec2-describe-spot-instance-requests --filter "type=persistent" --filter
"launch.instance-type=m1.small" --filter "launch.monitoring-enabled=true"
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSpotInstanceRequests
Related Commands
• ec2-cancel-spot-instance-requests (p. 72)
• ec2-describe-spot-price-history (p. 402)
• ec2-request-spot-instances (p. 589)
API Version 2013-08-15
401
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-spot-price-history
Description
Describes the Spot Price history. Spot Instances are instances that Amazon EC2 starts on your behalf
when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets
the Spot Price based on available Spot Instance capacity and current Spot Instance requests. For more
information about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide.
When you use the availability-zone option, this command describes the price history for the specified
Availability Zone with the most recent set of prices listed first. If you don't specify an Availability Zone,
the command returns the prices across all Availability Zones, starting with the most recent set. However,
if you use this command with versions of the API earlier than the 2011-05-15 version, this command
returns the lowest price across the region for the given time period. The prices returned are listed in
chronological order — from the oldest to the most recent.
The short version of this command is ec2dsph.
Syntax
ec2-describe-spot-price-history [--start-time timestamp] [--end-time timestamp]
[--instance-type type] [--product-description description] [[--filter
"name=value"] ...] [--availability-zone zone]
Options
Description Name
The start date and time of the Spot Instance price history data.
Type: DateTime
Default: None
Required: No
Example: -s 2009-12-01T11:51:50.000Z
-s, --start-time timestamp
The end date and time of the Spot Instance price history data.
Type: DateTime
Default: None
Required: No
Example: -e 2009-12-31T11:51:50.000Z
-e, --end-time timestamp
The instance type to return.
Type: String
Valid values: t1.micro | m1.small | m1.medium | m1.large
| m1.xlarge | m3.xlarge | m3.2xlarge | c1.medium |
c1.xlarge | m2.xlarge | m2.2xlarge | m2.4xlarge |
cr1.8xlarge | cc1.4xlarge | cc2.8xlarge |
cg1.4xlarge. See Available Instance Types for more
information.
Default: None
Required: No
Example: -t m1.large
-t, --instance-type type
API Version 2013-08-15
402
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-spot-price-history
Description Name
Filters the results by basic product description.
Type: String
Valid values: Linux/UNIX | SUSE Linux | Windows |
Linux/UNIX (Amazon VPC) | SUSE Linux (Amazon
VPC) | Windows (Amazon VPC)
Default: None
Required: No
Example: -d Linux/UNIX
-d, --product-description
description
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Lists all available history information, or just the
information you requested.
Required: No
Example: --filter
"product-description=Linux/UNIX"
-F, --filter name=value
The Availability Zone for which you want to get the price
history.
Type: String
Default: None
Required: No
Example: -a us-east-1a
-a, --availability-zone zone
Supported Filters
Note
Our policy is to provide filters for all ec2-describe calls so you can limit the response to your
specified criteria. Therefore, you can use filters to limit the response when describing Spot Price
histories, even though you can use the options instead.
For example, you could use an option or a filter to get the history for a particular instance type. You can
specify multiple request parameters or filters (for example, limit the response to the m2.xlarge instance
type, and only for Windows instances). The response includes information for a price history only if it
matches all your options or filters. If there's no match, no special message is returned, the response is
simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
instance-type
The type of instance (for example, m1.small).
Type: String
product-description
The product description for the Spot Price.
API Version 2013-08-15
403
Amazon Elastic Compute Cloud CLI Reference
Options
Type: String
Valid values: Linux/UNIX | SUSE Linux | Windows | Linux/UNIX (Amazon VPC) | SUSE Linux
(Amazon VPC) | Windows (Amazon VPC)
spot-price
The Spot Price. The value must match exactly (or use wildcards; greater than or less than comparison
is not supported).
Type: String
timestamp
The timestamp of the Spot Price history (for example, 2010-08-16T05:06:11.000Z). You can use
wildcards (* and ?). Greater than or less than comparison is not supported.
Type: DateTime
availability-zone
The Availability Zone for which prices should be returned.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
API Version 2013-08-15
404
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The SPOTINSTANCEPRICE identifier
• The Spot Instance price
• The date and time of the request
• The instance type
API Version 2013-08-15
405
Amazon Elastic Compute Cloud CLI Reference
Output
• The product description (for example, Linux/UNIX)
• The Availability Zone (for example, us-east-1a)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command returns the Spot Price history for m1.xlarge instances for a particular day in
May.
PROMPT> ec2-describe-spot-price-history -H --instance-type m1.xlarge --start-
time 2011-05-06T07:08:09 --end-time 2011-05-06T08:09:10
Type Price Timestamp InstanceType ProductDescription AvailabilityZone
SPOTINSTANCEPRICE 0.417000 2011-05-06T05:54:03-0800 m1.xlarge Windows us-east-
1b
SPOTINSTANCEPRICE 0.417000 2011-05-06T05:54:03-0800 m1.xlarge Windows us-east-
1d
SPOTINSTANCEPRICE 0.417000 2011-05-06T05:54:03-0800 m1.xlarge Windows us-east-
1a
...
This example command uses filters instead of request options to get the same results.
PROMPT> ec2-describe-spot-price-history -H --instance-type m1.xlarge --start-
time 2011-05-06T07:08:09 --end-time 2011-05-06T08:09:10 --product-description
'Linux/UNIX'
Type Price Timestamp InstanceType ProductDescription AvailabilityZone
SPOTINSTANCEPRICE 0.234000 2011-05-06T05:08:03-0800 m1.xlarge Linux/UNIX us-
east-1b
SPOTINSTANCEPRICE 0.234000 2011-05-06T05:08:03-0800 m1.xlarge Linux/UNIX us-
east-1c
SPOTINSTANCEPRICE 0.234000 2011-05-06T05:08:03-0800 m1.xlarge Linux/UNIX us-
east-1d
...
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSpotPriceHistory
Related Commands
• ec2-cancel-spot-instance-requests (p. 72)
• ec2-describe-spot-instance-requests (p. 394)
API Version 2013-08-15
406
Amazon Elastic Compute Cloud CLI Reference
Examples
• ec2-request-spot-instances (p. 589)
API Version 2013-08-15
407
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-subnets
Description
Describes one or more of your subnets.
The short version of this command is ec2dsubnet.
Syntax
ec2-describe-subnets [ subnet_id ... ] [[--filter "name=value"] ...]
Options
Description Name
One or more subnet IDs.
Type: String
Default: Describes all your subnets.
Required: No
Example: subnet-9d4a7b6c
subnet_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your subnets, or only those you
specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain subnets. For example,
you can use a filter to specify that you're interested in the subnets in the available state. You can
specify multiple values for a filter. The response includes information for a subnet only if it matches at
least one of the filter values that you specified.
You can specify multiple filters; for example, specify subnets that are in a specific VPC and are in the
available state. The response includes information for a subnet only if it matches all the filters that you
specified. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
availability-zone
The Availability Zone for the subnet.
API Version 2013-08-15
408
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-subnets
Type: String
available-ip-address-count
The number of IP addresses in the subnet that are available.
Type: String
cidr
The CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR
block for information to be returned for the subnet.
Type: String
Constraints: Must contain the slash followed by one or two digits (for example, /28)
defaultForAz
Indicates whether this is the default subnet for the Availability Zone.
Type: Boolean
state
The state of the subnet.
Type: String
Valid values: pending | available
subnet-id
The ID of the subnet.
Type: String
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
vpc-id
The ID of the VPC for the subnet.
Type: String
API Version 2013-08-15
409
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
410
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information for each subnet:
• The SUBNET identifier
• The ID of the subnet
• The current state of the subnet (pending or available)
• The ID of the VPC the subnet is in
• The CIDR block assigned to the subnet
• The number of IP addresses in the subnet that are available
• The Availability Zone the subnet is in
• Default subnet for the Availability Zone (true or false)
• Instances launched in this subnet receive a public IP address (true or false)
• Any tags assigned to the subnet
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
411
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command describes the subnets with the IDs subnet-9d4a7b6c and subnet-6e7f829e.
PROMPT> ec2-describe-subnets subnet-9d4a7b6c subnet-6e7f829e
SUBNET subnet-9d4a7b6c available vpc-1a2b3c4d 10.0.1.0/24 251 us-east-
1a false false
SUBNET subnet-6e7f829e available vpc-1a2b3c4d 10.0.0.0/24 251 us-east-
1a false false
Example 2
This example command uses filters to describe any subnet you own that is in the VPC with the ID
vpc-1a2b3c4d or vpc-6e7f8a92, and whose state is available. The response indicates that the
VPC with the ID vpc-6e7f8a92 doesn't have any subnets that match.
PROMPT> ec2-describe-subnets --filter "vpc-id=vpc-1a2b3c4d" --filter "vpc-id=vpc-
6e7f8a92" --filter "state=available"
SUBNET subnet-9d4a7b6c available vpc-1a2b3c4d 10.0.1.0/24 251 us-east-
1a false false
SUBNET subnet-6e7f829e available vpc-1a2b3c4d 10.0.0.0/24 251 us-east-
1a false false
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeSubnets
Related Commands
• ec2-create-subnet (p. 146)
• ec2-delete-subnet (p. 217)
API Version 2013-08-15
412
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-describe-tags
Description
Describes the tags for your Amazon EC2 resources. For more information about tags, see Tagging Your
Resources in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2dtag.
Syntax
ec2-describe-tags [[--filter "name=value"] ...]
Options
Description Name
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your tags.
Required: No
Example: --filter "resource-type=instance"
-F, --filter name=value
Supported Filters
You can specify filters to limit the response when describing tags. For example, you can use a filter to
get only the tags for a specific resource type. You can specify multiple values for a filter. The response
includes information for a tag only if it matches at least one of the filter values that you specified.
You can specify multiple filters (for example, specify a specific resource type and tag values that contain
the string database). The response includes information for a tag only if it matches all the filters that you
specified. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
key
The tag key.
Type: String
resource-id
The resource ID.
Type: String
resource-type
The resource type.
API Version 2013-08-15
413
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-tags
Type: String
Valid values: customer-gateway | dhcp-options | image | instance | internet-gateway |
network-acl | network-interface | reserved-instances | route-table | security-group
| snapshot | spot-instances-request | subnet | volume | vpc | vpn-connection |
vpn-gateway
value
The tag value.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
414
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The TAG identifier
• The resource type identifier
• The ID of the resource
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
415
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command describes all your tags.
PROMPT> ec2-describe-tags
TAG ami-1a2b3c4d image webserver
TAG ami-1a2b3c4d image stack Production
TAG i-5f4e3d2a instance webserver
TAG i-5f4e3d2a instance stack Production
TAG i-12345678 instance database_server
TAG i-12345678 instance stack Test
Example 2
This example command describes the tags for your resource with ID ami-1a2b3c4d.
PROMPT> ec2-describe-tags --filter "resource-id=ami-1a2b3c4d"
TAG ami-1a2b3c4d image webserver
TAG ami-1a2b3c4d image stack Production
Example 3
This example command describes the tags for all your instances.
PROMPT> ec2-describe-tags --filter "resource-type=instance"
TAG i-5f4e3d2a instance webserver
TAG i-5f4e3d2a instance stack Production
TAG i-12345678 instance database_server
TAG i-12345678 instance stack Test
Example 4
This example command describes the tags for all your instances that have a tag with the key webserver.
PROMPT> ec2-describe-tags --filter "resource-type=instance" --filter "key=web
server"
TAG i-5f4e3d2a instance webserver
Example 5
This example command describes the tags for all your instances that have a tag with the key stack and
a value of either Test or Production.
PROMPT> ec2-describe-tags --filter "resource-type=instance" --filter "key=stack"
--filter "value=Test" --filter "value=Production"
TAG i-5f4e3d2a instance stack Production
TAG i-12345678 instance stack Test
API Version 2013-08-15
416
Amazon Elastic Compute Cloud CLI Reference
Examples
Example 6
This example command describes the tags for all your instances that have a tag with the key Purpose
and no value.
PROMPT> ec2-describe-tags --filter "resource-type=instance" --filter
"key=Purpose" --filter "value="
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeTags
Related Commands
• ec2-create-tags (p. 150)
• ec2-delete-tags (p. 220)
API Version 2013-08-15
417
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-volume-attribute
Description
Describes an attribute of a volume. You can specify only one attribute at a time.
The short version of this command is ec2dvolatt.
Syntax
ec2-describe-volume-attribute volume_id ... { --auto-enable-io | --product-code
}
Options
Description Name
The ID of the volume.
Type: String
Required: Yes
Example: vol-4282672b
volume_id
Whether auto-enable-io is enabled.
Type: Boolean
Required: No
Example: --auto-enable-io
-a, --auto-enable-io
The product codes.
Type: String
Required: No
Example: --product-code
-p, --product-code
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
418
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-volume-attribute
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
419
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ID of the volume
• Information about the attribute
Amazon EC2 command line tools display errors on stderr.
Example
Example 1
This example command describes the autoEnableIo attribute of the volume with the ID vol-999999.
PROMPT> ec2-describe-volume-attribute vol-999999 -a
VolumeId Attribute
vol-999999 autoEnableIo
AUTO-ENABLE-IO true
Example 2
This example command describes the productCodes attribute of the volume with the ID vol-777777.
PROMPT> ec2-describe-volume-attribute vol-777777 -p
VolumeId Attribute
vol-777777 productCodes
PRODUCT_CODES [marketplace: a1b2c3d4e5f6g7h8i9j10k11]
Related Topics
Download
• Getting Started with the Command Line Tools
API Version 2013-08-15
420
Amazon Elastic Compute Cloud CLI Reference
Output
Related Action
• DescribeVolumeAttribute
Related Commands
• ec2-describe-volume-status (p. 422)
• ec2-enable-volume-io (p. 481)
• ec2-modify-volume-attribute (p. 542)
API Version 2013-08-15
421
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-volume-status
Description
Describes the status of one or more volumes. Volume status provides the result of the checks performed
on your volumes to determine events that can impair the performance of your volumes. The performance
of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying
host experiences a power outage or system issue, once the system is restored, there could be data
inconsistencies on the volume. Volume events notify you if this occurs. Volume action notifies you if any
action needs to be taken in response to the event.
The DescribeVolumeStatus operation provides the following information about the specified volumes:
Status: Reflects the current status of the volume. The possible values are ok, impaired , or
insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the
overall status is impaired. If the status is insufficient-data, then the checks may still be taking
place on your volume at the time. We recommend you retry the request. For more information on volume
status, see Monitoring the Status of Your Volumes.
Events: Reflect the cause of a volume status and may require you to take an action. For example, if your
volume returns an impaired status, then the volume event might be potential-data-inconsistency.
This means that your volume has been impacted by an issue with the underlying host, has all I/O operations
disabled, and may have inconsistent data.
Actions: Reflect the actions you may have to take in response to an event. For example, if the status of
the volume is impaired and the volume event shows potential-data-inconsistency, then the
action will show enable-volume-io. This means that you may want to enable the I/O operations for
the volume by issuing the ec2-enable-volume-io (p. 481) command and then check the volume for data
consistency.
Note
Volume status is based on the volume status checks, and does not reflect the volume state.
Therefore, volume status does not indicate volumes in the error state (for example, when a
volume is incapable of accepting I/O.)
The short version of this command is ec2dvs.
Syntax
ec2-describe-volume-status [volume_id ...] [[--filter "name=value"] ...]
Options
Description Name
One or more volume IDs.
Type: String
Default: Describes the status of all your volumes.
Required: No
Example: vol-4282672b
volume_id
API Version 2013-08-15
422
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-volume-status
Description Name
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your volumes, or only those you
specified.
Required: No
Example: --filter "volume-status.status=Ok"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain volumes. For example,
you can use a filter to specify that you're interested in volumes that have impaired status. You can
specify multiple values for a filter. The response includes information for a volume only if it matches at
least one of the filter values that you specified.
You can specify multiple filters; for example, specify volumes that are in a specific Availability Zone and
have the status impaired. The response includes information for a volume only if it matches all the filters
that you specified. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
availability-zone
The Availability Zone of the instance.
Type: String
volume-status.status
The status of the volume.
Type: String
Valid values: ok | impaired | warning | insufficient-data
volume-status.details-name
The cause for the volume-status.status.
Type: String
Valid values: io-enabled | io-performance
volume-status.details-status
The status of the volume-status.details-name.
Type: String
Valid values for io-enabled: passed | failed
Valid values for io-performance: normal | degraded | severely-degraded | stalled
event.description
A description of the event.
Type: String
event.not-after
The latest end time for the event.
Type: DateTime
API Version 2013-08-15
423
Amazon Elastic Compute Cloud CLI Reference
Options
event.not-before
The earliest start time for the event.
Type: DateTime
event.event-id
The event ID.
Type: String
event.event-type
The event type.
Type: String
Valid values for io-enabled: potential-data-inconsistency
Valid values for io-performance: io-performance:degraded |
io-performance:severely-degraded | io-performance:stalled
action.code
The action code for the event, for example, enable-volume-io
Type: String
action.event-id
The event ID associated with the action.
Type: String
action.description
A description of the action.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
424
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
425
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The VOLUME identifier
• The ID of the volume
• The Availability Zone in which the volume launched
• The volume status name(Ok, impaired, io-enabled, insufficient-data)
• The EVENT identifier
• The ID of the event
• The event type (potential-data-inconsistencies)
• The description of the event
• notBefore (the earliest start time of the event)
• notAfter (the latest end time of the event)
• The ACTION identifier
• The action code (enable-volume-io)
• The ID of the event associated with the action
• The event type associated with the action (potential-data-inconsistency)
• The description of the event associated with the action
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the status of the volumes with the IDs vol-111111 and vol-222222.
PROMPT> ec2-describe-volume-status vol-111111 vol-222222
Type VolumeId AvailabilityZone VolumeStatus
VOLUME vol-111111 us-east-1a ok
VOLUME vol-222222 us-east-1b impaired
Type Name Status
VOLUMESTATUS io-enabled failed
Type EventType NotBefore NotAfter EventId EventDescrip
tion
EVENT potential-data-inconsistency 2011-12-01T14:00:00.000Z evol-
61a54008 This is an example
Type ActionCode EventId EventType
EventDescription
ACTION enable-volume-io evol-61a54008 potential-data-inconsistency
This is an example
Example 2
This example command describes the volumes you own that have failing I/O operations.
PROMPT> ec2-describe-volume-status --filter "volume-status.details-name=io-en
abled" --filter "volume-status.details-status=failed"
API Version 2013-08-15
426
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeVolumeStatus
Related Commands
• ec2-describe-volume-attribute (p. 418)
• ec2-enable-volume-io (p. 481)
• ec2-modify-volume-attribute (p. 542)
API Version 2013-08-15
427
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-volumes
Description
Describes one or more of your Amazon EBS volumes. For more information about Amazon EBS, see
Amazon Elastic Block Store in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2dvol.
Syntax
ec2-describe-volumes [volume_id ...] [[--filter "name=value"] ...]
Options
Description Name
One or more volume IDs.
Type: String
Default: Describes all your volumes.
Required: No
Example: vol-4282672b
volume_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your volumes, or only those you
specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain volumes. For example,
you can use a filter to specify that you're interested in volumes whose status is available. You can
specify multiple values for a filter. The response includes information for a volume only if it matches at
least one of the filter values that you specified.
You can specify multiple filters (for example, specify that the volume is available, and has a specific
tag. The response includes information for a volume only if it matches all the filters that you specified. If
there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
API Version 2013-08-15
428
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-volumes
attachment.attach-time
The time stamp when the attachment initiated.
Type: DateTime
attachment.delete-on-termination
Whether the volume is deleted on instance termination.
Type: Boolean
attachment.device
The device name that is exposed to the instance (for example, /dev/sda1).
Type: String
attachment.instance-id
The ID of the instance the volume is attached to.
Type: String
attachment.status
The attachment state.
Type: String
Valid values: attaching | attached | detaching | detached
availability-zone
The Availability Zone in which the volume was created.
Type: String
create-time
The time stamp when the volume was created.
Type: DateTime
size
The size of the volume, in GiB (for example, 20).
Type: String
snapshot-id
The snapshot from which the volume was created.
Type: String
status
The status of the volume.
Type: String
Valid values: creating | available | in-use | deleting | deleted | error
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
API Version 2013-08-15
429
Amazon Elastic Compute Cloud CLI Reference
Options
volume-id
The volume ID.
Type: String
volume-type
The Amazon EBS volume type. If the volume is an io1 volume, the response includes the IOPS as
well.
Type: String
Valid values: standard | io1
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
API Version 2013-08-15
430
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
1. The volume information
• The VOLUME identifier
• The ID of the volume
• The size of the volume, in GiBs
• The ID of the snapshot the volume was created from
• The Availability Zone of the volume
• The volume status (creating, available, in-use, deleting, deleted, error)
• The time stamp when volume creation was initiated
• The EBS volume type
• The I/O operations per second (IOPS) of a provisioned IOPS volume
API Version 2013-08-15
431
Amazon Elastic Compute Cloud CLI Reference
Output
2. Any attachments for the volume
• The ATTACHMENT identifier
• The ID of the volume
• The ID of the instance
• The device name
• The attachment state of the volume (attaching | attached | detaching | detached)
• The time stamp when the attachment initiated
• Whether the volume is set to delete on termination (true or false)
3. Any tags associated with the volume
• The TAG identifier
• The resource type identifier
• The ID of the resource
• The tag key
• The tag value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes all your volumes.
PROMPT> ec2-describe-volumes
VOLUME vol-1a2b3c4d 30 snap-1a2b3c4d us-west-2a available YYYY-MM-
DDTHH:MM:SS+0000 standard
TAG volume vol-1a2b3c4d Name Volume Name
VOLUME vol-2a2b3c4d 8 snap-2a2b3c4d us-west-2a in-use YYYY-MM-DDTHH:MM:SS+0000
standard
ATTACHMENT vol-2a2b3c4d i-1a2b3c4d /dev/sda1 attached YYYY-MM-DDTHH:MM:SS+0000
true
TAG volume vol-2a2b3c4d Name Second Volume Name
Example 2
This example command describes all volumes that are both attached to the instance with the ID
i-1a2b3c4d and set to delete when the instance terminates.
PROMPT> ec2-describe-volumes --filter "attachment.instance-id=i-1a2b3c4d" --
filter "attachment.delete-on-termination=true"
VOLUME vol-2a2b3c4d 8 snap-2a2b3c4d us-west-2a in-use YYYY-MM-DDTHH:MM:SS+0000
standard
ATTACHMENT vol-2a2b3c4d i-1a2b3c4d /dev/sda1 attached YYYY-MM-DDTHH:MM:SS+0000
true
TAG volume vol-2a2b3c4d Name Second Volume Name
Example 3
This example describes volumes and filters the results by tag. The filter name you use is tag:key. This
command lists just the volumes belonging to either TeamA or TeamB that contain log data. You can use
API Version 2013-08-15
432
Amazon Elastic Compute Cloud CLI Reference
Examples
a wildcard to find the volumes that have a tag with the Purpose key and that have a value that contains
Log.
PROMPT> ec2-describe-volumes --filter tag:Owner=TeamA --filter tag:Owner=TeamB
--filter tag:Purpose=*Log*
VOLUME vol-4562dabf 5 us-east-1b available 2010-02-22T22:50:43+0000
Owner TeamA Purpose RawLogData
VOLUME vol-3b3a4c4d 12 us-east-1b available 2010-05-01T13:09:27+0000
Owner TeamB Purpose Logs
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeVolumes
Related Commands
• ec2-create-snapshot (p. 139)
• ec2-delete-snapshot (p. 211)
API Version 2013-08-15
433
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-vpc-attribute
Description
Describes the specified attribute of the specified VPC. You can specify only one attribute at a time.
The short version of this command is ec2dva.
Syntax
ec2-describe-vpc-attribute vpc-id { --dns-support | --dns-hostname }
Options
Description Name
The ID of the VPC.
Type: String
Required: Yes
Example: vpc-1a2b3c4d
vpc-id
Indicates whether DNS resolution is enabled for the VPC. If
this attribute is true, the Amazon DNS server resolves DNS
hostnames for your instances to their corresponding IP
addresses; otherwise, it does not.
Type: String
Required: No
Example: -s
-s, --dns-support
Indicates whether the instances launched in the VPC get DNS
hostnames. If this attribute is true, instances in the VPC get
DNS hostnames; otherwise, they do not.
Type: String
Required: No
Example: -d
-d, --dns-hostnames
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
434
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpc-attribute
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
435
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the specified VPC attribute.
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the EnableDnsSupport attribute for the VPC with the ID
vpc-1a2b3c4d.
PROMPT> ec2-describe-vpc-attribute vpc-1a2b3c4d --dns-support
This example output indicates that DNS resolution is enabled.
RETURNtrue
Example 2
This example command describes the EnableDnsHostnames attribute for the VPC with the ID
vpc-1a2b3c4d.
PROMPT> ec2-describe-vpc-attribute vpc-1a2b3c4d --dns-hostnames
This example output indicates that DNS hostnames are enabled.
