AWS CLIを使ってみる。

新しいAWS CLIが出ていたので試してみました。(2013/02/08現在)

Amazon Linuxで以下の手順でインストールしてます。

sudo easy_install awscli

次にawscliconfig.txtを作成して、以下のように書き込みます。

aws_access_key_id = AKIAJFLJI2KDXLJIYVCA
aws_secret_access_key = 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
region = ap-northeast-1

AWS_CONFIG_FILE環境変数を以下のように設定

export AWS_CONFIG_FILE=/home/ec2-user/awscliconfig.txt

以上で準備完了。
早速、コマンドを実行してみると、

aws ec2 describe-instances

$ aws ec2 describe-instances
{
    "reservationSet": [
        {
            "ownerId": xxxx.......

というJSON形式で表示される。
以下のように--output text でテキスト形式での出力も可能

 aws ec2 describe-instances --output text
8d403395-265f-480b-a96a-cda801cae99a
XXXXXXXXXXXXX    r-21297821
Vyatta  sg-XXXXXXXXXX
aki-d609a2d7    i-555555555      ami-0ce9430d    ap-northeast    IuAhY1344502383480      0       t1.micro

ちなみに、helpコマンドでどんなコマンドが実行できるか確認してみた。

$ aws help

aws
    The AWS Command Line Interface is a unified tool that provides a consistent
    interface for interacting with all parts of AWS.

    aws [options] service operation [parameters]

    Use 'aws service help' for information on a specific
    service.

    Available services:
      * autoscaling
      * cloudformation
      * cloudwatch
      * directconnect
      * ec2
      * elasticbeanstalk
      * elb
      * emr
      * iam
      * rds
      * s3
      * ses
      * sns
      * sqs
      * sts

    Options
        --output <output_format>
          * json
          * text
        --region <region_name>
          * ap-northeast-1
          * ap-southeast-1
          * ap-southeast-2
          * eu-west-1
          * sa-east-1
          * us-east-1
          * us-gov-west-1
          * us-west-1
          * us-west-2
        --no-verify-ssl
            Override default behavior of verifying SSL certificates
        --version
            Display the version of this tool
        --debug
            Turn on debug logging
        --profile <profile_name>
            Use a specific profile from your credential file
        --endpoint-url <endpoint_url>
            Override service's default URL with the given URL

EC2関連コマンドは下記

$ aws ec2 help

NAME
    ec2

DESCRIPTION

    Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides
    resizable compute capacity in the cloud. It is designed to make web-scale
    computing easier for developers.

    Amazon EC2's simple web service interface allows you to obtain and configure
    capacity with minimal friction. It provides you with complete control of
    your computing resources and lets you run on Amazon's proven computing
    environment. Amazon EC2 reduces the time required to obtain and boot new
    server instances to minutes, allowing you to quickly scale capacity, both up
    and down, as your computing requirements change. Amazon EC2 changes the
    economics of computing by allowing you to pay only for capacity that you
    actually use. Amazon EC2 provides developers the tools to build failure
    resilient applications and isolate themselves from common failure scenarios.

    Visit http://aws.amazon.com/ec2/ for more information.

    activate-license

        Activates a specific number of licenses for a 90-day period. Activations
        can be done against a specific license ID.

    allocate-address

        The AllocateAddress operation acquires an elastic IP address for use
        with your account.

    assign-private-ip-addresses
    associate-address

        The AssociateAddress operation associates an elastic IP address with an
        instance.

        If the IP address is currently assigned to another instance, the IP
        address is assigned to the new instance. This is an idempotent
        operation. If you enter it more than once, Amazon EC2 does not return an
        error.

    associate-dhcp-options

        Associates a set of DHCP options (that you've previously created) with
        the specified VPC. Or, associates the default DHCP options with the VPC.
        The default set consists of the standard EC2 host name, no domain name,
        no DNS server, no NTP server, and no NetBIOS server or node type. After
        you associate the options with the VPC, any existing instances and all
        new instances that you launch in that VPC use the options. For more
        information about the supported DHCP options and using them with Amazon
        VPC, go to Using DHCP Options in the Amazon Virtual Private Cloud
        Developer Guide.

    associate-route-table

        Associates a subnet with a route table. The subnet and route table must
        be in the same VPC. This association causes traffic originating from the
        subnet to be routed according to the routes in the route table. The
        action returns an association ID, which you need if you want to
        disassociate the route table from the subnet later. A route table can be
        associated with multiple subnets.

        For more information about route tables, go toRoute Tablesin the
        Amazon Virtual Private Cloud User Guide.

    attach-internet-gateway

        Attaches an Internet gateway to a VPC, enabling connectivity between the
        Internet and the VPC. For more information about your VPC and Internet
        gateway, go to the Amazon Virtual Private Cloud User Guide.

    attach-network-interface
    attach-volume

        Attach a previously created volume to a running instance.

    attach-vpn-gateway

        Attaches a VPN gateway to a VPC. This is the last step required to get
        your VPC fully connected to your data center before launching instances
        in it. For more information, go to Process for Using Amazon VPC in the
        Amazon Virtual Private Cloud