RETURNtrue
Related Topics
Download
• Getting Started with the Command Line Tools
API Version 2013-08-15
436
Amazon Elastic Compute Cloud CLI Reference
Output
Related Action
• DescribeVpcAttribute
Related Commands
• ec2-modify-vpc-attribute (p. 546)
API Version 2013-08-15
437
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-vpcs
Description
Describes one or more of your VPCs.
The short version of this command is ec2dvpc.
Syntax
ec2-describe-vpcs [ vpc_id ... ] [[--filter "name=value"] ...]
Options
Description Name
One or more VPC IDs.
Type: String
Default: Describes all your VPCs.
Required: No
Example: vpc-1a2b3c4d
vpc_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your VPCs, or only those you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain VPCs. For example, you
can use a filter to specify that you're interested in VPCs in the available state. You can specify multiple
values for a filter. The response includes information for a VPC only if it matches at least one of the filter
values that you specified.
You can specify multiple filters; for example, specify VPCs that use one of several sets of DHCP options
and are in the available state. The results include information for a VPC only if it matches all the filters
that you specified. If there's no match, no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
cidr
The CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block
for information to be returned for the VPC.
API Version 2013-08-15
438
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpcs
Type: String
Constraints: Must contain the slash followed by one or two digits (for example, /28)
dhcp-options-id
The ID of a set of DHCP options.
Type: String
isDefault
Indicates whether the VPC is the default VPC.
Type: Boolean
state
The state of the VPC.
Type: String
Valid values: pending | available
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
vpc-id
The ID of the VPC.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
439
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
440
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information for each VPC:
• The VPC identifier
• The ID of the VPC
• The current state of the VPC (pending or available)
• The CIDR block of the VPC
• The ID of the DHCP options associated with the VPC (or default if none)
• Any tags assigned to the VPC
• The allowed tenancy of instances launched into the VPC (default or dedicated)
• Default VPC (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the VPC with the ID vpc-1a2b3c4d.
PROMPT> ec2-describe-vpcs vpc-1a2b3c4d
VPC vpc-1a2b3c4d available 10.0.0.0/23 dopt-7a8b9c2d default false
Example 2
This example command uses filters to describe any VPC you own that uses the set of DHCP options with
the ID dopt-7a8b9c2d or dopt-2b2a3d3c and whose state is available.
PROMPT> ec2-describe-vpcs --filter "dhcp-options-id=dopt-7a8b9c2d" --filter
"dhcp-options-id=dopt-2b2a3d3c" --filter "state=available"
VPC vpc-1a2b3c4d available 10.0.0.0/23 dopt-7a8b9c2d default false
API Version 2013-08-15
441
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeVpcs
Related Commands
• ec2-create-vpc (p. 158)
• ec2-delete-vpc (p. 227)
• ec2-associate-dhcp-options (p. 26)
• ec2-create-dhcp-options (p. 89)
API Version 2013-08-15
442
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-vpn-connections
Description
Describes one or more of your VPN connections.
For VPN connections in the pending or available state only, you can also optionally get the configuration
information for the VPN connection's customer gateway. You do this by specifying a format with the
--format option, or by specifying an XSL stylesheet of your own design with the --stylesheet option
(you were also able to do this when you created the VPN connection).
For more information about VPN connections, see Adding a Hardware Virtual Private Gateway to Your
VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2dvpn.
Syntax
ec2-describe-vpn-connections [vpn_connection_id ... ] [{--format format} |
{--stylesheet your_stylesheet}] [[--filter "name=value"] ...]
Options
Description Name
One or more VPN connection IDs.
Type: String
Default: Describes all your VPN connections.
Required: No
Example: vpn-44a8938f
vpn_connection_id
Includes customer gateway configuration information in the
response, in the format specified by this option. The
information is returned only if the VPN connection is in the
pending or available state. The returned information can be
formatted for various devices, including a Cisco device
(cisco-ios-isr) or Juniper device (juniper-junos-j), in human
readable format (generic), or in the native XML format (xml).
Type: String
Valid values: cisco-ios-isr | juniper-junos-j |
juniper-screenos-6.2 | juniper-screenos-6.1 |
generic | xml
Default: None
Required: No
Example: --format cisco-ios-isr
--format format
API Version 2013-08-15
443
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpn-connections
Description Name
Includes customer gateway configuration information in the
response, formatted according to the custom XSL stylesheet
you specify with this option. The information is returned only
if the VPN connection is in the pending or available state.
Type: String
Default: None
Required: No
Example: --stylesheet c:\my_stylesheet.xsl
--stylesheet your_stylesheet
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your VPN connections, or only those
you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain VPN connections. For
example, you can use a filter to specify that you're interested in the VPN connections in the pending or
available state. You can specify multiple values for a filter. The response includes information for a
VPN connection only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify VPN connections that are associated with a specific
virtual private gateway, and the gateway is in the pending or available state. The response includes
information for a VPN connection only if it matches all the filters that you specified. If there's no match,
no special message is returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
The following are the available filters.
customer-gateway-configuration
The configuration information for the customer gateway.
Type: String
customer-gateway-id
The ID of a customer gateway associated with the VPN connection.
Type: String
state
The state of the VPN connection.
Type: String
Valid values: pending | available | deleting | deleted
option.static-routes-only
Indicates whether the connection has static routes only. Used for devices that do not support Border
Gateway Protocol (BGP).
API Version 2013-08-15
444
Amazon Elastic Compute Cloud CLI Reference
Options
Type: Boolean
route.destination-cidr-block
The destination CIDR block. This corresponds to the subnet used in a customer data center.
Type: String
bgp-asn
The BGP Autonomous System Number (ASN) associated with a BGP device.
Type: Integer
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
type
The type of VPN connection. Currently the only supported type is ipsec.1.
Type: String
Valid values: ipsec.1
vpn-connection-id
The ID of the VPN connection.
Type: String
vpn-gateway-id
The ID of a virtual private gateway associated with the VPN connection.
Type: String
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
445
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
446
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNCONNECTION identifier
• The ID of the VPN connection
• The type of VPN connection
• The ID of the customer gateway
• The ID of the virtual private gateway
• The state of the VPN connection (pending, available, deleting, deleted)
• Configuration information for the customer gateway (optional and available only if the VPN connection
is in the pending or available state)
• Any tags assigned to the VPN connection
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the VPN connection with the ID vpn-44a8938f. The example specifies
that the configuration information be formatted as needed for a Cisco customer gateway. Because it's a
long set of information, we haven't displayed it here in the output. To see an example of the configuration
information, see the Amazon Virtual Private Cloud Network Administrator Guide.
PROMPT> ec2-describe-vpn-connections vpn-44a8938f --format cisco-ios-isr
VPNCONNECTION vpn-44a8938f ipsec.1 vgw-8db04f81 cgw-b4dc3961 available
Example 2
This example command uses filters to describe any VPN connection you own that is associated with the
customer gateway with the ID cgw-b4dc3961, and whose state is either pending or available. Note
that it doesn't use the option that causes the output to include the customer gateway configuration.
PROMPT> ec2-describe-vpn-connections --filter "customer-gateway-id=cgw-b4dc3961"
--filter "state=pending" --filter "state=available"
VPNCONNECTION vpn-44a8938f ipsec.1 vgw-8db04f81 cgw-b4dc3961 available
API Version 2013-08-15
447
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeVpnConnections
Related Commands
• ec2-create-vpn-connection (p. 162)
• ec2-delete-vpn-connection (p. 230)
API Version 2013-08-15
448
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-describe-vpn-gateways
Description
Describes the specified virtual private gateways.
For more information about virtual private gateways, see Adding a Hardware Virtual Private Gateway to
Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2dvgw.
Syntax
ec2-describe-vpn-gateways [vpn_gateway_id ... ] [[--filter "name=value"] ...]
Options
Description Name
One or more virtual private gateway IDs.
Type: String
Default: Describes all your virtual private gateways.
Required: No
Example: vgw-8db04f81
vpn_gateway_id
A filter for limiting the results. See the Supported Filters
section for a list of supported filters. Use quotation marks if
the value string has a space ("name=value example"). On a
Windows system, use quotation marks even without a space
in the value string ("name=valueexample").
Type: String
Default: Describes all your virtual private gateways, or only
those you specified.
Required: No
Example: --filter "tag-key=Production"
-F, --filter name=value
Supported Filters
You can specify filters so that the response includes information for only certain virtual private gateways.
For example, you can use a filter to specify that you're interested in the virtual private gateways in the
pending or available state. You can specify multiple values for a filter. The response includes
information for a virtual private gateway only if it matches at least one of the filter values that you specified.
You can specify multiple filters; for example, specify virtual private gateways that are in a specific Availability
Zone and are in the pending or available state. The response includes information for a virtual private
gateway only if it matches all the filters that you specified. If there's no match, no special message is
returned, the response is simply empty.
You can use wildcards in a filter value. An asterisk (*) matches zero or more characters, and a question
mark (?) matches exactly one character. You can escape special characters using a backslash (\) before
the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\.
API Version 2013-08-15
449
Amazon Elastic Compute Cloud CLI Reference
ec2-describe-vpn-gateways
The following are the available filters.
attachment.state
The current state of the attachment between the gateway and the VPC.
Type: String
Valid values: attaching | attached | detaching | detached
attachment.vpc-id
The ID of an attached VPC.
Type: String
availability-zone
The Availability Zone for the virtual private gateway.
Type: String
state
The state of the virtual private gateway.
Type: String
Valid values: pending | available | deleting | deleted
tag-key
The key of a tag assigned to the resource. This filter is independent of the tag-value filter. For
example, if you use both the filter "tag-key=Purpose" and the filter "tag-value=X", you get any
resources assigned both the tag key Purpose (regardless of what the tag's value is), and the tag
value X (regardless of what the tag's key is). If you want to list only resources where Purpose is X,
see the tag:key filter.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud
User Guide.
Type: String
tag-value
The value of a tag assigned to the resource. This filter is independent of the tag-key filter.
Type: String
tag:key
Filters the response based on a specific tag/value combination.
Example: To list just the resources that have been assigned tag Purpose=X, specify:
--filter tag:Purpose=X
Example: To list just resources that have been assigned tag Purpose=X OR Purpose=Y, specify:
--filter tag:Purpose=X --filter tag:Purpose=Y
type
The type of virtual private gateway. Currently the only supported type is ipsec.1.
Type: String
Valid values: ipsec.1
vpn-gateway-id
The ID of the virtual private gateway.
Type: String
API Version 2013-08-15
450
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
451
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNGATEWAY identifier
• The ID of the virtual private gateway
• The state of the virtual private gateway (pending, available, deleting, deleted)
• The Availability Zone where the virtual private gateway was created
• The type of VPN connection the virtual private gateway supports
• The VGWATTACHMENT identifier
• The ID of each attached VPC and the state of each attachment (attaching, attached, detaching,
detached)
• Any tags assigned to the virtual private gateway
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command describes the virtual private gateway with the ID vgw-8db04f81.
API Version 2013-08-15
452
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-describe-vpn-gateways vgw-8db04f81
VPNGATEWAY vgw-8db04f81 available us-east-1a ipsec.1
VGWATTACHMENT vpc-1a2b3c4d attached
Example 2
This example command uses filters to describe any virtual private gateway you own that is in the us-east-1a
Availability Zone, and whose state is either pending or available.
PROMPT> ec2-describe-vpn-gateways --filter "availability-zone=us-east-1a" --
filter "state=pending" --filter "state=available"
VPNGATEWAY vgw-8db04f81 available ipsec.1
VGWATTACHMENT vpc-1a2b3c4d attached
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DescribeVpnGateways
Related Commands
• ec2-create-vpn-gateway (p. 170)
• ec2-delete-vpn-gateway (p. 236)
API Version 2013-08-15
453
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-detach-internet-gateway
Description
Detaches the specified Internet gateway from the specified VPC, disabling connectivity between the
Internet and the VPC. The VPC must not contain a running instance with an Elastic IP address.
The short version of this command is ec2detigw.
Syntax
ec2-detach-internet-gateway vpn_gateway_id -c vpc_id
Options
Description Name
The ID of the Internet gateway.
Type: String
Default: None
Required: Yes
Example: igw-8db04f81
vpn_gateway_id
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: -c vpc-1a2b3c4d
-c, --vpc vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
454
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-internet-gateway
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
455
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command detaches the Internet gateway with the ID igw-eaad4883 from the VPC with
the ID vpc-11ad4878.
PROMPT> ec2-detach-internet-gateway igw-eaad4883 -c vpc-11ad4878
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DetachInternetGateway
Related Commands
• ec2-detach-internet-gateway (p. 34)
• ec2-create-internet-gateway (p. 106)
• ec2-delete-internet-gateway (p. 186)
• ec2-describe-internet-gateways (p. 320)
API Version 2013-08-15
456
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-detach-network-interface
Description
Detaches the specified network interface from the specified instance.
The short version of this command is ec2detnic.
Syntax
ec2-detach-network-interface attachment_id [--force]
Options
Description Name
The ID of the network attachment.
Type: String
Default: None
Required: Yes
Example: eni-attach-083fda61
attachment_id
Forces the detachment.
Type: String
Default: None
Required: No
-f, --force
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
457
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-network-interface
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
458
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ATTACHMENT identifier
• The ID of the network interface
• The attachment state of the volume (attaching | attached | detaching | detached)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command detaches the specified network interface from the instance it's attached to.
PROMPT> ec2-detach-network-interface eni-attach-083fda61
ATTACHMENT eni-attach-083fda61 detaching
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DetachNetworkInterface
Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-modify-network-interface-attribute (p. 529)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
459
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-detach-volume
Description
Detaches the specified Amazon EBS volume from an instance. Make sure to unmount any file systems
on the device within your operating system before detaching the volume. Failure to do so will result in
the volume being stuck in "busy" state while detaching.
Note
If an Amazon EBS volume is the root device of an instance, it can't be detached while the instance
is in the running state. To detach the root volume, stop the instance first.
If the root volume is detached from an instance with an AWS Marketplace product code, then
the AWS Marketplace product codes from that volume are no longer associated with the instance.
For more information about Amazon EBS, see Amazon Elastic Block Store in the Amazon Elastic Compute
Cloud User Guide.
The short version of this command is ec2detvol.
Syntax
ec2-detach-volume volume_id [--instance instance_id [--device device]] [--force]
Options
Description Name
The ID of the volume.
Type: String
Default: None
Required: Yes
Example: vol-4282672b
volume_id
The ID of the instance.
Type: String
Default: None
Required: No
Example: -i i-6058a509
-i, --instance instance_id
The device name.
Type: String
Default: None
Required: No
Example: -d /dev/sdh
-d, --device device
API Version 2013-08-15
460
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-volume
Description Name
Forces detachment if the previous detachment attempt did
not occur cleanly (logging into an instance, unmounting the
volume, and detaching normally). This option can lead to data
loss or a corrupted file system. Use this option only as a last
resort to detach a volume from a failed instance. The instance
will not have an opportunity to flush file system caches or file
system metadata. If you use this option, you must perform
file system check and repair procedures.
Type: Boolean
Default: None
Required: No
Example: -f
-f, --force
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
API Version 2013-08-15
461
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ATTACHMENT identifier
• The ID of the volume
• The ID of the instance
• The device name
API Version 2013-08-15
462
Amazon Elastic Compute Cloud CLI Reference
Output
• The attachment state of the volume (attaching | attached | detaching | detached)
• The time stamp when the attachment initiated
• Whether the volume is set to delete on termination (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command detaches the volume with the ID vol-1a2b3c4d from the instance it's attached
to.
PROMPT> ec2-detach-volume vol-1a2b3c4d
ATTACHMENT vol-1a2b3c4d i-1a2b3c4d /dev/sdh detaching YYYY-MM-DDTHH:MM:SS+0000
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DetachVolume
Related Commands
• ec2-attach-volume (p. 40)
• ec2-create-volume (p. 154)
• ec2-delete-volume (p. 224)
• ec2-describe-volumes (p. 428)
API Version 2013-08-15
463
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-detach-vpn-gateway
Description
Detaches the specified virtual private gateway from a VPC. You do this if you're planning to turn off the
VPC and not use it anymore. You can confirm a virtual private gateway has been completely detached
from a VPC by describing the virtual private gateway (any attachments to the virtual private gateway are
also described).
You must wait for the attachment's state to switch to detached before you can delete the VPC or attach
a different VPC to the virtual private gateway.
For more information about virtual private gateways, see Adding a Hardware Virtual Private Gateway to
Your VPC in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2detvgw.
Syntax
ec2-detach-vpn-gateway -p vpn_gateway_id -c vpc_id
Options
Description Name
The ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
Example: -p vgw-8db04f81
-p vpn_gateway_id
The ID of the VPC.
Type: String
Default: None
Required: Yes
Example: -c vpc-1a2b3c4d
-c vpc_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
464
Amazon Elastic Compute Cloud CLI Reference
ec2-detach-vpn-gateway
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
465
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The VPNGATEWAY identifier
• The ID of the VPC
• The state of detachment (attaching, attached, detaching, detached)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command detaches the virtual private gateway with the ID vgw-8db04f81 from the VPC
with the ID vpc-1a2b3c4d.
PROMPT> ec2-detach-vpn-gateway -p vgw-8db04f81 -c vpc-1a2b3c4d
VGWATTACHMENT vpc-1a2b3c4d detaching
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DetachVpnGateway
API Version 2013-08-15
466
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-attach-vpn-gateway (p. 44)
• ec2-describe-vpn-gateways (p. 449)
API Version 2013-08-15
467
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-disable-vgw-route-propagation
Description
Disables the specified virtual private gateway (VGW) from propagating routes to the routing tables of the
VPC.
The short version of this command is ec2drp.
Syntax
ec2-disable-vgw-route-propagation --route-table route_table_id --vgw vgw_id
Options
Description Name
The ID of the routing table.
Type: String
Default: None
Required: Yes
--route-table route_table_id
The ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
--vgw vgw_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
468
Amazon Elastic Compute Cloud CLI Reference
ec2-disable-vgw-route-propagation
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
469
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns true if the operation succeeds or an error if the operation does not succeed.
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command disables the virtual private gateway with the ID vgw-2acfb1 from propagating
routes to route table with the ID rtb-5c6de435.
PROMPT> ec2-disable-vgw-route-propagation --route-table rtb-5c6de435 --vgw
vgw-2acfb1
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DisableVgwRoutePropagation
API Version 2013-08-15
470
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-disassociate-address
Description
Disassociates the specified Elastic IP address from the instance or network interface it's associated with.
An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. For more information, see
Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
This is an idempotent action. If you enter it more than once, Amazon EC2 does not return an error.
The short version of this command is ec2disaddr.
Syntax
ec2-disassociate-address {ip_address | -a association_id}
Options
Description Name
[EC2-Classic] The Elastic IP address.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-Classic.
Example: 192.0.2.1
ip_address
[EC2-VPC] The association ID.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-VPC.
Example: -a eipassoc-fc5ca095
-a, --association-id
assocation_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
471
Amazon Elastic Compute Cloud CLI Reference
ec2-disassociate-address
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
472
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ADDRESS identifier
• [EC2-Classic] The Elastic IP address
• [EC2-VPC] The association ID.
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command disassociates the Elastic IP address 192.0.2.1 from the instance it's associated
with in EC2-Classic.
PROMPT> ec2-disassociate-address 192.0.2.1
ADDRESS 192.0.2.1
Example 2
This example command disassociates the Elastic IP address with the association ID eipassoc-048c746d
from the instance it's associated with in a VPC.
PROMPT> ec2-disassociate-address -a eipassoc-048c746d
ADDRESS eipassoc-048c746d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DisassociateAddress
API Version 2013-08-15
473
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-allocate-address (p. 13)
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 246)
• ec2-release-address (p. 565)
API Version 2013-08-15
474
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-disassociate-route-table
Description
Disassociates the specified subnet from its associated route table.
After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the
routes in the VPC's main route table. For more information about route tables, see Route Tables in the
Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2disrtb.
Syntax
ec2-disassociate-route-table route_table_association_id
Options
Description Name
The association ID representing the current association
between the route table and subnet.
Type: String
Default: None
Required: Yes
Example: rtbassoc-61a34608
route_table_association_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
475
Amazon Elastic Compute Cloud CLI Reference
ec2-disassociate-route-table
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
476
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command disassociates the route table with the association ID rtbassoc-fdad4894 from
the subnet it's associated with.
PROMPT> ec2-disassociate-route-table rtbassoc-fdad4894
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• DisassociateRouteTable
Related Commands
• ec2-associate-route-table (p. 30)
• ec2-create-route-table (p. 136)
• ec2-delete-route-table (p. 208)
• ec2-describe-route-tables (p. 376)
• ec2-replace-route-table-association (p. 580)
API Version 2013-08-15
477
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-enable-vgw-route-propagation
Description
Enables the specified virtual private gateway (VGW) to propagate routes to the routing tables of the VPC.
The short version of this command is ec2erp.
Syntax
ec2-enable-vgw-route-propagation --route-table route_table_id --vgw vgw_id
Options
Description Name
The ID of the routing table.
Type: String
Default: None
Required: Yes
--route-table route_table_id
The ID of the virtual private gateway.
Type: String
Default: None
Required: Yes
--vgw vgw_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
478
Amazon Elastic Compute Cloud CLI Reference
ec2-enable-vgw-route-propagation
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
479
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns true if the operation succeeds or an error if the operation does not succeed.
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command enables the virtual private gateway with the ID vgw-2acfb1 to propagate static
routes to the route table with the ID rtb-5c6de435.
PROMPT> ec2-enable-vgw-route-propagation --route-table rtb-5c6de435 --vgw vgw-
2acfb1
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• EnableVgwRoutePropagation
API Version 2013-08-15
480
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-enable-volume-io
Description
Enables I/O operations for the specified volume that had its I/O operations disabled because the data on
the volume was potentially inconsistent.
The short version of this command is ec2evio.
Syntax
ec2-enable-volume-io volume_id
Options
Description Name
The ID of the volume.
Type: String
Default: None
Required: Yes
Example: vol-43a4412a
volume_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
481
Amazon Elastic Compute Cloud CLI Reference
ec2-enable-volume-io
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
482
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a Boolean value indicating whether the request succeeded.
• Boolean value representing whether the call succeeded.
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command enables I/O operations for the volume with the ID vol-232323.
PROMPT> ec2-enable-volume-io vol-232323
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• EnableVolumeIO
Related Commands
• ec2-describe-volume-status (p. 422)
API Version 2013-08-15
483
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-fingerprint-key
Description
Computes and displays the fingerprint for a private key produced by Amazon EC2.
This operation is performed entirely on the client-side. Network access is not required.
The short version of this command is ec2fp.
Syntax
ec2-fingerprint-key keyfile
Options
Description Name
The path to a file containing an unencrypted PEM-encoded
PKCS#8 private key.
Type: String
Default: None
Required: Yes
Example: mykey.pem
keyfile
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
484
Amazon Elastic Compute Cloud CLI Reference
ec2-fingerprint-key
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
485
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• A key fingerprint. This is formatted as a hash digest with each octet separated by a colon
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command computes and displays the fingerprint of the private key for the key pair named
my-key-pair.
PROMPT> ec2-fingerprint-key my-key-pair.pem
1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
Related Topics
Download
• Getting Started with the Command Line Tools
Related Commands
• ec2-describe-keypairs (p. 324)
API Version 2013-08-15
486
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-get-console-output
Description
Gets the console output for the specified instance.
Instances do not have a physical monitor through which you can view their console output. They also
lack physical controls that allow you to power up, reboot, or shut them down. To allow these actions, we
provide them through the Amazon EC2 API and command line interface.
Instance console output is buffered and posted shortly after instance boot, reboot, and termination.
Amazon EC2 preserves the most recent 64 KB output which will be available for at least one hour after
the most recent post.
For Linux/UNIX instances, the instance console output displays the exact console output that would
normally be displayed on a physical monitor attached to a machine. This output is buffered because the
instance produces it and then posts it to a store where the instance's owner can retrieve it.
For Windows instances, the instance console output displays the last three system event log errors.
The short version of this command is ec2gcons.
Syntax
ec2-get-console-output instance_id [-r]
Options
Description Name
The ID of the instance.
Type: String
Default: None
Required: Yes
Example: i-10a64379
instance_id
Returns raw output without escapes to facilitate reading.
Type: String
Default: Disabled
Required: No
Example: -r
-r, --raw-console-output
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
487
Amazon Elastic Compute Cloud CLI Reference
ec2-get-console-output
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
488
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ID of the instance
• A timestamp indicating the time of the last update
• The instance console output. By default the ^ESC character is escaped and duplicate new-lines are
removed to facilitate reading
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command retrieves the console output for the Linux/UNIX instance with the ID i-10a64379.
PROMPT> ec2-get-console-output i-10a64379
i-10a64379
2010-04-08T09:20:29+0000
Linux version 2.6.21.7-2.ec2.v1.2.fc8xen (root@domU-12-34-56-0A-78-01) (gcc
version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Nov 20 19:22:36 EST 2009
BIOS-provided physical RAM map:
sanitize start
sanitize bail 0
copy_e820_map() start: 0000000000000000 size: 000000006ac00000 end:
000000006ac00000 type: 1
Xen: 0000000000000000 - 000000006ac00000 (usable)
980MB HIGHMEM available.
727MB LOWMEM available.
NX (Execute Disable) protection: active
...
API Version 2013-08-15
489
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• GetConsoleOutput
Related Commands
• ec2-run-instances (p. 624)
API Version 2013-08-15
490
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-get-password
Description
Retrieves and decrypts the administrator password for the instances running Windows.
The Windows password is only generated the first time an AMI is launched. It is not generated for rebundled
AMIs or after the password is changed on an instance.
The password is encrypted using the key pair that you specified when you launched the instance. You
must provide the corresponding key pair file.
Password generation and encryption takes a few moments. Please wait up to 15 minutes after launching
an instance before trying to retrieve the generated password.
The short version of this command is ec2gpass.
Syntax
ec2-get-password instance_id -k key_file
Options
Description Name
The ID of a Windows instance.
Type: String
Default: None
Required: Yes
Example: i-9b76d0f3
instance_id
The file that contains the private key used to launch the
instance.
Type: String
Default: None
Required: Yes
Example: -k windows-keypair.pem
-k, --priv-launch-key key_file
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
491
Amazon Elastic Compute Cloud CLI Reference
ec2-get-password
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
492
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The Windows administrator password
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command returns the administrator password for the instance with the ID i-2574e22a.
PROMPT> ec2-get-password i-2574e22a -k windows-keypair.pem
q96A40B9w
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• GetPasswordData
API Version 2013-08-15
493
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-run-instances (p. 624)
• ec2-describe-instances (p. 307)
API Version 2013-08-15
494
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-import-instance
Description
Creates an import instance task using metadata from the specified disk image, and imports the image to
Amazon EC2. For more information about prerequisites for importing an instance, see Before You Get
Started and Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon
Elastic Compute Cloud User Guide.
If the upload task doesn't complete, use ec2-resume-import to resume the import from where it was
interrupted.
The short version of this command is ec2iin.
Syntax
ec2-import-instance -t instance_type [-g group] -f file_format -a architecture
[-p platform_name] -b s3_bucket_name [-o owner] -w secret_key [--prefix prefix]
[--manifest-url url] [-s volume_size ] [-z availability_zone] [-d description]
[--user-data user_data] [--user-data-file disk_image_filename] [--subnet
subnet_id] [--private-ip-address ip_address] [--monitor]
[--instance-initiated-shutdown-behavior behavior] [--x days]
[--ignore-region-affinity] [--dry-run] [--no-upload] [--dont-verify-format]
Options
Description Name
The type of instance to be launched. See Available Instance
Types for more information.
Type: String
Default: m1.small
Required: Yes
Example: -t m1.small
Note
The -a option is only honored if the -t option is
passed. If the -t option is not passed, then -a is
treated as i386. If the -t option is not passed, the
instance type defaults to m1.small.
-t, --instance-type
instance_type
The security group within which the instances should be run.
Determines the ingress firewall rules that are applied to the
launched instances. Only one security group is supported for
an instance.
Type: String
Default: Your default security group
Required: No
Example: -g myGroup
-g, --group group
API Version 2013-08-15
495
Amazon Elastic Compute Cloud CLI Reference
ec2-import-instance
Description Name
The file format of the disk image.
Type: String
Valid values: VMDK | RAW | VHD
Default: None
Required: Yes
Example: -f VMDK
-f, --format file_format
The architecture of the image. Using this option ensures that
your image is imported as the expected instance type.
Type: String
Valid values: i386 | x86_64
Default: i386
Required: Yes
Condition: Required if instance type is specified; otherwise
defaults to i386.
Note
The -a option is only honored if the -t option is
passed. If the -t option is not passed, then -a is
treated as i386. If the -t option is not passed, the
instance type defaults to m1.small.
Example: -a i386
-a, --architecture
architecture
The operating system of the instance.
Type: String
Default: None
Valid value: Windows
Required: No
-p, --platform platform_name
The Amazon S3 destination bucket for the manifest.
Type: String
Default: None
Required: Conditional
Condition: The --manifest-url parameter is not specified.
Example: myawsbucket
-b, --bucket s3_bucket_name
The access key ID of the bucket owner.
Type: String
Default: None
Required: No
Example: AKIAIOSFODNN7EXAMPLE
-o, --owner-akid access_key_id
The secret access key of the bucket owner.
Type: String
Default: None
Required: Yes
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
secret_access_key
API Version 2013-08-15
496
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The prefix for the manifest file and disk image file parts within
the Amazon S3 bucket.
Type: String
Default: None
Required: No
Example: --prefix MyDiskParts
--prefix prefix
The URL for an existing import manifest file already uploaded
to Amazon S3.
Type: String
Default: None. This option can't be specified if the --bucket
option is present.
Required: No
Example: my-ami.manifest.xml
--manifest-url url
The size of the Amazon EBS volume, in GiB (2^30 bytes),
that will hold the converted image. If not specified, Amazon
EC2 calculates the value using the disk image file.
Type: String
Default: None
Required: No
Example: -s 30
-s, --volume-size volume_size
The Availability Zone for the converted VM.
Type: String
Valid values: Use ec2-describe-availability-zones
for a list of values
Default: None
Required: No
Example: -z us-east-1
-z, --availability-zone
availability_zone
An optional, free-form comment returned verbatim during
subsequent calls to ec2-describe-conversion-tasks.
Type: String
Default: None
Constraint: Maximum length of 255 characters
Required: No
Example: -d Test of ec2-import-instance
-d, --description description
User data to be made available to the imported instance.
Type: String
Default: None
Required: No
Example: --user-data This is user data
--user-data user_data
API Version 2013-08-15
497
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The file containing user data made available to the imported
instance.
Type: String
Default: None
Required: No
Example: --user-data-file my_data_file
--user-data-file
disk_image_filename
[EC2-VPC] The ID of the subnet into which you're launching
the instance.
Type: String
Default: None
Required: No
Example: --subnet subnet-f3e6ab83
--subnet subnet_id
[EC2-VPC] The specific IP address within subnet to use for
the instance.
Type: String
Default: None
Required: No
Example: --private-ip-address 10.0.0.3
--private-ip-address
ip_address
Enables monitoring of the specified instances.
Type: String
Default: None
Required: No
Example: --monitor
--monitor
Indicates whether an instance stops or terminates when you
initiate shutdown from the instance (using the operating
system command for system shutdown).
Type: String
Valid values: stop | terminate
Default: None
Required: No
Example: --instance-initiated-shutdown-behavior stop
--instance-initiated-shutdown-behavior
behavior
The validity period for the signed Amazon S3 URLs that allow
Amazon EC2 to access the manifest.
Type: String
Default: 30 days
Required: No
Example: -x 10
-x, --expires days
Ignores the verification check to determine whether the
bucket's region matches the region where the conversion task
is created.
Type: None
Default: None
Required: No
Example: --ignore-region-affinity
--ignore-region-affinity
API Version 2013-08-15
498
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
Validates that the disk image matches a known type, without
creating an import task.
Type: None
Default: None
Required: No
Example: --dry-run
--dry-run
Skips verifying the file format. We don't recommend this option
because it can result in a failed conversion.
Type: None
Default: None
Required: No
Example: --dont-verify-format
--dont-verify-format
Creates an import task, without uploading a disk image to
Amazon S3. To complete the import task and upload the disk
image, use ec2-resume-import.
Type: None
Default: None
Required: No
Example: --no-upload
--no-upload
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
499
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
500
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns the following information:
• Task ID, which you will use in other commands
• General information about the disk image, such as the size and format
• General information about the import operation, such as the status, bytes received, and expiration
deadline
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command creates an import instance task that migrates a Windows Server 2008 SP2
(32-bit) VM into the us-east-1 region.
PROMPT> ec2-import-instance -t m1.xlarge ./WinSvr8-disk1.vmdk -f VMDK -o AKI
AIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -b myawsbucket
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ImportInstance
Related Commands
• ec2-cancel-conversion-task (p. 62)
• ec2-delete-disk-image (p. 179)
• ec2-describe-conversion-tasks (p. 260)
• ec2-import-volume (p. 506)
• ec2-resume-import (p. 613)
API Version 2013-08-15
501
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-import-keypair
Description
Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with
ec2-create-keypair, in which AWS creates the key pair and gives the keys to you (AWS keeps a
copy of the public key). With ec2-import-keypair, you create the key pair and give AWS just the
public key. The private key is never transferred between you and AWS.
You can easily create an RSA key pair on Windows and Linux using the ssh-keygen command line tool
(provided with the standard OpenSSH installation). Standard library support for RSA key pair creation is
also available in Java, Ruby, Python, and many other programming languages.
Supported formats:
• OpenSSH public key format (e.g., the format in ~/.ssh/authorized_keys)
• Base64 encoded DER format
• SSH public key file format as specified in RFC4716
DSA keys are not supported. Make sure your key generator is set up to create RSA keys.
Supported lengths: 1024, 2048, and 4096.
Note that you can have up to five thousand key pairs per region.
The short version of this command is ec2ikey.
Syntax
ec2-import-keypair key_name --public-key-file key_file
Options
Description Name
A unique name for the key pair.
Type: String
Default: None
Required: Yes
Example: my-key-pair
key_name
The path and name of the file containing the public key.
Type: String
Default: None
Required: Yes
Example: -f C:\keys\my-key-pair.ppk
-f, --public-key-file key_file
API Version 2013-08-15
502
Amazon Elastic Compute Cloud CLI Reference
ec2-import-keypair
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
503
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns a table that contains the following information:
• The KEYPAIR identifier
• The name of the key pair
• The MD5 public key fingerprint as specified in section 4 of RFC4716
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command imports the public key from the file C:\keys\my-key-pair.ppk. The response
displays the MD5 public key fingerprint as specified in section 4 of RFC4716.
PROMPT> ec2-import-keypair my-key-pair --public-key-file C:\keys\my-key-pair.ppk
KEYPAIR my-key-pair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
API Version 2013-08-15
504
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ImportKeyPair
Related Commands
• ec2-create-keypair (p. 109)
• ec2-delete-keypair (p. 189)
• ec2-describe-keypairs (p. 324)
API Version 2013-08-15
505
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-import-volume
Description
Creates an import volume task using metadata from the specified disk image, and imports the image to
Amazon EC2. For more information about prerequisites for importing a volume, see Before You Get
Started and Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon
Elastic Compute Cloud User Guide.
If the upload task doesn't complete, use ec2-resume-import to resume the import from where it was
interrupted.
The short version of this command is ec2ivol.
Syntax
ec2-import-volume disk_image -f file_format [-s volume_size] -z availability_zone
[-b s3_bucket_name] [-o owner] -w secret_key [--prefix prefix] [--manifest-url
url] [-d description] [--x days] [--ignore-region-affinity] [--dry-run]
[--no-upload] [--dont-verify-format]
Options
Description Name
The local file name of the disk image.
Type: String
Default: None
Required: Yes
Example: WinSvr8-64-disk1.vmdk
disk_image
The file format of the disk image.
Type: String
Valid values: vmdk | raw | vhd
Default: None
Required: Yes
Example: -f vmdk
-f, --format file_format
The size, in GB (2^30 bytes), of an Amazon EBS volume that
will hold the converted image. If not specified, Amazon EC2
calculates the value using the disk image file.
Type: String
Default: None
Required: No
Example: -s 30
-s, --volume-size volume_size
API Version 2013-08-15
506
Amazon Elastic Compute Cloud CLI Reference
ec2-import-volume
Description Name
The Availability Zone for the converted VM.
Type: String
Valid values: Use ec2-describe-availability-zones
for a list of values.
Required: No
Example: -z us-east-1a
-z, --availability-zone zone
The Amazon S3 destination bucket for the manifest.
Type: String
Default: None
Condition: Required when the --manifest-url parameter
is not specified.
Required: Yes
Example: -b myawsbucket
-b, --bucket bucket
The access key ID of the bucket owner.
Type: String
Default: None
Required: No
Example: AKIAIOSFODNN7EXAMPLE
-o, --owner-akid access_key_id
The secret access key of the bucket owner.
Type: String
Default: None
Required: Yes
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
secret_access_key
The prefix for the manifest file and disk image file parts within
the Amazon S3 bucket.
Type: String
Default: None
Required: No
Example: --prefix MyDiskParts
--prefix prefix
The URL for an existing import manifest file already uploaded
to Amazon S3.
Type: String
Default: None
Condition: This option can't be specified if the --bucket option
is present.
Required: No
Example: my-ami.manifest.xml
--manifest-url url
API Version 2013-08-15
507
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
An optional, free-form comment returned verbatim during
subsequent calls to ec2-describe-conversion tasks.
Type: String
Default: None
Constraint: Maximum length of 255 characters
Required: No
Example: -d Test of ec2-import-instance
-d, --description description
The validity period for the signed Amazon S3 URLs that allow
Amazon EC2 to access the manifest.
Type: String
Default: 30 days
Required: No
Example: -x 10
-x, --expires days
Ignores the verification check to determine whether the
bucket's region matches the region where the conversion-task
is created.
Type: None
Default: None
Required: No
Example: --ignore-region-affinity
--ignore-region-affinity
Does not create an import task, only validates that the disk
image matches a known type.
Type: None
Default: None
Required: No
Example: --dry-run
--dry-run
Does not upload a disk image to Amazon S3, only creates an
import task. To complete the import task and upload the disk
image, use ec2-resume-import.
Type: None
Default: None
Required: No
Example: --no-upload
--no-upload
Does not verify the file format. We don't recommend this
option because it can result in a failed conversion.
Type: None
Default: None
Required: No
Example: --dont-verify-format
--dont-verify-format
API Version 2013-08-15
508
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
509
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the following information:
• The percentage of the import completed
• The checksum value
• Information about the volume, such as the size and format
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command creates an import volume task that migrates a Windows Server 2008 (32-bit)
volume into the us-east-1 region.
PROMPT> ec2-import-volume 123M.vmdk -f VMDK -z us-east-1a -s 9 -b myawsbucket
-o AKIAIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
API Version 2013-08-15
510
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ImportVolume
Related Commands
• ec2-cancel-conversion-task (p. 62)
• ec2-delete-disk-image (p. 179)
• ec2-describe-conversion-tasks (p. 260)
• ec2-import-instance (p. 495)
• ec2-resume-import (p. 613)
API Version 2013-08-15
511
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-migrate-image
Description
Copies a bundled AMI from one region to another.
Important
This tool does not work with AMIs backed by Amazon EBS.
Note
This tool replaces ec2-migrate-bundle (p. 677).
The short version of this command is ec2mim.
Syntax
ec2-migrate-image --private-key private_key --cert cert -U url --owner-akid
access_key_id --owner-sak secret_access_key --bucket source_s3_bucket
--destination-bucket destination_s3_bucket --manifest manifest_path --acl acl
--location {US | EU} --ec2cert ec2_cert_path [--kernel kernel-id] [--ramdisk
ramdisk_id] {--no-mapping} --region mapping_region_name
Options
Description Name
The path to your PEM-encoded RSA key file.
Type: String
Default: Uses the EC2_PRIVATE_KEY environment variable
Required: No
-K, --private-key private_key
The user's PEM encoded RSA public key certificate file.
Type: String
Default: Uses the EC2_CERT environment variable
Required: No
Example: -C
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert cert
The URL to use as the web service URL.
Type: String
Default: https://ec2.amazonaws.com
Required: No
Example: -U https://ec2.amazonaws.com
-U, --url url
The access key ID of the bucket owner.
Type: String
Default: None
Required: Yes
Example: -o AKIAIOSFODNN7EXAMPLE
-o, --owner-akid access_key_id
API Version 2013-08-15
512
Amazon Elastic Compute Cloud CLI Reference
ec2-migrate-image
Description Name
The secret access key of the bucket owner.
Type: String
Default: None
Required: Yes
Example: -w
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
secret_access_key
The source Amazon S3 bucket where the AMI is located,
followed by an optional '/'-delimited path prefix.
Type: String
Default: None
Required: Yes
Example: --bucket myawsbucket
--bucket source_s3_bucket
The destination Amazon S3 bucket, followed by an optional
'/'-delimited path prefix. If the destination bucket does not
exist, it is created.
Type: String
Default: None
Required: Yes
Example: --destination-bucket myotherawsbucket
--destination-bucket
destination_s3_bucket
The location of the Amazon S3 source manifest.
Type: String
Default: None
Required: Yes
Example: --manifest my-ami.manifest.xml
--manifest manifest
The location of the destination Amazon S3 bucket.
Type: String
Valid values: US | EU
Default: US
Required: No
Example: --location EU
--location {US | EU}
The access control list policy of the bundled image.
Type: String
Valid values: public-read | aws-exec-read
Default: None
Required: Yes
Example: --acl public-read
--acl acl
API Version 2013-08-15
513
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The ID of the kernel to select.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: --kernel aki-ba3adfd3
--kernel
The ID of the RAM disk to select.
Type: String
Default: None
Required: No
Example: --ramdisk ari-badbad00
--ramdisk
Disables automatic mapping of kernels and RAM disks.
Type: String
Default: Mapping is enabled.
Required: No
Example: --no-mapping
--no-mapping
The region to look up in the mapping file.
Type: String
Default: Amazon EC2 attempts to determine the region from
the location of the Amazon S3 bucket.
Required: No
Example: --region eu-west-1
--region region
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
514
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
515
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Status messages describing the stages and status of the migration
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command copies the AMI specified in the my-ami.manifest.xml manifest from the US
to the EU.
PROMPT> ec2-migrate-image --cert cert-THUMBPRINT.pem --private-key pk-THUMB
PRINT.pem --owner-akid
AKIAIOSFODNN7EXAMPLE --owner-sak wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY --
bucket myawsbucket
--destination-bucket my-eu-bucket --manifest my-ami.manifest.xml --acl aws-
exec-read --location EU
Copying 'my-ami.part.00'...
Copying 'my-ami.part.01'...
Copying 'my-ami.part.02'...
Copying 'my-ami.part.03'...
Copying 'my-ami.part.04'...
Copying 'my-ami.part.05'...
Copying 'my-ami.part.06'...
Copying 'my-ami.part.07'...
Copying 'my-ami.part.08'...
Copying 'my-ami.part.09'...
Copying 'my-ami.part.10'...
Your new bundle is in S3 at the following location:
my-eu-bucket/my-ami.manifest.xml
Related Topics
Download
• Getting Started with the Command Line Tools
API Version 2013-08-15
516
Amazon Elastic Compute Cloud CLI Reference
Output
Related Action
• There is no underlying API action for this command.
Related Commands
• ec2-register (p. 559)
• ec2-run-instances (p. 624)
API Version 2013-08-15
517
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-image-attribute
Description
Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time.
Note
AWS Marketplace product codes cannot be modified. Images with an AWS Marketplace product
code cannot be made public.
The short version of this command is ec2mimatt.
Syntax
ec2-modify-image-attribute ami_id {-l (-a entity | -r entity) | --product-code
code}
Options
Description Name
The ID of the AMI.
Type: String
Default: None
Required: Yes
Example: ami-2bb65342
ami_id
The product code to add to the specified instance store-backed
AMI. After you add a product code to an AMI, it can't be
removed.
Type: String
Default: None
Required: No
Example: -p D662E989
-p, --product-code code
Used with the --add or --remove flags to grant or revoke launch
permissions.
Type: String
Default: None
Required: Yes
Example: --launch-permission
-l, --launch-permission
Adds a launch permission for the specified AWS account or
for all accounts.
Type: String
Valid values: AWS account ID | all
Default: None
Required: Yes
Example: --launch-permission --add all
-a, --add entity
API Version 2013-08-15
518
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-image-attribute
Description Name
Removes a launch permission for the specified AWS account
or for all users.
Type: String
Valid values: AWS account ID | all
Default: None
Required: Yes
Example: --launch-permission --remove all
-r, --remove entity
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
API Version 2013-08-15
519
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the AMI on which attributes are being modified
• The action performed on the attribute
• The attribute or attribute list item value type
• The attribute or attribute list item value
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
520
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example 1
This example command makes the specified AMI public (for example, so that any AWS account can use
it).
PROMPT> ec2-modify-image-attribute ami-1a2b3c4d -l -a all
launchPermission ami-1a2b3c4d ADD group all
Example 2
This example command makes the specified AMI private (for example, so that only you as the owner can
use it).
PROMPT> ec2-modify-image-attribute ami-1a2b3c4d -l -r all
launchPermission ami-1a2b3c4d REMOVE group all
Example 3
This example command grants launch permission to the AWS account with the ID 444455556666.
PROMPT> ec2-modify-image-attribute ami-2bb65342 -l -a 444455556666
launchPermission ami-2bb65342 ADD userId 444455556666
Example 4
This example command removes launch permission from the AWS account with the ID 444455556666.
PROMPT> ec2-modify-image-attribute ami-1a2b3c4d -l -r 444455556666
launchPermission ami-1a2b3c4d REMOVE userId 444455556666
Example 5
This example command adds the 774F4FF8 product code to the AMI with the ID ami-1a2b3c4d.
PROMPT> ec2-modify-image-attribute ami-1a2b3c4d -p 774F4FF8
productcodes ami-1a2b3c4d productCode 774F4FF8
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifyImageAttribute
API Version 2013-08-15
521
Amazon Elastic Compute Cloud CLI Reference
Examples
Related Commands
• ec2-reset-image-attribute (p. 600)
• ec2-describe-image-attribute (p. 282)
API Version 2013-08-15
522
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-instance-attribute
Description
Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.
Note
To modify some attributes, the instance must be stopped. For more information, see Modifying
Attributes of a Stopped Instance in the Amazon Elastic Compute Cloud User's Guide.
The short version of this command is ec2minatt.
Syntax
ec2-modify-instance-attribute instance_id { --block-device-mapping mapping |
--disable-api-termination | --ebs-optimized Boolean | --group-id group_id [...]
| --instance-initiated-shutdown-behavior behavior | --instance-type type |
--kernel kernel_id | --ramdisk ramdisk_id | --source-dest-check Boolean |
--user-data user_data }
Options
Description Name
The ID of the instance.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Modifies the DeleteOnTermination attribute for volumes
that are currently attached. The volume must be owned by
the caller. If no value is specified for DeleteOnTerminaton,
the volume is deleted when the instance is terminated.
To add instance store volumes to an Amazon EBS-backed
instance, you must add them when you launch the instance.
For more information, see Updating the Block Device Mapping
when Launching an Instance in the Amazon Elastic Compute
Cloud User Guide.
Type: BlockDeviceMapping
Required: No
Example: -b "/dev/sdb=::false"
-b, --block-device-mapping
mapping
If this option is specified, you can't terminate the instance
using the Amazon EC2 console, CLI, and API; otherwise, you
can.
Type: Boolean
Default: false
Required: No
Example: --disable-api-termination true
--disable-api-termination
Boolean
API Version 2013-08-15
523
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-instance-attribute
Description Name
Indicates whether the instance is optimized for EBS I/O. This
optimization provides dedicated throughput to Amazon EBS
and an optimized configuration stack to provide optimal EBS
I/O performance. This option isn't available on all instance
types. Additional usage charge apply when using this option.
Type: Boolean
Default: false
Required: No
Example: --ebs-optimized true
--ebs-optimized Boolean
[EC2-VPC] Modify the security groups associated with an
instance. The set of security groups that you specify replaces
the current set. You must specify at least one group, even if
it's just the default security group for the VPC. You must
specify the security group by ID and not by name.
Type: String
Default: None
Required: No
Example: -g sg-1a1a1a1a -g sg-9b9b9b9b
-g, --group-id group_id
Indicates whether an instance stops or terminates when you
initiate shutdown from the instance (using the operating
system command for system shutdown).
Type: String
Valid values: stop | terminate
Default: stop
Required: No
Example: --instance-initiated-shutdown-behavior stop
--instance-initiated-shutdown-behavior
behavior
The type of the instance. For more information, see Available
Instance Types. An InvalidInstanceAttributeValue
error will be returned if the instance type is not valid.
Type: String
Default: m1.small
Required: No
Example: -t m1.large
-t, --instance-type type
The ID of the kernel.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: --kernel aki-1a2b3c4d
--kernel kernel_id
API Version 2013-08-15
524
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The ID of the RAM disk.
Type: String
Default: None
Required: No
Example: --ramdisk ari-1a2b3c4d
--ramdisk ramdisk_id
Indicates whether source/destination checking is enabled. A
value of true means checking is enabled, and false means
checking is disabled. This value must be false for a NAT
instance to perform NAT. For more information, see NAT
Instances in the Amazon Virtual Private Cloud User Guide.
Type: Boolean
Default: true
Required: No
Example: --source-dest-check false
--source-dest-check Boolean
The Base64-encoded MIME user data.
Type: String
Default: None
Required: No
Example: --user-data "My user data"
--user-data user_data
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
525
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
526
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the instance on which attributes are being modified
• The new attribute value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command changes the instance type of the specified instance. The instance must be in
the stopped state.
PROMPT> ec2-modify-instance-attribute i-10a64379 --instance-type m1.small
instanceType i-10a64379 m1.small
Example 2
This example command changes the InstanceInitiatedShutdownBehavior attribute of the specified
instance.
PROMPT> ec2-modify-instance-attribute i-10a64379 --instance-initiated-shutdown-
behavior terminate
instanceInitiatedShutdownBehavior i-10a64379 terminate
Example 3
This example command changes the DisableApiTermination attribute of the specified instance.
PROMPT> ec2-modify-instance-attribute i-10a64379 --disable-api-termination true
disableApiTermination i-10a64379 true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifyInstanceAttribute
API Version 2013-08-15
527
Amazon Elastic Compute Cloud CLI Reference
Output
Related Commands
• ec2-describe-instance-attribute (p. 295)
• ec2-reset-instance-attribute (p. 603)
API Version 2013-08-15
528
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-network-interface-attribute
Description
Modifies the specified network interface attribute. You can specify only one attribute at a time.
The short version of this command is ec2mnicatt.
Syntax
ec2-modify-network-interface-attribute interface_id -d, --description description
-a, --attachment attachment_id --delete-on-termination Boolean
--source-dest-check Boolean --group-id group_id
Options
Description Name
The ID of the network interface.
Type: String
Default: None
Required: Yes
Example: eni-b35da6da
interface_id
Changes the description of the network interface.
Type: String
Default: None
Required: Yes
Example: -d "My Second ENI"
-d, --description description
Changes properties of the attachment.
Type: String
Default: None
Constraints: Must be used in conjunction with
--delete-on-termination.
Required: Yes
Example: -a eni-attach-09703260
-a, --attachment attachment_id
Sets whether the network interface shall be deleted when the
network interface is detached.
Type: String
Default: None
Constraints: Must be used in conjunction with --attachment.
Required: Yes
Example: -delete-on-termination false
--delete-on-termination Boolean
API Version 2013-08-15
529
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-network-interface-attribute
Description Name
Indicates whether to enable source/destination checking. The
value must be false for a NAT instance to perform NAT.
Type: String
Valid values: true | false
Default: None
Required: Yes
Example: --source-dest-check false
--source-dest-check Boolean
Replaces the security groups for this network interface.
Type: String
Default: None
Required: Yes
Example: --group-id sg-b90619d5 --group-id sg-a92639c9
--group-id group_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
API Version 2013-08-15
530
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The NETWORKINTERFACE identifier
• The ID of the network interface
• The name of the attribute
• The attribute type identifier
API Version 2013-08-15
531
Amazon Elastic Compute Cloud CLI Reference
Output
• The new attribute value
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command adds a description to the network interface.
PROMPT> ec2-modify-network-interface-attribute eni-b35da6da -d "This is an ENI"
NETWORKINTERFACE eni-b35da6da description
Example 2
This example command turns off source/destination checking.
PROMPT> ec2-modify-network-interface-attribute eni-b35da6da --source-dest-check
false
NETWORKINTERFACE eni-b35da6da sourceDestCheck
SOURCEDESTCHECK false
Example 3
This example command changes the security group for the specified network interface.
PROMPT> ec2-modify-network-interface-attribute eni-b35da6da --group-id sg-
8ea1bce2
NETWORKINTERFACE eni-b35da6da group
GROUPID sg-8ea1bce2
Example 4
This example command retains the network interface when it is detached from an instance.
PROMPT> ec2-modify-network-interface-attribute eni-b35da6da --delete-on-termin
ation false -a eni-attach-083fda61
NETWORKINTERFACE eni-b35da6da attachment
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifyNetworkInterfaceAttribute
API Version 2013-08-15
532
Amazon Elastic Compute Cloud CLI Reference
Examples
Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-detach-network-interface (p. 457)
• ec2-reset-network-interface-attribute (p. 607)
API Version 2013-08-15
533
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-reserved-instances
Description
Modifies the Availability Zone, instance count, or network platform (EC2-Classic or EC2-VPC) of your
Reserved Instances. The Reserved Instances to be modified must have identical configurations, except
for Availability Zone and network platform.
For more information about modifying Reserved Instances, see Modifying Reserved Instances in the
Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2mri.
Syntax
ec2-modify-reserved-instances reserved-instances-id [reserved-instances-id
[...]] [--client-token token} -c target-configuration [-c
target-configuration[...]]
Options
Description Name
The ID of the Reserved Instances to modify. IDs must refer
to Reserved Instances that are identical, except for Availability
Zone and network platform.
Type: String
Default: None
Required: Yes
Example: 9d5cb137-8aba-4639-a0d5-d4d10example
reserved-instances-id
The client token for this request to make the call idempotent.
A random client token will be generated if this is not provided.
Required: No
--client-token token
New configuration settings for the Reserved Instances. Each
configuration is specified by comma-separated, key-value
pairs in double quotes. Key names are zone, count, and
platform. Zone and count are required. Network platform is
optional if your account supports EC2-VPC; it must be
specified if your account supports EC2-Classic.
Default: None
Required: Yes
Example 1: (modifying Reserved Instances to one
configuration) ec2mri reserved-instances-id -c
"zone=us-east-1a,count=1,platform=EC2-VPC"
Example 2: (modifying multiple Reserved Instances to multiple
configurations) ec2mri reserved-instances-id-1
reserved-instances-id-2 -c
"zone=us-east-1a,count=1,platform=EC2-VPC" -c
"zone=us-east-1b,count=2,platform=EC2-Classic"
-c target-configuration
API Version 2013-08-15
534
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-reserved-instances
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
535
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the ID of the Reserved Instances modification request.
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example changes the Availability Zone and platform of a Reserved Instance.
PROMPT> ec2-modify-reserved-instances f127bd27-b0fc-4568-8e3a-0e7b5example -c
"zone=us-east-1a,count=1,platform=EC2-VPC"
ReservedInstancesModification rimod-9939282f-3674-49b1-bc18-a77b4example
Example 2
This example moves a subset of Reserved Instances to another Availability Zone.
PROMPT> ec2-modify-reserved-instances f127bd27-b0fc-4568-8e3a-0e7b5example
bbcd9749-c569-475c-9ba6-c3056example -c "zone=us-east-1a,count=1" -c "zone=us-
API Version 2013-08-15
536
Amazon Elastic Compute Cloud CLI Reference
Output
east-1b,count=1"
ReservedInstancesModification rimod-92b82c77-b62c-42d7-94c9-5e675example
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifyReservedInstances
Related Commands
• ec2-describe-reserved-instances-modifications (p. 363)
• ec2-describe-reserved-instances (p. 363)
API Version 2013-08-15
537
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-snapshot-attribute
Description
Adds or remove permission settings for the specified snapshot.
The short version of this command is ec2msnapatt.
Note
Snapshots with AWS Marketplace product codes cannot be made public.
Syntax
ec2-modify-snapshot-attribute snapshot_id -c [--add entity | --remove entity]
Options
Description Name
The ID of the snapshot.
Type: String
Default: None
Required: Yes
Example: snap-78a54011
snapshot_id
Modifies the create volume permissions of the snapshot.
Type: String
Default: None
Required: Yes
Example: -c
-c, --create-volume-permission
Adds a permission for the specified AWS account or for all
accounts.
Type: String
Valid values: AWS account ID | all
Default: None
Required: No
Example: -c --add all
-a, --add entity
Removes a permission for the specified AWS account or for
all accounts.
Type: String
Valid values: AWS account ID | all
Default: None
Required: No
Example: -c --remove all
--remove entity
API Version 2013-08-15
538
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-snapshot-attribute
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
539
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The createVolumePermission identifier
• The ID of the snapshot
• The action performed on the attribute
• The attribute or attribute list item value type
• The attribute or attribute list item value
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command makes the snapshot with the ID snap-1a2b3c4d public.
PROMPT> ec2-modify-snapshot-attribute snap-1a2b3c4d -c --add all
createVolumePermission snap-1a2b3c4d ADD group all
API Version 2013-08-15
540
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifySnapshotAttribute
Related Commands
• ec2-create-snapshot (p. 139)
• ec2-describe-snapshot-attribute (p. 381)
• ec2-describe-snapshots (p. 385)
• ec2-reset-snapshot-attribute (p. 610)
API Version 2013-08-15
541
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-volume-attribute
Description
Modifies a volume attribute.
By default, all I/O operations for the volume are suspended when the data on the volume is determined
to be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume
can be resumed by first issuing the ec2-enable-volume-io (p. 481) command to enable I/O access and
then checking the data consistency on your volume.
You can change the default behavior to resume I/O operations without issuing the
ec2-enable-volume-io (p. 481) command by setting the auto-enable-io attribute of the volume to true.
We recommend that you change this attribute only for volumes that are stateless or disposable, or for
boot volumes.
The short version of this command is ec2mvolatt.
Syntax
ec2-modify-volume-attribute volume_id ... --auto-enable-io value
Options
Description Name
The ID of the volume.
Type: String
Required: Yes
Example: vol-4282672b
volume_id
Specifies whether the volume should be auto-enabled for I/O
operations.
Type: Boolean
Required: Yes
Example: --auto-enable-io true
-a --auto-enable-io value
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
542
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-volume-attribute
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
543
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ID of the volume
• The attribute name
• The attribute type identifier
• The attribute value
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command modifies the autoEnableIo attribute of the volume with the ID vol-999999.
PROMPT> ec2-modify-volume-attribute vol-999999 --auto-enable-io true
VolumeId Attribute
vol-999999 autoEnableIo
AUTO-ENABLE-IO true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifyVolumeAttribute
Related Commands
• ec2-describe-volume-attribute (p. 418)
• ec2-describe-volume-status (p. 422)
API Version 2013-08-15
544
Amazon Elastic Compute Cloud CLI Reference
Output
• ec2-enable-volume-io (p. 481)
API Version 2013-08-15
545
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-modify-vpc-attribute
Description
Modifies the specified attribute of the specified VPC.
Syntax
ec2-modify-vpc-attribute --vpc vpc-id [--dns-support {true|false}]
[--dns-hostname {true|false}]
Options
Description Name
The ID of the VPC.
Type: String
Required: Yes
Example: vpc-1a2b3c4d
-c, --vpc vpc-id
Specifies whether DNS resolution is supported for the VPC.
If this attribute is true, the Amazon DNS server resolves
DNS hostnames for your instances to their corresponding IP
addresses; otherwise, it does not.
Type: Boolean
Default: true
Required: No
Example: --dns-support true
-s, --dns-support {true|false}
Specifies whether the instances launched in the VPC get DNS
hostnames. If this attribute is true, instances in the VPC get
DNS hostnames; otherwise, they do not.
You can only set --dns-hostname to true if you also set
--dns-support to true.
Type: Boolean
Default: true
Required: No
Example: --dns-hostnames false
-d, --dns-hostnames
{true|false}
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
546
Amazon Elastic Compute Cloud CLI Reference
ec2-modify-vpc-attribute
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
547
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns true if the command succeeded and false otherwise.
Examples
Example
This example command disables support for DNS hostnames in the VPC with the ID vpc-1a2b3c4d.
PROMPT> ec2-modify-vpc-attribute --vpc vpc-1a2b3c4d --dns-hostnames false
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ModifyVpcAttribute
Related Commands
• ec2-describe-vpc-attribute (p. 434)
API Version 2013-08-15
548
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-monitor-instances
Description
Enables monitoring for a running instance. For more information, see Monitoring Your Instances and
Volumes in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2min.
Syntax
ec2-monitor-instances instance_id [instance_id...]
Options
Description Name
One or more instance IDs.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
549
Amazon Elastic Compute Cloud CLI Reference
ec2-monitor-instances
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
550
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The ID of the instance
• The monitoring state
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command enables monitoring for the instances with the IDs i-43a4412a and i-23a3397d.
PROMPT> ec2-monitor-instances i-43a4412a i-23a3397d
i-43a4412a monitoring-pending
i-23a3397d monitoring-pending
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• MonitorInstances
Related Commands
• ec2-run-instances (p. 624)
• ec2-unmonitor-instances (p. 650)
API Version 2013-08-15
551
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-purchase-reserved-instances-offering
Description
Purchases a Reserved Instance for use with your account. With Amazon EC2 Reserved Instances, you
obtain a capacity reservation for a certain instance configuration over a specified period of time. You pay
a lower usage rate than with On-Demand instances for the time that you actually use the capacity
reservation.
Starting with the 2011-11-01 API version, AWS expanded its offering of Amazon EC2 Reserved Instances
to address a range of projected instance usage. There are three types of Reserved Instances based on
customer utilization levels: Heavy Utilization, Medium Utilization, and Light Utilization.
The Medium Utilization offering type is equivalent to the Reserved Instance offering available before API
version 2011-11-01. If you are using tools that predate the 2011-11-01 API version,
ec2-describe-reserved-instances-offerings will only list information about the Medium
Utilization Reserved Instance offering type.
For information about Reserved Instance pricing tiers, see Understanding Reserved Instance pricing tiers
in the Amazon Elastic Compute Cloud User Guide. For more information about Reserved Instances, see
Reserved Instances also in the Amazon Elastic Compute Cloud User Guide.
You determine the type of the Reserved Instances offerings by including the optional offeringType
parameter when calling ec2-describe-reserved-instances-offerings. After you've identified
the Reserved Instance with the offering type you want, specify its ReservedInstancesOfferingId
when you call ec2-purchase-reserved-instances-offering.
Starting with the 2012-08-15 API version, you can also purchase Reserved Instances from the Reserved
Instance Marketplace. The Reserved Instance Marketplace matches sellers who want to resell Reserved
Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved
Instances bought from third parties through the Reserved Instance Marketplace work like any other
Reserved Instances.
By default, with the 2012-08-15 API version, ec2-describe-reserved-instances-offerings
returns information about Amazon EC2 Reserved Instances available directly from AWS, plus instance
offerings available from third parties, on the Reserved Instance Marketplace. If you are using tools that
predate the 2012-08-15 API version, the ec2-describe-reserved-instances-offerings action
will only list information about Amazon EC2 Reserved Instances available directly from AWS.
For more information about the Reserved Instance Marketplace, see Reserved Instance Marketplace in
the Amazon Elastic Compute Cloud User Guide.
You determine the Reserved Instance Marketplace offerings by specifying true for the optional
includeMarketplace parameter when calling ec2-describe-reserved-instances-offerings.
After you've identified the Reserved Instance with the offering type you want, specify its
reservedInstancesOfferingId when you call ec2-purchase-reserved-instances-offering.
The short version of this command is ec2prio.
Syntax
ec2-purchase-reserved-instances-offering --offering offering --instance-count
count [-l limit-price]
API Version 2013-08-15
552
Amazon Elastic Compute Cloud CLI Reference
ec2-purchase-reserved-instances-offering
Options
Description Name
The offering ID of the Reserved Instance to purchase.
Type: String
Default: None
Required: Yes
Example: -o 4b2293b4-5813-4cc8-9ce3-1957fexample
-o, --offering offering
The number of Reserved Instances to purchase.
Type: Integer
Default: None
Required: Yes
Example: -c 5
-c, --instance-count count
The maximum price that you are willing to pay.
Type: Integer
Default: None
Required: Yes
Example: -c 5
-l limit-price
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
553
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
554
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
The command returns a table that contains the following information:
• RESERVEDINSTANCES identifier
• The ID of the purchased Reserved Instances
Amazon EC2 command line tools display errors on stderr.
Examples
This example command illustrates a purchase of a Reserved Instances offering.
PROMPT> ec2-purchase-reserved-instances-offering --offering 649fd0c8-becc-49d9-
b259-fc8e2example --instance-count 3
RESERVEDINSTANCES b847fa93-0c31-405b-b745-b6bf0example
Related Operations
• ec2-describe-reserved-instances-offerings (p. 368)
• ec2-describe-reserved-instances (p. 352)
API Version 2013-08-15
555
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-reboot-instances
Description
Requests a reboot of one or more instances. This operation is asynchronous; it only queues a request
to reboot the specified instances. The operation will succeed if the instances are valid and belong to you.
Requests to reboot terminated instances are ignored.
Note
If a Linux/UNIX instance does not cleanly shut down within four minutes, Amazon EC2 will
perform a hard reboot.
The short version of this command is ec2reboot.
Syntax
ec2-reboot-instances instance_id [instance_id ...]
Options
Description Name
One or more instance IDs.
Type: String
Default: None
Required: Yes
Example: i-3ea74257
instance_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
556
Amazon Elastic Compute Cloud CLI Reference
ec2-reboot-instances
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
557
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• This command displays no output on success
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command reboots an instance.
PROMPT> ec2-reboot-instances i-28a64341
-
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• RebootInstances
Related Commands
• ec2-run-instances (p. 624)
API Version 2013-08-15
558
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-register
Description
Registers an AMI. When you're creating an AMI, this is the final step you must complete before you can
launch an instance from the AMI. For more information about creating AMIs, see Creating Your Own
AMIs in the Amazon Elastic Compute Cloud User Guide.
Note
For Amazon EBS-backed instances, the ec2-create-image command creates and registers
the AMI in a single request, so you don't have to register the AMI yourself.
You can also use ec2-register to create an Amazon EBS-backed AMI from a snapshot of a root device
volume. For more information, see Launching an Instance from a Snapshot in the Amazon Elastic Compute
Cloud User Guide.
If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by
Amazon EC2 instance store invalidates its registration. If you make changes to an image, deregister the
previous image and register the new image.
The short version of this command is ec2reg.
Note
You cannot register an image where a secondary (non-root) snapshot has AWS Marketplace
product codes.
Syntax
ec2-register {[manifest] -n name [-a architecture] [-b mapping [...]] [-d
description] [-s snapshot_id] [--kernel kernel_id] [--ramdisk ramdisk_id]
[--root-device-name name]}
Options
Description Name
The full path to your AMI manifest in Amazon S3 storage.
Type: String
Default: None
Required: Conditional
Condition: Required if registering an instance store-backed
AMI.
Example: myawsbucket/image.manifest.xml
manifest
A name for your AMI.
Type: String
Default: None
Constraints: 3-128 alphanumeric characters, parentheses
(()), commas (,), slashes (/), dashes (-), or underscores(_)
Required: Yes
Example: -n "Standard Web Server"
-n, --name name
API Version 2013-08-15
559
Amazon Elastic Compute Cloud CLI Reference
ec2-register
Description Name
A description for your AMI.
Type: String
Default: None
Constraints: Up to 255 characters.
Required: No
Example: -d "Standard Web Server AMI"
-d, --description description
The architecture of the image.
Type: String
Valid values: i386 | x86_64
Default: None
Required: No
Example: -a i386
-a, --architecture
architecture
The ID of the kernel associated with the image.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: --kernel aki-ba3adfd3
--kernel
The ID of the RAM disk to associate with the image.
Type: String
Default: None
Required: No
Example: --ramdisk ari-badbad00
--ramdisk
The root device name (for example, /dev/sda1 or xvda).
Type: String
Default: /dev/sda1
Condition: Required if registering an Amazon EBS-backed
AMI.
Required: No
Example: --root-device-name /dev/sda1
--root-device-name name
API Version 2013-08-15
560
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The block device mapping for the instance. This argument is
passed in the form of =. The
devicename is the name of the device within Amazon EC2.
The blockdevice can be one of the following values:
• none - Suppresses an existing mapping of the device from
the AMI used to launch the instance. For example:
"/dev/sdc=none".
• ephemeral[0..3] - An instance store volume to be
mapped to the device. For example:
"/dev/sdc=ephemeral0".
• [snapshot-id]:[volume-size]:[true|false]:[standard|io1[:iops]]
- An EBS volume to be mapped to the device. [snapshot-id]
To create a volume from a snapshot, specify the snapshot
ID. [volume-size] To create an empty EBS volume, omit
the snapshot ID and specify a volume size instead. For
example: "/dev/sdh=:20". [delete-on-termination] To
prevent the volume from being deleted on termination of
the instance, specify false. The default is true.
[volume-type] To create a Provisioned IOPS volume, specify
io1. The default volume type is standard. If the volume
type is io1, you can also provision the number of IOPS
that the volume supports. For example,
"/dev/sdh=snap-7eb96d16::false:io1:500".
You can specify multiple block-device-mapping arguments
in one call.
For more detailed information about block device mapping,
see Block Device Mapping in the Amazon Elastic Compute
Cloud User Guide.
Type: String
Default: None
Required: Conditional
Condition: If registering an Amazon EBS-backed AMI from a
snapshot, at a minimum you must specify a block device
mapping entry for the root device. Be sure to include the
device name (/dev/sda1 or xvda) and the snapshot ID.
Example: -b "/dev/sda1=snap-7eb96d16"
Note
On Windows, the mapping argument must be
enclosed in double quotes, as shown in the example.
-b, --block-device-mapping
mapping
The ID of the Amazon EBS snapshot to be used as the root
device.
Type: String
Default: None
Required: No
Example: -s snap-78a54011
-s, --snapshot snapshot
API Version 2013-08-15
561
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
562
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The IMAGE identifier
• The ID of the newly registered machine image
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command registers the AMI specified in the image.manifest.xml manifest file, located
in the bucket named myawsbucket.
PROMPT> ec2-register myawsbucket/image.manifest.xml -n MyImage
IMAGE ami-1a2b3c4d
Example 2
This example command registers an Amazon EBS snapshot to create an AMI backed by Amazon EBS.
API Version 2013-08-15
563
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-register -n MyImage -s snap-1a2b3c4d
IMAGE ami-1a2b3c4d
Example 3
This example command registers the AMI with an Amazon EBS snapshot as the root device, a separate
snapshot as a secondary device, and an empty 100 GiB Amazon EBS volume as a storage device.
PROMPT> ec2-register -n MyImage -s snap-1a2b3c4d -b /dev/sdb=snap-2a2b3c4d -b
/dev/sdc=:100
IMAGE ami-1a2b3c4d
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• RegisterImage
Related Commands
• ec2-deregister (p. 239)
• ec2-describe-images (p. 286)
• ec2-run-instances (p. 624)
API Version 2013-08-15
564
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-release-address
Description
Releases the specified Elastic IP address.
Important
After releasing an Elastic IP address, it is released to the public IP address pool for the platform
and might be unavailable to you. Make sure to update your DNS records and any servers or
devices that communicate with the address. If you attempt to release an Elastic IP address that
you already released, you'll get an AuthFailure error if the address is already allocated to
another AWS account.
An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. For more information, see
Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any
instance that it's associated with. To disassociate an Elastic IP address without releasing it, use the
ec2-diassociate-address command.
[Nondefault VPC] You must use the ec2-diassociate-address command to disassociate the Elastic
IP address before you try to release it. Otherwise, Amazon EC2 returns an error
(InvalidIPAddress.InUse).
The short version of this command is ec2reladdr.
Syntax
ec2-release-address [ip_address | -a allocation_id}
Options
Description Name
[EC2-Classic] The Elastic IP address.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-Classic.
Example: 192.0.2.1
ip_address
[EC2-VPC] The allocation ID.
Type: String
Default: None
Required: Conditional
Condition: Required for EC2-VPC.
Example: -a eipalloc-5723d13e
-a, --allocation-id
allocation_id
API Version 2013-08-15
565
Amazon Elastic Compute Cloud CLI Reference
ec2-release-address
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
566
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ADDRESS identifier
• [EC2-Classic] The Elastic IP address
• [EC2-VPC] The allocation ID
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command releases an Elastic IP address for EC2-Classic.
PROMPT> ec2-release-address 192.0.2.1
ADDRESS 192.0.2.1
API Version 2013-08-15
567
Amazon Elastic Compute Cloud CLI Reference
Output
Example 2
This example command releases an Elastic IP address for EC2-VPC.
PROMPT> ec2-release-address -a eipalloc-5723d13e
ADDRESS eipalloc-5723d13e
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ReleaseAddress
Related Commands
• ec2-allocate-address (p. 13)
• ec2-associate-address (p. 21)
• ec2-describe-addresses (p. 246)
• ec2-disassociate-address (p. 471)
API Version 2013-08-15
568
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-replace-network-acl-association
Description
Changes which network ACL a subnet is associated with. By default when you create a subnet, it's
automatically associated with the default network ACL. For more information about network ACLs, see
Network ACLs in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2repnaclassoc.
Syntax
ec2-replace-network-acl-association network_acl_association_id -a network_acl_id
Options
Description Name
The ID representing the current association between the
original network ACL and the subnet.
Type: String
Default: None
Required: Yes
Example: aclassoc-33ae4b5a
network_acl_association_id
The ID of the new ACL to associate with the subnet.
Type: String
Default: None
Required: Yes
Example: -a acl-10b95c79
-a, --network-acl
network_acl_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
569
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-network-acl-association
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
570
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ASSOCIATION identifier
• The new association ID
• The ID of the network ACL
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command starts with a network ACL associated with a subnet, and the corresponding
association ID aclassoc-e5b95c8c. You want to associate a different network ACL (with the ID
acl-5fb85d36) with the subnet. The result is a new association ID that represents the new association.
PROMPT> ec2-replace-network-acl-association aclassoc-e5b95c8c -a acl-5fb85d36
ASSOCIATION aclassoc-17b85d7e acl-5fb85d36
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ReplaceNetworkAclAssociation
Related Commands
• ec2-create-network-acl (p. 113)
• ec2-delete-network-acl (p. 192)
• ec2-describe-network-acls (p. 328)
API Version 2013-08-15
571
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-replace-network-acl-entry
Description
Replaces an entry (rule) in a network ACL. For more information about network ACLs, see Network ACLs
in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2repnae.
Syntax
ec2-replace-network-acl-entry acl_id -n rule_number [--egress] -P protocol -r
cidr [-p port_range] [-t icmp_type_code] { --allow | --deny }
Options
Description Name
The ID of the ACL.
Type: String
Default: None
Required: Yes
Example: acl-5fb85d36
acl_id
The rule number of the entry to replace.
Type: Number
Default: None
Required: Yes
Example: -n 100
-n, --rule-number rule_number
Optional flag to indicate whether to replace the egress rule.
Default: If no value is specified, we replace the ingress rule
Required: No
--egress
The IP protocol. You can specify all or -1 to mean all
protocols.
Type: String
Valid values: all | -1 | tcp | udp | icmp or any protocol
number (for a list, see Protocol Numbers).
Required: Yes
Example: -P 6
-P, --protocol protocol
The CIDR range to allow or deny, in CIDR notation.
Type: String
Default: None
Required: Yes
Example: -r 172.16.0.0/24
-r, --cidr cidr
API Version 2013-08-15
572
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-network-acl-entry
Description Name
For TCP or UDP: The range of ports to allow.
Type: String
Valid values: A single integer or a range (min-max). You can
specify -1 to mean all ports (for example, port range 0-65535).
Default: None
Condition: Required if specifying tcp or udp (or the equivalent
number) for the protocol.
Required: Conditional
Example: -p 80-84
-p, --port-range port_range
For ICMP: The ICMP type and code using format type:code,
where both are integers. You can use -1 for the type or code
to mean all types or all codes
Type: String
Default: None
Required: Conditional
Condition: Required if specifying icmp (or the equivalent
number) for the protocol.
Example: -t -1:-1
-t, --icmp-type-code
icmp_type_code
Allows any traffic matching the rule.
Required: Conditional
Condition: Either --allow or --deny must be specified, but not
both.
--allow
Denies any traffic matching the rule.
Required: Conditional
Condition: Either --allow or --deny must be specified, but not
both.
--deny
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
573
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
574
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command replaces the egress entry numbered 110 in the network ACL with the ID
acl-2cb85d45. The new rule denies egress traffic destined for anywhere (0.0.0.0/0) on TCP port
139.
PROMPT> ec2-replace-network-acl-entry acl-2cb85d45 -n 110 --egress -r 0.0.0.0/0
-P tcp -p 139 --deny
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ReplaceNetworkAclEntry
Related Commands
• ec2-create-network-acl-entry (p. 116)
• ec2-delete-network-acl-entry (p. 195)
• ec2-describe-network-acls (p. 328)
API Version 2013-08-15
575
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-replace-route
Description
Replaces an existing route within a route table in a VPC. For more information about route tables, see
Route Tables in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2reprt.
Syntax
ec2-replace-route route_table_id -r cidr {-g gateway_id | -i instance_id | -n,
--network-interface interface_id}
Options
Description Name
The ID of the route table.
Type: String
Default: None
Required: Yes
Example: rtb-5da34634
route_table_id
The CIDR address block used for the destination match. The
value you provide must match the CIDR of an existing route
in the table.
Type: String
Default: None
Required: Yes
Example: -r 0.0.0.0/0
-r, --cidr cidr
The ID of a gateway attached to your VPC.
Type: String
Default: None
Required: Conditional
Condition: You must provide one of the following: a gateway
ID, instance ID, or network interface ID.
Example: -g igw-68a34601
-g, --gateway gateway_id
The ID of a NAT instance in your VPC.
Type: String
Default: None
Required: Conditional
Condition: You must provide one of the following: a gateway
ID, instance ID, or a network interface ID.
Example: -i i-a7c871e3
-i, --instance instance_id
API Version 2013-08-15
576
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-route
Description Name
The network interface associated with the route.
Type: String
Default: None
Required: Conditional
Condition: You must provide one of the following: a gateway
ID, instance ID, or a network interface.
Example: -n eni-5b729933
-n, --network-interface
interface_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
API Version 2013-08-15
577
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• Success status (true or false)
Amazon EC2 command line tools display errors on stderr.
API Version 2013-08-15
578
Amazon Elastic Compute Cloud CLI Reference
Output
Examples
Example
This example command replaces a route in the route table with the ID rtb-e4ad488d. The new route
matches the CIDR 10.0.0.0/8 and sends the traffic to the virtual private gateway with the ID
vgw-1d00376e.
PROMPT> ec2-replace-route rtb-e4ad488d -r 10.0.0.0/8 -g vgw-1d00376e
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ReplaceRoute
Related Commands
• ec2-create-route (p. 132)
• ec2-delete-route (p. 205)
• ec2-describe-route-tables (p. 376)
API Version 2013-08-15
579
Amazon Elastic Compute Cloud CLI Reference
Examples
ec2-replace-route-table-association
Description
Changes the route table associated with a subnet in a VPC.
You can also use this to change which table is the main route table in the VPC. You just specify the main
route table's association ID and the route table that you want to be the new main route table.
After you execute this action, the subnet uses the routes in the new route table it's associated with. For
more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2reprtbassoc.
Syntax
ec2-replace-route-table-association route_table_association_id -r route_table_id
Options
Description Name
The association ID.
Type: String
Default: None
Required: Yes
Example: rtbassoc-93a045fa
route_table_association_id
The ID of the new route table to associate with the subnet.
Type: String
Default: None
Required: Yes
Example: -r rtb-6aa34603
-r route_table_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
580
Amazon Elastic Compute Cloud CLI Reference
ec2-replace-route-table-association
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
581
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The ASSOCIATION identifier
• The new association ID
• The ID of the route table
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command starts with a route table associated with a subnet, and the corresponding
association ID rtbassoc-f8ad4891. You want to associate a different route table (with the ID
rtb-f9ad4890) to the subnet. The result is a new association ID that represents the new association.
PROMPT> ec2-replace-route-table-association rtbassoc-f8ad4891 -r rtb-f9ad4890
ASSOCIATION rtbassoc-61a34608 rtb-f9ad4890
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ReplaceRouteTableAssociation
Related Commands
• ec2-create-route-table (p. 136)
• ec2-delete-route-table (p. 208)
• ec2-describe-route-tables (p. 376)
API Version 2013-08-15
582
Amazon Elastic Compute Cloud CLI Reference
Output
• ec2-disassociate-route-table (p. 475)
• ec2-replace-route-table-association (p. 580)
API Version 2013-08-15
583
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-report-instance-status
Description
Reports the status for instances that you own.
This command works only for instances that are in the running state. If you disagree with the instance
status returned by the ec2-report-instance-status action, use ec2-report-instance-status
command to report a more accurate status. Amazon EC2 collects this information to improve the accuracy
of status checks.
Note
Use of this action does not change the value returned by ec2-report-instance-status.
To report an instance's status, specify an instance ID with the INSTANCE parameter and a reason code
with the --reason parameter that applies to that instance. The following table contains descriptions of
all available reason codes.
instance-stuck-in-state
My instance is stuck in a state.
unresponsive
My instance is unresponsive.
not-accepting-credentials
My instance is not accepting my credentials.
password-not-available
A password is not available for my instance.
performance-network
My instance is experiencing performance problems which I believe are network related.
performance-instance-store
My instance is experiencing performance problems which I believe are related to the instance stores.
performance-ebs-volume
My instance is experiencing performance problems which I believe are related to an EBS volume.
performance-other
My instance is experiencing performance problems.
other
Other, explained in the submitted description parameter.
The short version of this command is ec2rep.
Syntax
ec2-report-instance-status instance_id --status value --reason value
[--start-time date] [--end-time date] [--description description
API Version 2013-08-15
584
Amazon Elastic Compute Cloud CLI Reference
ec2-report-instance-status
Options
Description Name
One or more instance IDs.
Type: String
Required: Yes
Example: i-15a4417c
instance_id
The status of all instances listed in the instance_id
parameter.
Type: String
Valid values: ok | impaired
Required: Yes
--status value
A reason code that describes a specific instance's health
state. Each code you supply corresponds to an instance ID
that you supply with the InstanceID.n parameter. See the
Description (p. 584) section for descriptions of each reason
code.
Type: String
Valid values: instance-stuck-in-state | unresponsive
| not-accepting-credentials |
password-not-available | performance-network |
performance-instance-store |
performance-ebs-volume | performance-other | other
Required: Yes
--reason value
The time at which the reported instance health state began.
The date uses the format: yyyy-MM-dd'T'HH:mm:ss
Type: DateTime
Required: No
Example: 2011-07-25T14:00:00
--start-time date
The time at which the reported instance health state ended.
The date uses the format: yyyy-MM-dd'T'HH:mm:ss
Type: DateTime
Required: No
Example: 2011-07-25T14:00:00
--end-time date
Descriptive text about the instance health state.
Type: String
Default: None
Required: No
--description description
API Version 2013-08-15
585
Amazon Elastic Compute Cloud CLI Reference
Options
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
586
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The request ID
• A Boolean return value that indicates whether Amazon EC2 accepted the values.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command reports the current state of the instance as impaired.
PROMPT> ec2-report-instance-status i-15a4417c --status="impaired" --reason="un
responsive"
API Version 2013-08-15
587
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ReportInstanceStatus
Related Commands
• ec2-describe-instance-status (p. 300)
API Version 2013-08-15
588
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-request-spot-instances
Description
Creates a Spot Instance request. Spot Instances are instances that Amazon EC2 starts on your behalf
when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets
the Spot Price based on available Spot Instance capacity and current Spot Instance requests. For more
information about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2rsi.
Syntax
ec2-request-spot-instances ami_id --addressing addressing_type --price price
[--instance-count count] [--type type] [--valid-from timestamp] [--valid-until
timestamp] [--launch-group group] [--availability-zone-group group] [--user-data
data | --user-data-file data-file] [--group group [--group group ...]] [--key
key-pair] [--instance-type type] [--subnet subnet_id] [--availability-zone zone]
[--kernel kernel] [--ramdisk ramdisk] [--block-device-mapping mapping]
[--monitor] [--iam-profile arn | name] [--network-interface NETWORKINTERFACE]
[[--secondary-private-ip-address IP_ADDRESS] |
[--secondary-private-ip-address-count COUNT]] [--ebs-optimized]
[--associate-public-ip-address Boolean]
Options
Description Name
The ID of the AMI.
Type: String
Default: None
Required: Yes
Example: ami-2bb65342
ami_id
The maximum hourly price for any Spot Instance launched
to fulfill the request.
Type: String
Default: None
Required: Yes
Example: -p .15
-p, --price price
The maximum number of Spot Instances to launch.
Type: xs:integer
Default: 1
Required: No
Example: -n 10
-n, --instance-count count
API Version 2013-08-15
589
Amazon Elastic Compute Cloud CLI Reference
ec2-request-spot-instances
Description Name
The Spot Instance request type.
Type: String
Valid values: one-time | persistent
Default: one-time
Required: No
Example: -r persistent
-r, --type type
The ID of the subnet in which to launch the Spot Instance.
Type: String
Default: None
Required: No
Example: -s subnet-baab943d3
-s, --subnet subnet_id
The start date of the request. If this is a one-time request, the
request becomes active at this date and time and remains
active until all instances launch, the request expires, or the
request is canceled. If the request is persistent, the request
becomes active at this date and time and remains active until
it expires or is canceled.
Type: DateTime
Default: Request is effective indefinitely.
Required: No
Example: --valid-from 2009-12-31T11:51:50
--valid-from date
The end date of the request. If this is a one-time request, the
request remains active until all instances launch, the request
is canceled, or this date is reached. If the request is persistent,
it remains active until it is canceled or this date and time is
reached.
Type: DateTime
Default: Request is effective indefinitely.
Required: No
Example: --valid-until 2009-12-31T11:51:50
--valid-until date
The instance launch group. Launch groups are Spot Instances
that launch together and terminate together.
Type: String
Default: Instances are launched and terminated individually.
Required: No
Example: --launch-group Skynet
--launch-group group
API Version 2013-08-15
590
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The user-specified name for a logical grouping of bids.
When you specify --availability-zone-group in a Spot
Instance request, all Spot Instances in the request are
launched in the same Availability Zone. Instance proximity is
maintained with this parameter, but choice of Availability Zone
is not. --availability-zone-group applies only to bids
for Spot Instances of the same instance type. Any additional
Spot Instance requests that are specified with the same
--availability-zone-group name will be launched in
that same Availability Zone, as long as at least one instance
from the group is still active.
If there is no active instance running in the Availability Zone
group that you specify for a new Spot Instance request (for
example, all instances are terminated, the bid is expired, or
the bid falls below current market), then Amazon EC2 will
launch the instance in any Availability Zone where the
constraint can be met. Consequently, the subsequent set of
Spot Instances could be placed in a different zone from the
original request, even if the same
--availability-zone-group name was specified.
To ensure that all Spot Instances across all bids are launched
into a particular Availability Zone, specify
LaunchSpecification.Placement.AvailabilityZone
in the API or --availability-zone in the CLI.
Type: String
Default: Instances are launched in any available Availability
Zone.
Required: No
Example: --availability-zone-group batchGroup01
--availability-zone-group
group
The name of an existing placement group you want to launch
the instance into (for cluster instances).
Type: String
Default: Instances are launched in the default placement
group.
Required: No
Example: --placement-group default
--placement-group group_name
The user data to make available to the instances.
Type: String
Default: None
Required: No
Example: -d "My user data"
-d, --user-data user_data
The ID of the security group.
Type: String
Default: User's default group.
Required: No
Example: -g sg-1a2b3c4d
-g, --group group
API Version 2013-08-15
591
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The name of the key pair.
Type: String
Default: None
Required: No
Example: -k my-key-pair
-k, --key key_name
The instance type.
Type: String
Valid values: t1.micro | m1.small | m1.medium | m1.large
| m1.xlarge | m3.xlarge | m3.2xlarge | c1.medium |
c1.xlarge | m2.xlarge | m2.2xlarge | m2.4xlarge |
cr1.8xlarge | cc1.4xlarge | cc2.8xlarge |
cg1.4xlarge. See Available Instance Types for more
information.
Default: m1.small
Required: No
Example: -t m1.large
-t, --instance-type
instance_type
The placement constraint (for example, a specific Availability
Zone) for launching the instances.
Specify whether you want all of the Spot Instances in all of
your bids to be launched in a particular Availability Zone.
Specifying this option requires Amazon EC2 to find capacity
in the specified Availability Zone instead of letting Amazon
EC2 pick the best Availability Zone available; this can
potentially delay the fulfillment of your bid, and/or require a
higher bid price.
Type: String
Default: Amazon EC2 selects an Availability Zone in the
current region.
Required: No
Example: -z us-east-1b
-z, --availability-zone zone
The ID of the kernel to select.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: --kernel aki-ba3adfd3
--kernel kernel
The ID of the RAM disk to select.
Type: String
Default: None
Required: No
Example: --ramdisk ari-badbad00
--ramdisk ramdisk
API Version 2013-08-15
592
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The block device mapping for the instance. This argument is
passed in the form of =. The
devicename is the name of the device within Amazon EC2.
The blockdevice can be one of the following values:
• none - Suppresses an existing mapping of the device from
the AMI used to launch the instance. For example:
"/dev/sdc=none".
• ephemeral[0..3] - An instance store volume to be
mapped to the device. For example:
"/dev/sdc=ephemeral0".
• [snapshot-id]:[volume-size]:[true|false]:[standard|io1[:iops]]
- An EBS volume to be mapped to the device. [snapshot-id]
To create a volume from a snapshot, specify the snapshot
ID. [volume-size] To create an empty EBS volume, omit
the snapshot ID and specify a volume size instead. For
example: "/dev/sdh=:20". [delete-on-termination] To
prevent the volume from being deleted on termination of
the instance, specify false. The default is true.
[volume-type] To create a Provisioned IOPS volume, specify
io1. The default volume type is standard. If the volume
type is io1, you can also provision the number of IOPS
that the volume supports. For example,
"/dev/sdh=snap-7eb96d16::false:io1:500".
You can specify multiple block-device-mapping arguments
in one call.
For more detailed information about block device mapping,
see Block Device Mapping in the Amazon Elastic Compute
Cloud User Guide.
Type: String
Default: None
Required: No
Example: -b "/dev/sdb=snap-92d333fb::false"
Note
On Windows, the mapping argument must be
enclosed in double quotes, as shown in the example.
-b, --block-device-mapping
mapping
Enables monitoring for the instance.
Type: String
Default: Disabled
Required: No
Example: --monitor
--monitor
API Version 2013-08-15
593
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The IAM instance profile to associate with the launched
instances. IAM instance profiles enable you to manage
permissions for applications running on EC2. This is either
the Amazon Resource Name (ARN) of the instance profile
(for example,
arn:aws:iam::111111111111:instance-profile/s3access) or
the name of the role (for example, s3access).
Type: String
Default: None
Required: No
Example:
arn:aws:iam::111111111111:instance-profile/s3access
--iam-profile arn|name
[EC2-VPC] The network attachment for the launched instance.
The format of the NETWORKINTERFACE definition is as
follows:
For an existing NETWORKINTERFACE - eni :dev index
For a new NETWORKINTERFACE - dev index : subnet [:
description [":"[:[:
[:SIP count[:""]]]]]]], where SGs is a comma separated
list of security group IDs, DOT is either true or false, denoting
whether to delete the interface on terminate, SIP count is the
number of secondary IP addresses to assign, SIPs is a list of
secondary IP addresses. You can't specify both SIP count
and SIPs.
Type: String
Default: None
Required: No
-a, --network-interface
NETWORKINTERFACE
API Version 2013-08-15
594
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
Assigns the specified IP address as a secondary private IP
address to the network interface or instance. This option can
be used multiple times to assign multiple secondary IP
addresses. This option is only available for instances running
in a VPC. You can't specify this parameter when also
specifying --secondary-private-ip-address-count.
You can do one of the following:
• Use the --secondary-private-ip-address option without a
value and AWS will automatically assign a secondary
private IP address within the subnet range.
• Use the --secondary-private-ip-address option and provide
a specific IP address that you want to assign.
Note
On Windows clients, you must enclose IP addresses
in quotes.
Type: String
Default: None
Required: No
Example: --secondary-private-ip-address
"10.0.2.18" --secondary-private-ip-address
"10.0.2.28"
--secondary-private-ip-address
IP_ADDRESS
The number of secondary IP addresses to assign to the
network interface or instance.You can't specify this parameter
when also specifying --secondary-private-ip-address.
This option is only available for instances running in a VPC.
Type: Integer
Default: None
Required: No
Example: --secondary-private-ip-address-count 2
--secondary-private-ip-address-count
COUNT
Indicates whether to assign an AWS public IP address to the
instance that will be launched. Instances launched into a
default subnet are assigned a public IP address by default.
For information about instance IP addressing, see Amazon
EC2 Instance IP Addressing.
Type: Boolean
Default: If launching into a default subnet, the default value
is true. If launching into a nondefault subnet, the default
value is false.
Required: No
Example: --associate-public-ip-address true
--associate-public-ip-address
Boolean
API Version 2013-08-15
595
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
Enables EBS optimization for the instance. This optimization
provides dedicated throughput to Amazon EBS and an
optimized configuration stack to provide optimal EBS I/O
performance. This option isn't available on all instance types.
Additional usage charges apply when using this option.
Type: Boolean
Default: Disabled
Required: No
Example: --ebs-optimized
--ebs-optimized
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
API Version 2013-08-15
596
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information for each Spot Instance request:
The Spot Instance request information
• The SPOTINSTANCEREQUEST identifier
• The ID of the Spot Instance request
• The Spot Instance bid price
• The Spot Instance type (one-time or persistent)
• The product description (Linux/UNIX or Windows)
• The state of the Spot Instance request (active, open, closed, cancelled, failed)
API Version 2013-08-15
597
Amazon Elastic Compute Cloud CLI Reference
Output
• The date and time the request was created
• The date and time that the request is valid until
• The date and time the request will be held until
• The launch group
• The Availability Zone group
• The ID of the instance
• The ID of the image
• The instance type
• The key pair name
• Any security groups the request belongs to
• The Availability Zone the instance belongs to
• The kernel ID of the instance
• The RAM disk ID of the instance
• The monitoring status
• The ID of the subnet
• The Availability Zone the instance was launched to
• The IAM profile
Any Spot Instance faults
• The SPOTINSTANCEFAULT identifier
• The Spot Instance fault code
• The Spot Instance fault message
The Spot Instance status information
• The SPOTINSTANCESTATUS identifier
• The Spot Instance status
• The date and time of the last update
• The Spot Instance status message
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command creates a Spot Instances request for three m1.small instances.
PROMPT> ec2-request-spot-instances ami-1a2b3c4d -p 0.04 --key my-key-pair --
group default --instance-type m1.small -n 3 --type one-time
SPOTINSTANCEREQUEST sir-1a2b3c4d 0.040000 one-time Linux/UNIX open YYYY-MM-
DDTHH:MM:SS-0800 ami-1a2b3c4d m1.small my-key-pair sg-1a2b3c4d monitor
ing-disabled
SPOTINSTANCESTATUS pending-evaluation YYYY-MM-DDTHH:MM:SS-0800 Your Spot request
has been submitted for review, and is pending evaluation.
SPOTINSTANCEREQUEST sir-2a2b3c4d 0.040000 one-time Linux/UNIX open YYYY-MM-
DDTHH:MM:SS-0800 ami-1a2b3c4d m1.small my-key-pair sg-1a2b3c4d monitor
ing-disabled
API Version 2013-08-15
598
Amazon Elastic Compute Cloud CLI Reference
Examples
SPOTINSTANCESTATUS pending-evaluation YYYY-MM-DDTHH:MM:SS-0800 Your Spot request
has been submitted for review, and is pending evaluation.
SPOTINSTANCEREQUEST sir-3a2b3c4d 0.040000 one-time Linux/UNIX open YYYY-MM-
DDTHH:MM:SS-0800 ami-1a2b3c4d m1.small my-key-pair sg-1a2b3c4d monitor
ing-disabled
SPOTINSTANCESTATUS pending-evaluation YYYY-MM-DDTHH:MM:SS-0800 Your Spot request
has been submitted for review, and is pending evaluation.
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• RequestSpotInstances
Related Commands
• ec2-cancel-spot-instance-requests (p. 72)
• ec2-describe-spot-instance-requests (p. 394)
• ec2-describe-spot-price-history (p. 402)
API Version 2013-08-15
599
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-reset-image-attribute
Description
Resets an attribute of an AMI to its default value.
Note
The productCodes attribute can't be reset.
The short version of this command is ec2rimatt.
Syntax
ec2-reset-image-attribute ami_id [-l]
Options
Description Name
The ID of the AMI.
Type: String
Default: None
Required: Yes
Example: ami-15a4417c
ami_id
Resets the launch permissions of the AMI.
Type: String
Default: None
Required: No
Example: -l
-l, --launch-permission
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
600
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-image-attribute
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
601
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the AMI
• The action identifier (RESET)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command resets the launchPermission attribute for the specified AMI.
PROMPT> ec2-reset-image-attribute ami-1a2b3c4d -l
launchPermission ami-1a2b3c4d RESET
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ResetImageAttribute
Related Commands
• ec2-describe-image-attribute (p. 282)
• ec2-modify-image-attribute (p. 518)
API Version 2013-08-15
602
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-reset-instance-attribute
Description
Resets an attribute of an instance to its default value. To reset the kernel or RAM disk, the instance must
be in a stopped state. To reset the SourceDestCheck, the instance can be either running or stopped.
The SourceDestCheck attribute controls whether source/destination checking is enabled. The default
value is true, which means checking is enabled. This value must be false for a NAT instance to perform
NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide.
The short version of this command is ec2rinatt.
Syntax
ec2-reset-instance-attribute instance_id { --kernel kernel_id | --ramdisk
ramdisk_id | --source-dest-check }
Options
Description Name
The ID of the instance.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Resets the ID of the kernel.
Type: String
Default: None
Required: No
Example: --kernel
--kernel
Resets the ID of the RAM disk.
Type: String
Default: None
Required: No
Example: --ramdisk
--ramdisk
Resets the SourceDestCheck flag to true
(source/destination checking is enabled).
Type: String
Default: None
Required: No
Example: --source-dest-check
--source-dest-check
API Version 2013-08-15
603
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-instance-attribute
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
604
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the instance
• The action identifier (RESET)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command resets the SourceDestCheck attribute for the specified instance.
PROMPT> ec2-reset-instance-attribute i-10a64379 --source-desk-check
sourceDestCheck i-10a64379 RESET
API Version 2013-08-15
605
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ResetInstanceAttribute
Related Commands
• ec2-describe-instance-attribute (p. 295)
• ec2-modify-instance-attribute (p. 523)
API Version 2013-08-15
606
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-reset-network-interface-attribute
Description
Resets a network interface attribute. You can specify only one attribute at a time.
The short version of this command is ec2rnicatt.
Syntax
ec2-reset-network-interface-attribute interface_id --source-dest-check Boolean
Options
Description Name
The ID of the network interface.
Type: String
Default: None
Required: Yes
Example: -n eni-b35da6da
interface_id
Resets the SourceDestCheck flag to true
(source/destination checking is enabled).
Type: String
Required: Yes
Example: --source-dest-check
--source-dest-check Boolean
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
607
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-network-interface-attribute
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
608
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the network interface
• The action identifier (RESET)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command resets the specified attributes for the specified network interface.
PROMPT> ec2-reset-network-interface-attribute eni-b35da6da --source-dest-check
sourceDestCheck eni-b35da6da RESET
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ResetNetworkInterfaceAttribute
Related Commands
• ec2-attach-network-interface (p. 37)
• ec2-create-network-interface (p. 121)
• ec2-delete-network-interface (p. 199)
• ec2-describe-network-interface-attribute (p. 333)
• ec2-describe-network-interfaces (p. 337)
• ec2-detach-network-interface (p. 457)
• ec2-modify-network-interface-attribute (p. 529)
API Version 2013-08-15
609
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-reset-snapshot-attribute
Description
Resets permission settings for the specified snapshot.
The short version of this command is ec2rsnapatt.
Syntax
ec2-reset-snapshot-attribute snapshot_id -c
Options
Description Name
The ID of the snapshot.
Type: String
Default: None
Required: Yes
Example: snap-1a2b3c4d
--snapshot snapshot
Resets the create volume permissions of the snapshot.
Type: String
Default: None
Required: Yes
Example: -c
-c, --create-volume-permission
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
API Version 2013-08-15
610
Amazon Elastic Compute Cloud CLI Reference
ec2-reset-snapshot-attribute
Description Option
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
API Version 2013-08-15
611
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The attribute type identifier
• The ID of the snapshot
• The action identifier (RESET)
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command resets the permissions for the snapshot with the ID snap-1a2b3c4d, making it
a private snapshot that can only be used by the account that created it.
PROMPT> ec2-reset-snapshot-attribute snap-1a2b3c4d -c
createVolumePermission snap-1a2b3c4d RESET
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• ResetSnapshotAttribute
Related Commands
• ec2-modify-snapshot-attribute (p. 538)
• ec2-describe-snapshot-attribute (p. 381)
• ec2-describe-snapshots (p. 385)
• ec2-create-snapshot (p. 139)
API Version 2013-08-15
612
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-resume-import
Description
Resumes the upload of a disk image associated with an import instance or import volume task ID. Amazon
EC2 supports import of VMDK, RAW, and VHD disk images.
If the upload task stops without completing, use this command to resume this upload. The upload task
will resume from where it left off. For more information, see Using the Command Line Tools to Import
Your Virtual Machine to Amazon EC2 in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2rim.
Syntax
ec2-resume-import -t task_id -o owner -w secret_key [-x days] [--user-threads
threads] [--part-size partsize] [--dry-run] [--dont-verify-format]
disk_image_filename
Options
Description Name
The local file name of the disk image.
Type: String
Default: None
Required: Yes
Example: WinSvr8-32-disk1.vmdk
disk_image_filename
The conversion task ID for the upload.
Type: String
Default: None
Required: Yes
Example: -t import-i-ffvko9js
-t, --task task_id
The access key ID of the bucket owner.
Type: String
Default: None
Required: Yes
Example: AKIAIOSFODNN7EXAMPLE
-o, --owner-akid access_key_id
The secret access key of the bucket owner.
Type: String
Default: None
Required: Yes
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
secret_access_key
API Version 2013-08-15
613
Amazon Elastic Compute Cloud CLI Reference
ec2-resume-import
Description Name
The validity period for the signed Amazon S3 URLs that allow
Amazon EC2 to access your file.
Type: String
Default: 30 days
Required: No
Example: -x 10
-x, --expires days
The maximum number of threads to concurrently upload the
file with.
Type: String
Default: 20
Required: No
Example: --user-threads 15
--user-threads threads
The size of each individual file part (in MB) that will be
uploaded. The file will be split into multiple parts at most as
large as the partsize parameter.
Type: String
Default: 8
Required: No
Example: --part-size 3
--part-size partsize
Does not upload the file, only validates that the disk image
matches a known type.
Type: None
Default: None
Required: No
Example: --dry-run
--dry-run
Does not verify the file format. We don't recommend this
option because it can result in a failed conversion.
Type: None
Default: None
Required: No
Example: --dont-verify-format
--dont-verify-format
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
614
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
615
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the following information:
• The disk image size and format
• The converted volume size
• The EBS volume size
• The percentage of the upload completed
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command uploads the corresponding disk image of the Windows Server 2008 (32-bit) VM
you want to migrate.
PROMPT> ec2-resume-import ./WinSvr8-32-disk1.vmdk -t import-i-ffvko9js -o AKI
AIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Related Topics
Download
• Getting Started with the Command Line Tools
Related Commands
• ec2-cancel-conversion-task (p. 62)
API Version 2013-08-15
616
Amazon Elastic Compute Cloud CLI Reference
Output
• ec2-delete-disk-image (p. 179)
• ec2-describe-conversion-tasks (p. 260)
• ec2-import-instance (p. 495)
• ec2-import-volume (p. 506)
API Version 2013-08-15
617
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-revoke
Description
Removes a rule from a security group.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For
more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide
and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
The values that you specify in the revoke request (ports, and so on) must match the existing rule's values
in order for the rule to be removed.
Each rule consists of the protocol (for example, TCP), plus either a CIDR range, or a source group (for
ingress rules) or destination group (for egress rules). For TCP and UDP, you must also specify the
destination port or port ranges. You can specify -1 to mean all ports (for example, port range 0-65535).
For ICMP, you must also specify the ICMP type and code. You can use -1 for the type or code to mean
all types or all codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might
occur.
The short version of this command is ec2revoke.
Syntax
ec2-revoke group [--egress] [-P protocol] (-p port_range | -t icmp_type_code)
[-u source_or_dest_group_owner ...] [-o source_or_dest_group ...] [-s
source_or_dest_cidr ...]
Options
Description Name
EC2-Classic, default VPC: The name or ID of the security
group.
Nondefault VPC: The ID of the security group.
The group must belong to your AWS account.
Type: String
Default: None
Required: Yes
Example: websrv (name), sg-1a2b3c4d (ID)
group
[EC2-VPC] Indicates that the rule is an egress rule (applies
to traffic leaving the VPC).
Default: If this option is not specified, the rule is an ingress
rule (applies to traffic entering the VPC)
Required: No
--egress
API Version 2013-08-15
618
Amazon Elastic Compute Cloud CLI Reference
ec2-revoke
Description Name
The name or number of the IP protocol to revoke (see Protocol
Numbers). Security groups for EC2-Classic can have rules
only for TCP, UDP, and ICMP, whereas security groups for
EC2-VPC can have rules assigned to any protocol number.
When you call ec2-describe-group, the protocol value
returned is the number. Exception: For TCP, UDP, and ICMP,
the value returned is the name (tcp, udp, or icmp).
Type: String
Valid values for EC2-Classic: tcp | udp | icmp or the
corresponding protocol number (6 | 17 | 1).
Default for EC2-Classic: TCP if the source CIDR is specified
(or implied by default), or all three protocols (TCP, UDP, and
ICMP) if the source group is specified (to ensure backwards
compatibility).
Valid values for EC2-VPC: tcp | udp | icmp or any protocol
number. Use all to specify all protocols.
Required: Conditional
Condition: Required for EC2-VPC.
Example: -P udp
-P, --protocol protocol
For TCP or UDP: The range of ports to revoke.
Type: String
Valid values: A single integer or a range (min-max). You can
specify -1 to mean all ports (for example, port range 0-65535).
Default: None
Required: Conditional
Condition: Required if specifying tcp or udp (or the equivalent
number) for the protocol.
Example: -p 80-84
-p port_range
For ICMP: The ICMP type and code to revoke. This must be
specified in the format type:code where both are integers.
You can use -1 for the type or code to mean all types or all
codes.
Type: String
Default: None
Required: Conditional
Condition: Required if specifying icmp (or the equivalent
number) for the protocol.
Example: -t -1:-1
-t icmp_type_code
API Version 2013-08-15
619
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The ID of the AWS account that owns the source security
group (for ingress rules) or destination security group (for
egress rules). If the group is in your own account, set this to
your own AWS account ID. Cannot be used when specifying
a CIDR IP address.
Type: String
Default: None
Required: Conditional
Condition: Required when revoking a rule that gives access
to one or more source security groups.
Example: -u 111122223333
-u, source_or_dest_group_owner
The source security group (for ingress rules), or destination
security group (for egress rules). When revoking a rule for a
security group for EC-VPC, you must specify the group's ID
(for example, sg-9d4e5f6g) instead of its name. Cannot be
used when specifying a CIDR IP address with the -s option.
Type: String
Default: None
Required: Conditional
Condition: Required if revoking access to one or more source
or destination security groups.
Example: -o headoffice
-o source_or_dest_group
The CIDR range. Cannot be used when specifying a source
or destination security group with the -o option.
Type: String
Default: 0.0.0.0/0
Constraints: Valid CIDR IP address range.
Required: Conditional
Condition: Required if revoking access to one or more IP
address ranges.
Example: -s 205.192.8.45/24
-s, --cidr source_or_dest_cidr
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
620
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
621
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
A line containing the group information. Some of these fields may be blank.
• The GROUP identifier
• The ID of the security group
• The AWS account ID of the owner of the security group
• The name of the security group
• A description of the security group
• [EC2-VPC] The ID of the VPC the group belongs to
One of each of the following lines for each permission defined by the group:
• The PERMISSION identifier
• The AWS account ID of the owner of the security group
• The name of the security group granting permission
• The type of rule. Currently, only ALLOWS rules are supported
• The protocol to allow (for example, tcp and udp)
• The start of port range
• The end of port range
• FROM for an ingress rule or TO for an egress rule
• The source type (for ingress rules) or destination type (for egress rules)
• The source (for ingress rules) or destination (for egress rules)
• [USER only] The name of the source or destination entity
• [USER only] The ID of the security group
• Whether the rule is ingress rule or an egress rule
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command revokes TCP port 80 access from the 205.192.0.0/16 address range for the
security group named websrv.
API Version 2013-08-15
622
Amazon Elastic Compute Cloud CLI Reference
Output
PROMPT> ec2-revoke websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16 ingress
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• RevokeSecurityGroupEgress
• RevokeSecurityGroupIngress
Related Commands
• ec2-authorize (p. 47)
• ec2-create-group (p. 93)
• ec2-delete-group (p. 182)
• ec2-describe-group (p. 276)
API Version 2013-08-15
623
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-run-instances
Description
Launches the specified number of instances of an AMI for which you have permissions.
When you launch an instance, it enters the pending state. After the instance is ready for you, it enters
the running state. To check the state of your instance, use the ec2-describe-instances (p. 307) command.
If you don't specify a security group when launching an instance, Amazon EC2 uses the default security
group. For more information, see Security Groups in the Amazon Elastic Compute Cloud User Guide.
Linux instances have access to the public key of the key pair at boot. You can use this key to provide
secure access to the instance. Amazon EC2 public images use this feature to provide secure access
without passwords. For more information, see Key Pairs in the Amazon Elastic Compute Cloud User
Guide.
You can provide optional user data when launching an instance. For more information, see Instance
Metadata in the Amazon Elastic Compute Cloud User Guide.
Warning
If any of the AMIs have a product code attached for which the user has not subscribed,
ec2-run-instances fails.
The short version of this command is ec2run.
Syntax
ec2-run-instances ami_id [-n instance_count] [-k keypair] [-g group [-g group
...]] [-d user_data | -f filename] [--instance-type instance_type]
[--availability-zone zone] [--placement-group group_name] [--tenancy tenancy]
[--kernel kernel_id] [--ramdisk ramdisk_id] [--block-device-mapping mapping]
[--monitor] [--subnet subnet_id] [--disable-api-termination]
[--instance-initiated-shutdown-behavior behavior] [--private-ip-address
ip_address] [--client-token token] [--secondary-private-ip-address ip_address
| --secondary-private-ip-address-count count] [--network-attachment attachment]
[--iam-profile arn | name] [--ebs-optimized] [--associate-public-ip-address
Boolean]
Options
Description Name
The ID of the AMI, which you can get by calling
ec2-describe-images.
Type: String
Default: None
Required: Yes
Example: ami-5da964c3
ami_id
API Version 2013-08-15
624
Amazon Elastic Compute Cloud CLI Reference
ec2-run-instances
Description Name
The number of instances to launch. If you specify a minimum
that is more instances than Amazon EC2 can launch in the
target Availability Zone, Amazon EC2 launches no instances.
If you specify a range (min-max), Amazon EC2 tries to launch
the maximum number in the target Availability Zone, but
launches no fewer than the minimum number.
Type: String
Default: 1
Constraints: Between 1 and the maximum number allowed
for your account (the default for each account is 20, but this
limit can be increased).
Required: No
Example: -n 5-10
-n , --instance-count min[-max]
The name of the key pair. You can create a key pair using
ec2-create-keypair or ec2-import-keypair.
Important
If you launch an instance without specifying a key
pair, you can't connect to the instance.
Type: String
Default: None
Required: No
Example: -k my-key-pair
-k, --key keypair
One or more security groups. For a nondefault VPC, you must
specify the security group by ID. For EC2-Classic or a default
VPC, you can specify the security group by name or ID. You
can create a security group using ec2-create-group.
Type: String
Default: Amazon EC2 uses the default security group
Required: No
Example: -g my-security-group
-g, --group group
The Base64-encoded MIME user data for the instances.
Type: String
Default: None
Required: No
Example: -d s3-bucket:my-logs
-d, --user-data user_data
The file name of the user data for the instances.
Type: String
Default: None
Required: No
Example: -f user-data.txt
-f, --user-data-file filename
API Version 2013-08-15
625
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The instance type. See Available Instance Types for more
information.
Type: String
Valid values: t1.micro | m1.small | m1.medium | m1.large
| m1.xlarge | m3.xlarge | m3.2xlarge | c1.medium |
c1.xlarge | m2.xlarge | m2.2xlarge | m2.4xlarge |
cr1.8xlarge | hi1.4xlarge | hs1.8xlarge |
cc2.8xlarge | cg1.4xlarge
Default: m1.small
Required: No
Example: -t m1.large
-t, --instance-type
instance_type
The Availability Zone for the instance.
Type: String
Default: Amazon EC2 selects the Availability Zone
Required: No
Example: --availability-zone us-east-1a
-z, --availability-zone zone
The name of an existing placement group.
Type: String
Valid values: cluster
Default: None
Required: No
Example: --placement-group my-placement-group
--placement-group group_name
The tenancy of the instance. An instance with a tenancy of
dedicated runs on single-tenant hardware and can only be
launched into a VPC.
Type: String
Valid values: default | dedicated
Default: default
Required: No
Example: --tenancy dedicated
--tenancy tenancy
The ID of the kernel for the instance.
Important
We recommend that you use PV-GRUB instead of
kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Type: String
Default: None
Required: No
Example: --kernel aki-ba3adfd3
--kernel kernel_id
The ID of the RAM disk.
Type: String
Default: None
Required: No
Example: --ramdisk ari-abcdef01
--ramdisk ramdisk_id
API Version 2013-08-15
626
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The block device mapping for the instance. This argument is
passed in the form of =. The
devicename is the device name of the physical device on
the instance to map. The blockdevice can be one of the
following values:
• none - Suppresses an existing mapping of the device from
the AMI used to launch the instance. For example:
"/dev/sdc=none".
• ephemeral[0..3] - An instance store volume to be
mapped to the device. For example:
"/dev/sdc=ephemeral0".
• [snapshot-id]:[volume-size]:[true|false]:[standard|io1[:iops]]
- An EBS volume to be mapped to the device. [snapshot-id]
To create a volume from a snapshot, specify the snapshot
ID. [volume-size] To create an empty EBS volume, omit
the snapshot ID and specify a volume size instead. For
example: "/dev/sdh=:20". [delete-on-termination] To
prevent the volume from being deleted on termination of
the instance, specify false. The default is true.
[volume-type] To create a Provisioned IOPS volume, specify
io1. The default volume type is standard. If the volume
type is io1, you can also provision the number of IOPS
that the volume supports. For example,
"/dev/sdh=snap-7eb96d16::false:io1:500".
You can specify multiple blockdevicemapping parameters
in one call.
For more detailed information about block device mapping,
see Block Device Mapping in the Amazon Elastic Compute
Cloud User Guide.
Type: String
Default: None
Required: No
Example: -b "/dev/sdb=snap-92d333fb::false"
Note
On Windows, the mapping argument must be
enclosed in double quotes, as shown in the example.
-b, --block-device-mapping
mapping
Enables monitoring for the instance.
Type: Boolean
Default: Disabled
Required: No
Example: --monitor
-m, --monitor
[EC2-VPC] The ID of the subnet to launch the instance into.
Type: String
Default: None
Required: No
Example: -s subnet-f3e6ab83
-s, --subnet subnet_id
API Version 2013-08-15
627
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
If you enable this option, you can't terminate the instance
using the Amazon EC2 console, CLI, or API; otherwise, you
can. If you specify this option and then later want to be able
to terminate the instance, you must first change the value of
the disableApiTermination attribute to false using
ec2-modify-instance-attribute. Alternatively, if you
set --instance-initiated-shutdown-behavior to
terminate, you can terminate the instance by running the
shutdown command from the instance.
Type: Boolean
Default: Disabled
Required: No
Example: --disable-api-termination
--disable-api-termination
Indicates whether an instance stops or terminates when you
initiate shutdown from the instance (using the operating
system command for system shutdown).
Type: String
Valid values: stop | terminate
Default: stop
Required: No
Example: --instance-initiated-shutdown-behavior stop
--instance-initiated-shutdown-behavior
behavior
[EC2-VPC] The primary private IP address. You must specify
a value from the IP address range of the subnet.
Type: String
Default: We select an IP address from the IP address range
of the subnet
Required: No
Example: --private-ip-address 10.0.0.25
--private-ip-address ip_address
Unique, case-sensitive identifier you provide to ensure
idempotency of the request. For more information, see How
to Ensure Idempotency in the Amazon Elastic Compute Cloud
User Guide.
Type: String
Default: None
Constraints: Maximum 64 ASCII characters
Required: No
Example: --client-token
550e8400-e29b-41d4-a716-446655440000
--client-token token
API Version 2013-08-15
628
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
[EC2-VPC] A secondary private IP address for the network
interface or instance. You can specify this multiple times to
assign multiple secondary IP addresses.
You can do one of the following:
• Use the --secondary-private-ip-address option
without a value, and AWS will automatically assign a
secondary private IP address within the subnet range.
• Use the --secondary-private-ip-address option and
provide a specific IP address that you want to assign. On
Windows clients, you must enclose the IP addresses in
quotes.
You can't specify this parameter when also specifying
--secondary-private-ip-address-count.
Type: String
Default: None
Required: No
Example: --secondary-private-ip-address "10.0.2.18"
--secondary-private-ip-address "10.0.2.28"
--secondary-private-ip-address
ip_address
[EC2-VPC] The number of secondary IP addresses to assign
to the network interface or instance.
You can't specify this parameter when also specifying
--secondary-private-ip-address
Type: Integer
Default: None
Required: No
Example: --secondary-private-ip-address-count 2
--secondary-private-ip-address-count
count
API Version 2013-08-15
629
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The network attachment for the instance.
The format when creating a network interface is as follows:
:index[:subnet[:desc[:IP[:groups[:DOT[:count[:SIPs]]]]]]]
• index - The device index
• subnet - The ID of the subnet
• desc - A description
• IP - The primary private IP address
• groups - A comma-separated list of security group IDs
• DOT - A Boolean value that indicates whether to delete the
network interface on instance termination
• count - The count of secondary IP addresses. You can't
specify both count and SIPs.
• SIPs - A comma-separated list of secondary IP addresses
The format when using an existing network interface is as
follows: eni_id:index
Type: String
Default: None
Required: No
Examples:
Use an existing network interface for index 0:
-a eni-d2b24dbb:0
Use existing network interfaces for index 0 and index 1:
-a eni-d2b24dbb:0 -a eni-12345678:1
Create a network interface for index 0 and use an existing
network interface for index 1:
-a :0:subnet-15ca247d:"My ENI" -a eni-12345678:1
Use an existing network interface for index 0 and create a
network interface for index 1:
-a eni-12345678:0 -a :1:subnet-15ca247d:"My
ENI":"10.0.0.10":sg-123456,sg-654321:false
Use an existing network interface for index 0 with specific
secondary IP addresses:
-a eni-12345678:0 -a :1:subnet-15ca247d:"My
ENI":::::"10.0.0.18,10.0.0.25"
-a, --network-attachment
attachment
API Version 2013-08-15
630
Amazon Elastic Compute Cloud CLI Reference
Options
Description Name
The IAM instance profile to associate with the instances. This
is either the Amazon Resource Name (ARN) of the instance
profile or the name of the role.
Type: String
Default: None
Required: No
Example:
arn:aws:iam::111111111111:instance-profile/s3access
Example: s3access
-p, --iam-profile arn|name
Enables EBS optimization for the instance. This optimization
provides dedicated throughput to Amazon EBS and an
optimized configuration stack to provide optimal EBS I/O
performance. This option isn't available with all instance types.
Additional usage charge apply when using this option.
Type: Boolean
Default: Disabled
Required: No
Example: --ebs-optimized
--ebs-optimized
[EC2-VPC] Indicates whether to assign a public IP address
to an instance. The public IP address is associated with a
specific network interface. If set to true, the following rules
apply:
• Can only be associated with a single network interface with
the device index of 0. You can't associate a public IP
address with a second network interface, and you can't
associate a public IP address if you are launching with more
than one network interface.
• Can only be associated with a new network interface, not
an existing one.
Type: Boolean
Default: If launching into a default subnet, the default value
is true. If launching into a nondefault subnet, the default
value is false.
Required: No
Example: --associate-public-ip-address true
--associate-public-ip-address
Boolean
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
631
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
632
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following rows of information for each instance. Each
field is separated by a comma. Some of these values may be empty.
1. The reservation information
• The RESERVATION identifier
• The ID of the reservation
• The AWS account ID of the instance owner
• The name of each security group the instance is in
2. The instance information
• The INSTANCE identifier
• The ID of the instance
• The AMI ID of the image on which the instance is based
• The public DNS name associated with the instance. This is only present for instances in the running
state.
• The private DNS name associated with the instance. This is only present for instances in the running
state.
• The state of the instance
• The key name. If a key was associated with the instance at launch, its name will appear.
• The AMI launch index
• The product codes associated with the instance
• The instance type
• The instance launch time
• The Availability Zone
• The ID of the kernel
• The ID of the RAM disk
• The platform (windows or empty)
• The monitoring state
• The public IP address
API Version 2013-08-15
633
Amazon Elastic Compute Cloud CLI Reference
Output
• The private IP address
• [EC2-VPC] The ID of the VPC
• [EC2-VPC] The ID of the subnet
• The type of root device (ebs or instance-store)
• The instance lifecycle
• The Spot Instance request ID
• The instance license
• The placement group the cluster instance is in
• The virtualization type (paravirtual or hvm)
• The hypervisor type (xen or ovm)
• The client token
• The ID of each security group the instance is in
• The tenancy of the instance (default or dedicated)
• Whether or not the instance is EBS optimized (true or false)
• The Amazon Resource Name (ARN) of the IAM role
3. [EC2-VPC] The network interface information. There will be a set of the following for each network
interface
a. The network interface information
• The NIC identifier
• The ID of the network interface
• The ID of the subnet
• The ID of the VPC
• The owner ID
• The network interface status
• The private IP address of the network interface
• The private DNS name
• Whether or not source destination check is enabled (true or false)
b. The network interface attachment information
• The NICATTACHMENT identifier
• The attachment ID
• The device index
• The device status
• The attachment timestamp
• Whether or not the attachment is deleted on termination (true or false)
c. The network interface association information
• The NICASSOCIATION identifier
• The public IP address
• The public IP address owner
• The private IP address
d. The security group information
• The GROUP identifier
• The security group identifier
• The security group name
e. The private IP address information
• The PRIVATEIPADDRESS identifier
• The private IP address
API Version 2013-08-15
634
Amazon Elastic Compute Cloud CLI Reference
Output
Amazon EC2 command line tools display errors on stderr.
Examples
Example 1
This example command launches three instances of the AMI with the ID ami-1a2b3c4d AMI.
PROMPT> ec2-run-instances ami-1a2b3c4d -n 3 -k my-key-pair --availability-zone
us-east-1a
RESERVATION r-1a2b3c4d 111122223333
INSTANCE i-1a2b3c4d ami-1a2b3c4d pending my-key-pair 0 m1.small YYYY-MM-
DDTHH:MM:SS+0000 us-east-1a aki-1a2b3c4d monitoring-disabled ebs
paravirtual xen sg-1a2b3c4d default false
INSTANCE i-2a2b3c4d ami-1a2b3c4d pending my-key-pair 1 m1.small YYYY-MM-
DDTHH:MM:SS+0000 us-east-1a aki-1a2b3c4d monitoring-disabled ebs
paravirtual xen sg-1a2b3c4d default false
INSTANCE i-3a2b3c4d ami-1a2b3c4d pending my-key-pair 2 m1.small YYYY-MM-
DDTHH:MM:SS+0000 us-east-1a aki-1a2b3c4d monitoring-disabled ebs
paravirtual xen sg-1a2b3c4d default false
Example 2
This example command launches an Amazon EBS-based Windows image (with the ID ami-2879f118)
and provides a block device mapping that mounts a public snapshot with the ID snap-1a2b3c4d.
PROMPT> ec2-run-instances ami-2879f118 -k my-key-pair -b "/dev/sdb=snap-
1a2b3c4d::false"
RESERVATION r-1a2b3c4d 111122223333
INSTANCE i-1a2b3c4d ami-84db39ed pending my-key-pair 0 m1.small YYYY-MM-
DDTHH:MM:SS+0000 us-east-1c windows monitoring-disabled ebs hvm xen
sg-1a2b3c4d default false
Example 3
This example command launches an instance with a primary IP address of 10.0.0.146 and two secondary
private IP addresses of 10.0.0.148 and of 10.0.0.150 in the subnet with the ID subnet-1a2b3c4d.
PROMPT> ec2-run-instances ami-1a2b3c4d -k my-key-pair -s subnet-1a2b3c4d -t
c1.medium --private-ip-address 10.0.0.146 --secondary-private-ip-address
10.0.0.148 --secondary-private-ip-address 10.0.0.150
RESERVATION r-1a2b3c4d 111122223333
INSTANCE i-1a2b3c4d ami-1a2b3c4d pending my-key-pair 0 c1.medium YYYY-MM-
DDTHH:MM:SS+0000 us-west-2a windows monitoring-disabled 10.0.0.146 vpc-
1a2b3c4d subnet-1a2b3c4d ebs hvm xen sg-1a2b3c4d dedicated false
NIC eni-1a2b3c4d subnet-1a2b3c4d vpc-1a2b3c4d 111122223333 in-use 10.0.1.146
true
NICATTACHMENT eni-attach-1a2b3c4d 0 attaching YYYY-MM-DDTHH:MM:SS+0000 true
GROUP sg-1a2b3c4d default
PRIVATEIPADDRESS 10.0.0.146
PRIVATEIPADDRESS 10.0.0.148
PRIVATEIPADDRESS 10.0.0.150
API Version 2013-08-15
635
Amazon Elastic Compute Cloud CLI Reference
Examples
Example 4
This example command launches a Dedicated Instance into the specified subnet.
PROMPT> ec2-run-instances ami-1a2b3c4d -k my-key-pair --tenancy dedicated -s
subnet-1a2b3c4d
Example 5
This example command launches an instance into a nondefault subnet, and requests a public IP address.
The public IP address will be associated with the eth0 network interface.
PROMPT> ec2-run-instances ami-1a2b3c4d -k my-key-pair -s subnet-1a2b3c4d --as
sociate-public-ip-address true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• RunInstances
Related Commands
• ec2-describe-instances (p. 307)
• ec2-stop-instances (p. 640)
• ec2-start-instances (p. 637)
• ec2-terminate-instances (p. 644)
• ec2-authorize (p. 47)
• ec2-revoke (p. 618)
• ec2-create-keypair (p. 109)
• ec2-create-group (p. 93)
• ec2-describe-group (p. 276)
API Version 2013-08-15
636
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-start-instances
Description
Starts an instance that uses an Amazon EBS volume as its root device.
Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When
an instance is stopped, the compute resources are released and you are not billed for hourly instance
usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and
you are charged for Amazon EBS volume usage. You can restart your instance at any time. Each time
you transition an instance from stopped to started, we charge a full instance hour, even if transitions
happen multiple times within a single hour.
Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance
does not preserve data stored in RAM.
Performing this operation on an instance that uses an instance store as its root device returns an error.
You can't start or stop Spot Instances.
For more information, see Stopping Instances in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2start.
Syntax
ec2-start-instances instance_id [instance_id...]
Options
Description Name
One or more instance IDs.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
637
Amazon Elastic Compute Cloud CLI Reference
ec2-start-instances
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
638
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• INSTANCE identifier
• The ID of the instance
• The previous state of the instance
• The new state of the instance
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command starts the instance with the ID i-10a64379.
PROMPT> ec2-start-instances i-10a64379
INSTANCE i-10a64379 stopped pending
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• StartInstances
Related Commands
• ec2-describe-instances (p. 307)
• ec2-run-instances (p. 624)
• ec2-stop-instances (p. 640)
• ec2-terminate-instances (p. 644)
API Version 2013-08-15
639
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-stop-instances
Description
Stops an instance that uses an Amazon EBS volume as its root device. Each time you transition an
instance from stopped to started, we charge a full instance hour, even if transitions happen multiple times
within a single hour.
You can't start or stop Spot Instances.
Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When
an instance is stopped, the compute resources are released and you are not billed for hourly instance
usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and
you are charged for Amazon EBS volume usage. You can restart your instance at any time.
Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance
does not preserve data stored in RAM.
Performing this operation on an instance that uses an instance store as its root device returns an error.
You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed
instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop
an instance, the root device and any other devices attached to the instance persist. When you terminate
an instance, the root device and any other devices attached during the instance launch are automatically
deleted. For more information about the differences between stopping and terminating instances, see
Stop and Start Your Instance in the Amazon Elastic Compute Cloud User Guide
The short version of this command is ec2stop.
Syntax
ec2-stop-instances instance_id [instance_id...] [--force]
Options
Description Name
One or more instance IDs.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Forces the instances to stop. The instances will not have an
opportunity to flush file system caches or file system metadata.
If you use this option, you must perform file system check and
repair procedures. This option is not recommended for
Windows instances.
Type: Boolean
Default: None
Required: No
Example: None
-f, --force
API Version 2013-08-15
640
Amazon Elastic Compute Cloud CLI Reference
ec2-stop-instances
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
API Version 2013-08-15
641
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The INSTANCE identifier
• The ID of the instance
• The previous state of the instance
• The new state of the instance
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command stops the instance with the ID i-10a64379.
PROMPT> ec2-stop-instances i-10a64379
INSTANCE i-10a64379 running stopping
API Version 2013-08-15
642
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• StopInstances
Related Commands
• ec2-describe-instances (p. 307)
• ec2-run-instances (p. 624)
• ec2-start-instances (p. 637)
• ec2-terminate-instances (p. 644)
API Version 2013-08-15
643
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-terminate-instances
Description
Shuts down one or more instances. This operation is idempotent; if you terminate an instance more than
once, each call succeeds.
Terminated instances will remain visible after termination (approximately one hour).
Note
By default, Amazon EC2 deletes all Amazon EBS volumes that were attached when the instance
launched. Amazon EBS volumes attached after instance launch persist.
You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed
instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop
an instance, the root device and any other devices attached to the instance persist. When you terminate
an instance, the root device and any other devices attached during the instance launch are automatically
deleted. For more information about the differences between stopping and terminating instances, see
Stop and Start Your Instance in the Amazon Elastic Compute Cloud User Guide
The short version of this command is ec2kill.
Syntax
ec2-terminate-instances instance_id [instance_id ...]
Options
Description Name
One or more instance IDs.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
644
Amazon Elastic Compute Cloud CLI Reference
ec2-terminate-instances
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
645
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns a table that contains the following information:
• The INSTANCE identifier
• The instance ID of the instance being terminated
• The state of the instance prior to being terminated
• The new state of the instance
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command terminates the instance with the ID i-1a2b3c4d.
PROMPT> ec2-terminate-instances i-1a2b3c4d
INSTANCE i-1a2b3c4d running shutting-down
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• TerminateInstances
Related Commands
• ec2-describe-instances (p. 307)
• ec2-run-instances (p. 624)
API Version 2013-08-15
646
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-unassign-private-ip-addresses
Description
Unassigns one or more secondary private IP addresses from a network interface.
The short version of this command is ec2upip.
Syntax
ec2-unassign-private-addresses --network-interface interface_id
--secondary-private-ip-address ip_address [--secondary-private-ip-address
ip_address ...]
Options
Description Name
The network interface from which the secondary private IP
address will be unassigned.
Type: String
Default: None
Required: Yes
Example: -n eni-bc7299d4
--n, --network-interface
interface_id
The secondary private IP addresses that you want to unassign
from the network interface.You can specify this option multiple
times to unassign more than IP address.
Type: String
Default: None
Required: Yes
Example: --secondary-private-ip-address 10.0.2.18
--secondary-private-ip-address 10.0.2.28
--secondary-private-ip-address
ip_address
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
API Version 2013-08-15
647
Amazon Elastic Compute Cloud CLI Reference
ec2-unassign-private-ip-addresses
Description Option
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
API Version 2013-08-15
648
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
The command returns a true value if the operation succeeds or an error if the operation fails.
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command unassigns the private IP addresses 10.0.0.118 and 10.0.0.119 from the
specified network interface.
PROMPT> ec2-unassign-private-ip-addresses --network-interface eni-c08a35a9 -
-secondary-private-ip-address 10.0.0.118 --secondary-private-ip-address
10.0.0.119
RETURN true
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• UnassignPrivateIpAddresses
Related Commands
• ec2-assign-private-ip-addresses (p. 17)
API Version 2013-08-15
649
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-unmonitor-instances
Description
Disables monitoring for a running instance. For more information, see Monitoring Your Instances and
Volumes in the Amazon Elastic Compute Cloud User Guide.
The short version of this command is ec2umin.
Syntax
ec2-unmonitor-instances instance_id [instance_id...]
Options
Description Name
One or more instance IDs.
Type: String
Default: None
Required: Yes
Example: i-43a4412a
instance_id
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
650
Amazon Elastic Compute Cloud CLI Reference
ec2-unmonitor-instances
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
651
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command returns a table that contains the following information:
• The ID of the instance.
• The monitoring state
Amazon EC2 command line tools display errors on stderr.
Examples
Example
This example command disables monitoring for the instances with the IDs i-43a4412a and i-23a3397d.
PROMPT> ec2-unmonitor-instances i-43a4412a i-23a3397d
i-43a4412a monitoring-disabling
i-23a3397d monitoring-disabling
Related Topics
Download
• Getting Started with the Command Line Tools
Related Action
• UnmonitorInstances
Related Commands
• ec2-monitor-instances (p. 549)
• ec2-run-instances (p. 624)
API Version 2013-08-15
652
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-upload-disk-image
Description
Deprecated. Instead, use the ec2-import-instance and ec2-import-volume commands (included
in the command line tools as of 2011-09-15) to create the import task and upload the image to Amazon
EC2. For more information, see Using the Command Line Tools to Import Your Virtual Machine to Amazon
EC2 in the Amazon Elastic Compute Cloud User Guide.
Uploads the disk image associated with an import instance or an import volume task ID. Amazon EC2
supports import of VMDK, RAW, and VHD disk images.
If the upload task doesn't complete, use ec2-resume-import to resume the import from where it was
interrupted.
The short version of this command is ec2udi.
Syntax
ec2-upload-disk-image -t task_id -o owner -w secret_key [-x days] [--user-threads
threads] [--part-size partsize] [--dry-run] [--dont-verify-format] disk_image
Options
Description Name
The local file name of the disk image that you want to upload.
Type: String
Default: None
Required: Yes
Example: WinSvr8-32-disk1.vmdk
disk_image
The conversion task ID for the upload.
Type: String
Default: None
Required: Yes
Example: -t import-i-ffvko9js
-t, --task task_id
The access key ID of the bucket owner.
Type: String
Default: None
Required: Yes
Example: AKIAIOSFODNN7EXAMPLE
-o, --owner-akid access_key_id
The secret access key of the bucket owner.
Type: String
Default: None
Required: Yes
Example:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-w, --owner-sak
secret_access_key
API Version 2013-08-15
653
Amazon Elastic Compute Cloud CLI Reference
ec2-upload-disk-image
Description Name
The validity period for the signed Amazon S3 URLs that allow
Amazon EC2 to access your file.
Type: String
Default: 30 days
Required: No
Example: -x 10
-x, --expires days
The maximum number of threads to concurrently upload the
file with.
Type: String
Default: 20
Required: No
Example: --user-threads 15
--user-threads threads
The size of each individual file part (in MB) that will be
uploaded. The file will be split into multiple parts at most as
large as the partsize parameter.
Type: String
Default: 8
Required: No
Example: --part-size 3
--part-size partsize
Does not upload the file, only validates that the disk image
matches a known type.
Type: None
Default: None
Required: No
Example: --dry-run
--dry-run
Does not verify the file format. We don't recommend this
option because it can result in a failed conversion.
Type: None
Default: None
Required: No
Example: --dont-verify-format
--dont-verify-format
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
API Version 2013-08-15
654
Amazon Elastic Compute Cloud CLI Reference
Common Options
Description Option
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
API Version 2013-08-15
655
Amazon Elastic Compute Cloud CLI Reference
Common Options
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
Output
This command returns the following information:
• The disk image size and format
• The converted volume size
• The EBS volume size
• The percentage of the upload completed
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command uploads the corresponding disk image of the Windows Server 2008 (32-bit) VM
you want to migrate.
PROMPT> ec2-upload-disk-image ./WinSvr8-32-disk1.vmdk -t import-i-ffvko9js -o
AKIAIOSFODNN7EXAMPLE -w wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Related Topics
Download
• Getting Started with the Command Line Tools
Related Commands
• ec2-delete-disk-image (p. 179)
API Version 2013-08-15
656
Amazon Elastic Compute Cloud CLI Reference
Output
• ec2-import-instance (p. 495)
• ec2-import-volume (p. 506)
• ec2-resume-import (p. 613)
• ec2-cancel-conversion-task (p. 62)
• ec2-describe-conversion-tasks (p. 260)
ec2-version
Description
Describes the build and API versions of the CLI tools.
The short version of this command is ec2ver.
Syntax
ec2-version
Options
This command has no options.
Common Options
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
API Version 2013-08-15
657
Amazon Elastic Compute Cloud CLI Reference
ec2-version
Description Option
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
658
Amazon Elastic Compute Cloud CLI Reference
Common Options
Output
This command displays the build and API version information.
Amazon EC2 command line tools display errors on stderr.
Example
Example
This example command displays the version information for the version of the CLI tools that you're using.
PROMPT> ec2-version
1.6.7.2 2013-02-01
Related Topics
Download
• Getting Started with the Command Line Tools
Common Options for CLI Tools
Most Amazon EC2 commands support the options described in the following table.
Description Option
The region. Overrides the default region, the region specified by the
EC2_URL environment variable, and the URL specified by the -U
option.
Default: The region specified by the EC2_URL environment variable,
or us-east-1 if EC2_URL isn't set.
--region region
The uniform resource locator (URL) of the Amazon EC2 web service
entry point.
Default: The end point specified by the EC2_URL environment
variable, or https://ec2.amazonaws.com if EC2_URL isn't set.
-U, --url url
Your access key ID. For more information, see Tell the Tools Who
You Are.
Default: The value of the AWS_ACCESS_KEY environment variable.
If AWS_ACCESS_KEY isn't set, you must specify this option.
Example: -O AKIAIOSFODNN7EXAMPLE
-O, --aws-access-key
aws_access_key_id
Your secret access key.
Default: The value of the AWS_SECRET_KEY environment variable.
If AWS_SECRET_KEY isn't set, you must specify this option.
Example: -W wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-W, --aws-secret-key
aws_secret_access_key
API Version 2013-08-15
659
Amazon Elastic Compute Cloud CLI Reference
Output
Description Option
The AWS delegation token.
Default: The value of the environment variable (if set).
-T, --security-token
delegation_token
The connection timeout, in seconds.
Example: --connection-timeout 30
--connection-timeout
timeout
The request timeout, in seconds.
Example: --request-timeout 45
--request-timeout
timeout
Includes column headers in the command output. -H, --headers
Shows empty columns as (nil). --show-empty-fields
Omits tags for tagged resources. --hide-tags
Displays internal debugging information. This can assist us when
helping you troubleshooting problems.
--debug
Checks whether you have the required permissions for the command,
without actually running the command. If you have the required
permissions, the command returns DryRunOperation; otherwise,
it returns UnauthorizedOperation.
-D, --auth-dry-run
Displays verbose output, including the API request and response on
the command line. This is useful if you are building tools to talk directly
to the Query API.
-v, --verbose
Reads arguments from standard input. This is useful when piping
the output from one command to the input of another.
Example: ec2-describe-instances | grep stopped | cut
-f 2 | ec2-start-instances -
-
Displays usage information for the command. -?, --help, -h
Deprecated Options
For a limited time, you can still use the private key and X.509 certificate instead of your access key ID
and secret access key. However, we recommend that you start using your access key ID (-O,
--aws-access-key) and secret access key (-W, --aws-secret-key) now, as the private key (-K, --private-key)
and X.509 certificate (-C, --cert) won't be supported after the transition period elapses. For more information,
see Tell the Tools Who You Are.
Description Option
The private key to use when constructing requests to Amazon EC2.
Default: The value of the EC2_PRIVATE_KEY environment variable.
Example: -K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-K, --private-key
ec2_private_key
The X.509 certificate to use when constructing requests to Amazon
EC2.
Default: The value of the EC2_CERT environment variable.
Example: -C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-C, --cert ec2_cert
API Version 2013-08-15
660
Amazon Elastic Compute Cloud CLI Reference
Deprecated Options
Commands (AMI Tools)
You install and run the AMI tools on an Amazon EC2 instance-store backed instance to manage your
instance-store backed AMIs. The AMI tools are distinct from the API tools, which are used to manage
your other Amazon EC2 and Amazon VPC resources (instances, security groups, volumes, and so on).
For more information, see the API Tools Reference.
Note
Currently, the AMI tools are compatible only with Ruby 1.8x.
Topics
• ec2-bundle-image (p. 662)
• ec2-bundle-vol (p. 666)
• ec2-delete-bundle (p. 671)
• ec2-download-bundle (p. 674)
• ec2-migrate-bundle (p. 677)
• ec2-migrate-manifest (p. 681)
• ec2-unbundle (p. 684)
• ec2-upload-bundle (p. 686)
• Common Options for AMI Tools (p. 688)
API Version 2013-08-15
661
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-image
Description
Creates an AMI from an operating system image created in a loopback file. For more information, see
Creating AMIs from a Loopback.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Note
Scripts that require a copy of the public key from the launch key pair must obtain the key from
the instance's metadata (not the key file in the instance store) for instances bundled with the
2007-08-29 AMI tools and later. AMIs bundled before this release will continue to work normally.
Syntax
ec2-bundle-image -k private_key -c cert -u user_id -i image_path -r {i386 |
x86_64} [-d destination] [-p ami_prefix] [--ec2cert cert_path] [--kernel
kernel-id] [--ramdisk ramdisk_id] [--block-device-mapping block_device_mapping]
Note
When the image is for an Ubuntu Linux distribution, you must manually add the following syntax
to this command:
--ec2cert /etc/ec2/amitools/cert-ec2.pem
Options
Description Option
The path to the user's PEM-encoded RSA key file.
Required: Yes
Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-k, --privatekey private_key
The user's PEM encoded RSA public key certificate file.
Required: Yes
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-c, --cert cert
The user's AWS account ID without dashes. Do not use the
Access Key ID.
Required: Yes
Example: -u 111122223333
-u, --user user_id
The path to the image to bundle.
Required: Yes
Example: -i
/var/spool/my-image/version-2/debian.img
-i, --image image_path
API Version 2013-08-15
662
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-image
Description Option
Image architecture. If you don't provide this on the command
line, you'll be prompted to provide it when the bundling starts.
Valid Values: i386 | x86_64
Required: Yes
Example: -r x86_64
-r, --arch architecture
The directory in which to create the bundle.
Default: /tmp
Required: No
Example: -d /var/run/my-bundle
-d, --destination destination
The filename prefix for bundled AMI files.
Default: The name of the image file. For example, if the image
path is /var/spool/my-image/version-2/debian.img,
then the default prefix is debian.img.
Required: No
Example: -p my-image-is-special
-p, --prefix ami_prefix
The path to the Amazon EC2 X.509 public key certificate.
Default: /etc/ec2/amitools/cert-ec2.pem (varies,
depending on tools)
Required: No
Example: --ec2cert /etc/ec2/amiutil/cert-ec2.pem
--ec2cert cert_path
The ID of the kernel to select.
Default: 2.6.16-xenU
Required: No
Example: --kernel aki-ba3adfd3
--kernel kernel_id
The ID of the RAM disk to select.
Note
It is recommended that PV-GRUB be used instead
of kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Required: No
Example: --ramdisk ari-badbad00
--ramdisk ramdisk_id
API Version 2013-08-15
663
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
Default block-device-mapping scheme with which to launch
the AMI. This defines how block devices are exposed to an
instance of this AMI if the instance type supports the specified
device.
The scheme is a comma-separated list of key=value pairs,
where each key is a virtual name and each value is the desired
device name. Virtual names include:
• ami—The root file system device, as seen by the instance
• root—The root file system device, as seen by the kernel
• swap—The swap device, as seen by the instance
• ephemeralN—The Nth ephemeral store
Required: No
Example: --block-device-mapping
ami=sda1,root=/dev/sda1,ephemeral0=sda2,swap=sda3
Example: --block-device-mapping
ami=0,root=/dev/dsk/c0d0s0,ephemeral0=1
--block-device-mapping mappings
Do not use the default filtered files list.
Required: No
--no-filter
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Status messages describing the stages and status of the bundling process.
Example
This example creates a bundled AMI from an operating system image that was created in a loopback file.
$ ec2-bundle-image -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-HKZYK
TAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333 -i image.img -d bundled/ -p
fred -r x86_64
Please specify a value for arch [i386]:
Bundling image file...
Splitting bundled/fred.gz.crypt...
Created fred.part.00
Created fred.part.01
Created fred.part.02
Created fred.part.03
Created fred.part.04
Created fred.part.05
Created fred.part.06
Created fred.part.07
Created fred.part.08
Created fred.part.09
Created fred.part.10
API Version 2013-08-15
664
Amazon Elastic Compute Cloud CLI Reference
Output
Created fred.part.11
Created fred.part.12
Created fred.part.13
Created fred.part.14
Generating digests for each part...
Digests generated.
Creating bundle manifest...
ec2-bundle-image complete.
Related Topics
• ec2-bundle-vol (p. 666)
• ec2-unbundle (p. 684)
• ec2-upload-bundle (p. 686)
• ec2-download-bundle (p. 674)
• ec2-delete-bundle (p. 671)
API Version 2013-08-15
665
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-bundle-vol
Description
Creates a bundled AMI by compressing, encrypting and signing a snapshot of the local machine's root
file system.
To use ec2-bundle-vol, first you must install the AMI tools on the instance you are bundling, then run
ec2-bundle-vol on that instance, not on a local system.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Note
Scripts that require a copy of the public key from the launch key pair must obtain the key from
the instance's metadata (not the key file in the instance store) for instances bundled with the
2007-08-29 AMI tools and later. AMIs bundled before this release will continue to work normally.
On a running instance, Amazon EC2 attempts to inherit product codes, kernel settings, RAM
disk settings, and block device mappings with which the instance launched.
Syntax
ec2-bundle-vol -k private_key -u user_id -c cert -r architecture [-s size] [-d
destination] [-e exclude_directory_1,exclude_directory_2,...] [-i
include_file_1,include_file_2,...] [-p ami_prefix] [-v volume] [--ec2cert
cert_path] [--fstab fstab_path] [--generate-fstab] [--kernel kernel-id]
[--ramdisk ramdisk_id] [--block-device-mapping block_device_mapping]
[--[no-]inherit] [--productcodes product_code]
Options
Description Option
The path to the user's PEM-encoded RSA key file.
Required: Yes
Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-k, --privatekey private_key
The user's AWS account ID without dashes. Do not use the
Access Key ID.
Required: Yes
Example: -u 111122223333
-u, --user user_id
The user's PEM encoded RSA public key certificate file.
Required: Yes
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-c, --cert cert
Image architecture. If you don't provide this on the command
line, you'll be prompted to provide it when the bundling starts.
Valid Values: i386 | x86_64
Required: Yes
Example: -r x86_64
-r, --arch architecture
API Version 2013-08-15
666
Amazon Elastic Compute Cloud CLI Reference
ec2-bundle-vol
Description Option
The size, in MB (1024 * 1024 bytes), of the image file to
create. The maximum size is 10240 MB.
Default: 10240
Required: No
Example: -s 2048
-s, --size size
The directory in which to create the bundle.
Default: /tmp
Required: No
Example: -d /var/run/my-bundle
-d, --destination destination
A list of absolute directory paths and files to exclude from the
bundle operation. This parameter overrides the --all option.
When exclude is specified, the directories and subdirectories
listed with the parameter will not be bundled with the volume.
Required: No
Example: Assuming the mount point of the volume is -v
/foo, and you want to exclude directories /foo/bar and
/foo/baz, specify -e /bar,/baz.
-e, --exclude
directory_1,directory_2,...
A list of files to include in the bundle operation. This option
overrides the exclusion of files that are filtered out by default
because they might contain sensitive information, such as
your AWS credentials.
Use this option to explicitly include a file that might contain
sensitive data — i.e., '*.sw', '*.swo', '*.swp', '*.pem', '*.priv',
'*.gpg', '*.jks', '*/.ssh/authorized_keys', '*/.bash_history'. The
files listed with the parameter will be bundled with the volume.
Required: No
Example: Assuming the mount point of the volume is -v
/mnt/myvol/ and you want to include file
/mnt/myvol/foo/bar.pem, specify -i /foo/bar.pem.
-i, --include
file_1,file_2,...
The filename prefix for bundled AMI files.
Default: image
Required: No
Example: -p my-image-is-special
-p, --prefix ami_prefix
The absolute path to the mounted volume from which to create
the bundle.
Default: The root directory (/)
Required: No
Example: -v /mnt/my-customized-ami
-v, --volume volume
Bundle all directories, including those on remotely mounted
file systems.
Required: No
Example: -a
-a, --all
API Version 2013-08-15
667
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
The path to the Amazon EC2 X.509 public key certificate.
Default: /etc/ec2/amitools/cert-ec2.pem (varies,
depending on tools)
Required: No
Example: --ec2cert /etc/ec2/amiutil/cert-ec2.pem
--ec2cert cert_path
The path to the fstab to bundle into the image. If this is not
specified, Amazon EC2 bundles /etc/fstab.
Required: No
Example: --fstab /etc/fstab
--fstab fstab_path
Causes Amazon EC2 to bundle the volume using an Amazon
EC2-provided fstab.
Required: No
Example: --generate-fstab
--generate-fstab
The ID of the kernel to select.
Required: No
Example: --kernel aki-ba3adfd3
--kernel kernel_id
The ID of the RAM disk to select.
Note
It is recommended that PV-GRUB be used instead
of kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Required: No
Example: --ramdisk ari-badbad00
--ramdisk ramdisk_id
Default block-device-mapping scheme with which to launch
the AMI. This defines how block devices are exposed to an
instance of this AMI if the instance type supports the specified
device.
The scheme is a comma-separated list of key=value pairs,
where each key is a virtual name and each value is the desired
device name. Virtual names include:
• ami—The root file system device, as seen by the instance
• root—The root file system device, as seen by the kernel
• swap—The swap device, as seen by the instance
• ephemeralN—The Nth ephemeral store
Required: No
Example: --block-device-mapping
ami=sda1,root=/dev/sda1,ephemeral0=sda2,swap=sda3
Example: --block-device-mapping
ami=0,root=/dev/dsk/c0d0s0,ephemeral0=1
--block-device-mapping mappings
API Version 2013-08-15
668
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
Whether the image should inherit the instance's metadata
(the default is to inherit). Bundling will fail if you enable inherit
but the instance metadata is not accessible.
Required: No
Example: --inherit
--[no-]inherit
Product code to attach to the image at registration time.
Required: No
Example: --productcodes 1234abcd
--productcodes product_code
Do not use the default filtered files list.
Important
The default filtered files list is used to avoid leaking
of sensitive information, such as AWS credentials.
Required: No
--no-filter
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Status messages describing the stages and status of the bundling.
Example
This example creates a bundled AMI by compressing, encrypting and signing a snapshot of the local
machine's root file system.
$ ec2-bundle-vol -d /mnt -k pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -c cert-
HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem -u 111122223333 -r x86_64
Copying / into the image file /mnt/image...
Excluding:
sys
dev/shm
proc
dev/pts
proc/sys/fs/binfmt_misc
dev
media
mnt
proc
sys
tmp/image
mnt/img-mnt
1+0 records in
1+0 records out
mke2fs 1.38 (30-Jun-2005)
warning: 256 blocks unused.
Splitting /mnt/image.gz.crypt...
Created image.part.00
API Version 2013-08-15
669
Amazon Elastic Compute Cloud CLI Reference
Output
Created image.part.01
Created image.part.02
Created image.part.03
...
Created image.part.22
Created image.part.23
Generating digests for each part...
Digests generated.
Creating bundle manifest...
Bundle Volume complete.
Related Topics
• ec2-bundle-image (p. 662)
• ec2-unbundle (p. 684)
• ec2-upload-bundle (p. 686)
• ec2-download-bundle (p. 674)
• ec2-delete-bundle (p. 671)
API Version 2013-08-15
670
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-delete-bundle
Description
Deletes the specified bundle from Amazon S3 storage.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Syntax
ec2-delete-bundle -b s3_bucket -a access_key_id -s secret_key [-m manifest_path]
[-p ami_prefix] [--url url] [--retry] [-y] [--clear]
Options
Description Option
The name of the Amazon S3 bucket containing the bundled
AMI, followed by an optional '/'-delimited path prefix
Required: Yes
Example: -b myawsbucket/ami-001
-b, --bucket s3_bucket
The AWS access key ID.
Required: Yes
Example: -a AKIAIOSFODNN7EXAMPLE
-a, --access-key access_key_id
The AWS secret access key.
Required: Yes
Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-s, --secret-key secret_key
The path to the unencrypted manifest file.
Required: Conditional
Condition: You must specify --prefix or --manifest.
Example: -m
/var/spool/my-first-bundle/image.manifest.xml
-m, --manifest manifest_path
The bundled AMI filename prefix. Provide the entire prefix.
For example, if the prefix is image.img, use -p image.img
and not -p image.
Required: Conditional
Condition: You must specify --prefix or --manifest.
Example: -p image.img
-p, --prefix ami_prefix
The Amazon S3 service URL.
Default: https://s3.amazonaws.com
Required: No
Example: --url https://s3.example.com
--url url
API Version 2013-08-15
671
Amazon Elastic Compute Cloud CLI Reference
ec2-delete-bundle
Description Option
Automatically retries on all Amazon S3 errors, up to five times
per operation.
Required: No
Example: --retry
--retry
Automatically assumes the answer to all prompts is 'yes'.
Required: No
Example: -y
-y, --yes
Deletes the specified bundle from the Amazon S3 bucket and
deletes the bucket, if empty.
Required: No
Example: --clear
--clear
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Amazon EC2 displays status messages indicating the stages and status of the delete process.
Example
This example deletes a bundle from Amazon S3.
$ ec2-delete-bundle -b myawsbucket -a AKIAIOSFODNN7EXAMPLE -s wJalrXUtn
FEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -p fred
Deleting files:
myawsbucket/fred.manifest.xml
myawsbucket/fred.part.00
myawsbucket/fred.part.01
myawsbucket/fred.part.02
myawsbucket/fred.part.03
myawsbucket/fred.part.04
myawsbucket/fred.part.05
myawsbucket/fred.part.06
Continue? [y/n]
y
Deleted myawsbucket/fred.manifest.xml
Deleted myawsbucket/fred.part.00
Deleted myawsbucket/fred.part.01
Deleted myawsbucket/fred.part.02
Deleted myawsbucket/fred.part.03
Deleted myawsbucket/fred.part.04
Deleted myawsbucket/fred.part.05
Deleted myawsbucket/fred.part.06
ec2-delete-bundle complete.
Related Topics
• ec2-bundle-image (p. 662)
API Version 2013-08-15
672
Amazon Elastic Compute Cloud CLI Reference
Output
• ec2-bundle-vol (p. 666)
• ec2-unbundle (p. 684)
• ec2-upload-bundle (p. 686)
• ec2-download-bundle (p. 674)
API Version 2013-08-15
673
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-download-bundle
Description
Downloads the specified bundles from S3 storage.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Syntax
ec2-download-bundle -b s3_bucket [-m manifest] -a access_key_id -s secret_key
-k private_key [-p ami_prefix] [-d directory] [--retry] [--url url]
Options
Description Option
The name of the Amazon S3 bucket where the bundle is
located, followed by an optional '/'-delimited path prefix.
Required: Yes
Example: -b myawsbucket/ami-001
-b, --bucket s3_bucket
The manifest filename (without the path). We recommend
you specify either the manifest (option -m), or the filename
prefix (option -p).
Required: No
Example: -m my-image.manifest.xml
-m, --manifest manifest
Your AWS access key ID.
Required: Yes
Example: -a AKIAIOSFODNN7EXAMPLE
-a, --access-key access_key_id
Your AWS secret access key.
Required: Yes
Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-s, --secret-key secret_key
The private key used to decrypt the manifest.
Required: Yes
Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-k, --privatekey private_key
The filename prefix for the bundled AMI files.
Default: image
Required: No
Example: -p my-image
-p, --prefix ami_prefix
API Version 2013-08-15
674
Amazon Elastic Compute Cloud CLI Reference
ec2-download-bundle
Description Option
The directory where the downloaded bundle is saved. The
directory must exist.
Default: The current working directory.
Required: No
Example: -d /tmp/my-downloaded-bundle
-d, --directory directory
Automatically retries on all Amazon S3 errors, up to five times
per operation.
Required: No
Example: --retry
--retry
The S3 service URL.
Default: https://s3.amazonaws.com
Required: No
Example: --url https://s3.example.com
--url url
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Status messages indicating the various stages of the download process are displayed.
Example
This example creates the bundled directory and downloads the bundle from the myawsbucket Amazon
S3 bucket.
$ mkdir bundled
$ ec2-download-bundle -b myawsbucket -m fred.manifest.xml -a AKIAIOSFODNN7EXAMPLE
-s wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -k pk-HKZYKTAIG2ECMXY
IBH3HXV4ZBEXAMPLE.pem -d bundled
downloading manifest https://s3.amazonaws.com/myawsbucket/image.manifest.xml
to bundled/image.manifest.xml ...
downloading part https://s3.amazonaws.com/myawsbucket/image.part.00 to
bundled/image.part.00 ...
Downloaded image.part.00 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.01 to
bundled/image.part.01 ...
Downloaded image.part.01 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.02 to
bundled/image.part.02 ...
Downloaded image.part.02 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.03 to
bundled/image.part.03 ...
Downloaded image.part.03 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.04 to
bundled/image.part.04 ...
Downloaded image.part.04 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.05 to
bundled/image.part.05 ...
API Version 2013-08-15
675
Amazon Elastic Compute Cloud CLI Reference
Output
Downloaded image.part.05 from https://s3.amazonaws.com/myawsbucket.
downloading part https://s3.amazonaws.com/myawsbucket/image.part.06 to
bundled/image.part.06 ...
Downloaded image.part.06 from https://s3.amazonaws.com/myawsbucket.
Download Bundle complete.
Note
This example uses the Linux and UNIX mkdir command.
Related Topics
• ec2-bundle-image (p. 662)
• ec2-bundle-vol (p. 666)
• ec2-unbundle (p. 684)
• ec2-upload-bundle (p. 686)
• ec2-delete-bundle (p. 671)
API Version 2013-08-15
676
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-migrate-bundle
Description
Copies a bundled AMI from one region to another.
Note
This tool is replaced by ec2-migrate-image (p. 512).
To get the AMI tools, go to Amazon EC2 AMI Tools.
Note
After copying a bundled AMI to a new region, make sure to register it as a new AMI.
During migration, Amazon EC2 replaces the kernel and RAM disk in the manifest file with a
kernel and RAM disk designed for the destination region. Unless the --no-mapping parameter
is given, ec2-migrate-bundle might use the Amazon EC2 DescribeRegions and
DescribeImages operations to perform automated mappings.
It is recommended that PV-GRUB be used instead of kernels and RAM disks. For more
information, see PV-GRUB: A New Amazon Kernel Image in the Amazon Elastic Compute Cloud
User Guide.
Syntax
ec2-migrate-bundle -k private_key -c cert -a access_key_id -s secret_key --bucket
source_s3_bucket --destination-bucket destination_s3_bucket --manifest
manifest_path [--location location] [--ec2cert ec2_cert_path] [--kernel
kernel-id] [--ramdisk ramdisk_id] [--no-mapping] [--region mapping_region_name]
Options
Description Option
The path to the user's PEM-encoded RSA key file.
Required: Yes
Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-k, --privatekey private_key
The user's PEM encoded RSA public key certificate file.
Required: Yes
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-c, --cert cert
The AWS access key ID.
Required: Yes
Example: -a AKIAIOSFODNN7EXAMPLE
-a, --access-key access_key_id
The AWS secret access key.
Required: Yes
Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-s, --secret-key secret_key
API Version 2013-08-15
677
Amazon Elastic Compute Cloud CLI Reference
ec2-migrate-bundle
Description Option
The source Amazon S3 bucket where the AMI is located,
followed by an optional '/'-delimited path prefix.
Required: Yes
Example: --bucket myawsbucket
-b, --bucket source_s3_bucket
The destination Amazon S3 bucket, followed by an optional
'/'-delimited path prefix. If the destination bucket does not
exist, it is created.
Required: Yes
Example: --destination-bucket myotherawsbucket
-d, --destination-bucket
destination_s3_bucket
The location of the Amazon S3 source manifest.
Default: None
Required: Yes
Example: --manifest my-ami.manifest.xml
-m, --manifest manifest
The location of the destination Amazon S3 bucket.
If the bucket exists and the location is specified, the tool exits
with an error. if the specified location does not match the
actual location. If the bucket exists and no location is specified,
the tool uses the bucket's location. If the bucket does not exist
and the location is specified, the tool creates the bucket in
the specified location. If the bucket does not exist and location
is not specified, the tool creates the bucket without a location
constraint (in the US).
Valid Values: US | EU | us-west-1 | ap-southeast-1
Default: US
Required: No
Example: --location EU
--location location
The access control list policy of the bundled image.
Valid Values: public-read | aws-exec-read
Default: aws-exec-read
Required: No
Example: --acl public-read
--acl {public-read |
aws-exec-read}
Automatically retries on all Amazon S3 errors, up to five times
per operation.
Required: No
Example: --retry
--retry
The ID of the kernel to select.
Required: No
Example: --kernel aki-ba3adfd3
--kernel kernel_id
API Version 2013-08-15
678
Amazon Elastic Compute Cloud CLI Reference
Options
Description Option
The ID of the RAM disk to select.
Note
It is recommended that PV-GRUB be used instead
of kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Required: No
Example: --ramdisk ari-badbad00
--ramdisk ramdisk_id
Disables automatic mapping of kernels and RAM disks.
Required: No
Example: --no-mapping
--no-mapping
Region to look up in the mapping file. If no region is specified,
Amazon EC2 attempts to determine the region from the
location of the Amazon S3 bucket.
Required: No
Example: --region eu-west-1
--region
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Status messages describing the stages and status of the bundling process.
Example
This example copies the AMI specified in the my-ami.manifest.xml manifest from the US to the EU.
$ ec2-migrate-bundle --cert cert-THUMBPRINT.pem --privatekey pk-THUMBPRINT.pem
--access-key AKIAIOSFODNN7EXAMPLE --secret-key wJalrXUtnFEMI/K7MDENG/bPxRfi
CYEXAMPLEKEY --bucket myawsbucket --destination-bucket myotherawsbucket --
manifest my-ami.manifest.xml --location EU
Downloading manifest my-ami.manifest.xml from myawsbucket to /tmp/ami-migration-
my-ami.manifest.xml/my-ami.manifest.xml ...
Copying 'my-ami.part.00'...
Copying 'my-ami.part.01'...
Copying 'my-ami.part.02'...
Copying 'my-ami.part.03'...
Copying 'my-ami.part.04'...
Copying 'my-ami.part.05'...
Copying 'my-ami.part.06'...
Copying 'my-ami.part.07'...
Copying 'my-ami.part.08'...
Copying 'my-ami.part.09'...
Copying 'my-ami.part.10'...
Your new bundle is in S3 at the following location:
myotherawsbucket/my-ami.manifest.xml
API Version 2013-08-15
679
Amazon Elastic Compute Cloud CLI Reference
Output
Related Topics
• ec2-register (p. 559)
• ec2-run-instances (p. 624)
API Version 2013-08-15
680
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-migrate-manifest
Description
Modifies a bundled AMI to work in a new region.
You must use this command if you are bundling in one region for use in another or if you copy a bundled
AMI out of band (without using ec2-migrate-bundle) and want to use it in a different region.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Note
This command replaces the kernel and RAM disk in the manifest file with a kernel and RAM disk
designed for the destination region.
It is recommended that PV-GRUB be used instead of kernels and RAM disks. For more
information, see PV-GRUB: A New Amazon Kernel Image in the Amazon Elastic Compute Cloud
User Guide.
Syntax
ec2-migrate-manifest -k private_key -c cert -m manifest_path {(-a access_key_id
-s secret_key --region mapping_region_name) | --no-mapping} [--kernel kernel-id]
[--ramdisk ramdisk_id] [--ec2cert ec2_cert_path]
Options
Description Option
The path to the user's PEM-encoded RSA key file.
Required: Yes
Example: -k
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-k, --privatekey private_key
The user's PEM encoded RSA public key certificate file.
Required: Yes
Example: -c
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem
-c, --cert cert
The AWS access key ID.
Required: Conditional
Condition: Required if using automatic mapping.
Example: -a AKIAIOSFODNN7EXAMPLE
-a, --access-key access_key_id
The AWS secret access key.
Required: Conditional
Condition: Required if using automatic mapping.
Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-s, --secret-key secret_key
The manifest file.
Required: Yes
Example: --manifest my-ami.manifest.xml
--manifest manifest_path
API Version 2013-08-15
681
Amazon Elastic Compute Cloud CLI Reference
ec2-migrate-manifest
Description Option
The ID of the kernel to select.
Required: No
Example: --kernel aki-ba3adfd3
--kernel kernel_id
The ID of the RAM disk to select.
Note
It is recommended that PV-GRUB be used instead
of kernels and RAM disks. For more information, see
PV-GRUB: A New Amazon Kernel Image in the
Amazon Elastic Compute Cloud User Guide.
Required: No
Example: --ramdisk ari-badbad00
--ramdisk ramdisk_id
Overrides the file containing kernel and RAM disk region
mappings.
Required: No
Example: --mapping-file eu-mappings
--mapping-file mapping_file
Overrides the file containing kernel and RAM disk region
mappings from the specified hostname portion of a URL.
Required: No
Example: --mapping-url mysite.com/eu-mappings
--mapping-url url
Disables automatic mapping of kernels and RAM disks.
Required: Conditional
Condition: Required if you're not providing the -a, -s, and
--region options (which are used for automatic mapping).
--no-mapping
Region to look up in the mapping file.
Condition: Required if using automatic mapping.
Required: Conditional
Example: --region eu-west-1
--region
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Status messages describing the stages and status of the bundling process.
Example
This example copies the AMI specified in the my-ami.manifest.xml manifest from the US to the EU.
$ ec2-migrate-manifest --manifest my-ami.manifest.xml --cert cert-HKZYKTAIG2ECMXY
IBH3HXV4ZBZQ55CLO.pem --privatekey pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem --
region eu-west-1
Backing up manifest...
API Version 2013-08-15
682
Amazon Elastic Compute Cloud CLI Reference
Output
Successfully migrated my-ami.manifest.xml It is now suitable for use in eu-west-
1.
Related Topics
• ec2-register (p. 559)
• ec2-run-instances (p. 624)
API Version 2013-08-15
683
Amazon Elastic Compute Cloud CLI Reference
Related Topics
ec2-unbundle
Description
Recreates the AMI from the bundled AMI parts.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Syntax
ec2-unbundle -m manifest -k private_key [-d destination_directory] [-s
source_directory]
Options
Description Option
The path to the unencrypted AMI manifest file.
Required: Yes
Example: -m /var/spool/my-first-bundle/Manifest
-m, --manifest manifest
The path to your PEM-encoded RSA key file.
Required: Yes
Example: -k $HOME/pk-234242example.pem
-k, --privatekey private_key
The directory in which to unbundle the AMI. The destination
directory must exist.
Default: The current directory.
Required: No
Example: -d /tmp/my-image
-d, --destination
destination_directory
The directory containing the bundled AMI parts.
Default: The current directory.
Required: No
Example: -s /tmp/my-bundled-image
-s, --source source_directory
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Example
This Linux and UNIX example unbundles the AMI specified in the fred.manifest.xml file.
$ mkdir unbundled
$ ec2-unbundle -m fred.manifest.xml -s bundled -d unbundled
$ ls -l unbundled
total 1025008
API Version 2013-08-15
684
Amazon Elastic Compute Cloud CLI Reference
ec2-unbundle
-rw-r--r-- 1 root root 1048578048 Aug 25 23:46 fred.img
Output
Status messages indicating the various stages of the unbundling process are displayed.
Related Topics
• ec2-bundle-image (p. 662)
• ec2-bundle-vol (p. 666)
• ec2-upload-bundle (p. 686)
• ec2-download-bundle (p. 674)
• ec2-delete-bundle (p. 671)
API Version 2013-08-15
685
Amazon Elastic Compute Cloud CLI Reference
Output
ec2-upload-bundle
Description
Uploads a bundled AMI to Amazon S3 storage.
To get the AMI tools, go to Amazon EC2 AMI Tools.
Syntax
ec2-upload-bundle -b s3_bucket -m manifest -a access_key_id -s secret_key [--acl
acl] [-d directory] [--part part] [--location location] [--url url] [--retry]
[--skipmanifest]
Options
Description Option
The name of the Amazon S3 bucket in which to store the
bundle, followed by an optional '/'-delimited path prefix. If the
bucket doesn't exist it will be created (if the bucket name is
available).
Required: Yes
Example: -b myawsbucket/ami-001
-b, --bucket s3_bucket
The path to the manifest file. The manifest file is created
during the bundling process and can be found in the directory
containing the bundle.
Required: Yes
Example: -m image.manifest.xml
-m, --manifest manifest
Your AWS access key ID.
Required: Yes
Example: -a AKIAIOSFODNN7EXAMPLE
-a, --access-key access_key_id
Your AWS secret access key.
Required: Yes
Example: -s
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-s, --secret-key secret_key
The access control list policy of the bundled image.
Valid Values: public-read | aws-exec-read
Default: aws-exec-read
Required: No
Example: --acl public-read
acl
The directory containing the bundled AMI parts.
Default: The directory containing the manifest file (see the -m
option).
Required: No
Example: -d /var/run/my-bundle
-d, --directory directory
API Version 2013-08-15
686
Amazon Elastic Compute Cloud CLI Reference
ec2-upload-bundle
Description Option
Starts uploading the specified part and all subsequent parts.
Required: No
Example: --part 04
--part part
The location of the destination Amazon S3 bucket.
If the bucket exists and you specify a location that doesn't
match the bucket's actual location, the tool exits with an error.
If the bucket exists and you don't specify a location, the tool
uses the bucket's location. If the bucket does not exist and
you specify a location, the tool creates the bucket in the
specified location. If the bucket does not exist and you don't
specify a location, the tool creates the bucket without a
location constraint (in the US).
Valid Values: US | EU | us-west-1 | ap-southeast-1
Default: US
Required: No
Example: --location EU
--location location
The S3 service URL.
Default: https://s3.amazonaws.com
Required: No
Example: --url https://s3.example.com
--url url
Automatically retries on all Amazon S3 errors, up to five times
per operation.
Required: No
Example: --retry
--retry
Does not upload the manifest.
Required: No
Example: --skipmanifest
--skipmanifest
For options common to most of the AMI Tools, go to Common
Options for AMI Tools (p. 688).
Common options
Output
Amazon EC2 displays status messages that indicate the stages and status of the upload process.
Example
This example uploads the bundle specified by the bundled/fred.manifest.xml manifest.
$ ec2-upload-bundle -b myawsbucket -m bundled/fred.manifest.xml -a AKIAIOSFOD
NN7EXAMPLE -s wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Creating bucket...
Uploading bundled image parts to the S3 bucket myawsbucket ...
Uploaded fred.part.00
Uploaded fred.part.01
API Version 2013-08-15
687
Amazon Elastic Compute Cloud CLI Reference
Output
Uploaded fred.part.02
Uploaded fred.part.03
Uploaded fred.part.04
Uploaded fred.part.05
Uploaded fred.part.06
Uploaded fred.part.07
Uploaded fred.part.08
Uploaded fred.part.09
Uploaded fred.part.10
Uploaded fred.part.11
Uploaded fred.part.12
Uploaded fred.part.13
Uploaded fred.part.14
Uploading manifest ...
Uploaded manifest.
Bundle upload completed.
Related Topics
• ec2-bundle-image (p. 662)
• ec2-bundle-vol (p. 666)
• ec2-unbundle (p. 684)
• ec2-download-bundle (p. 674)
• ec2-delete-bundle (p. 671)
Common Options for AMI Tools
Most of the commands described in this section accept the set of optional parameters described in the
following table.
Description Option
Display the help message. --help, -h
Displays the version and copyright notice. --version
Displays the manual entry. --manual
Runs in batch mode, suppressing user interaction and
confirmation.
--batch
Prints internal debugging information. This is useful to assist
us when troubleshooting problems.
--debug
API Version 2013-08-15
688
Amazon Elastic Compute Cloud CLI Reference
Related Topics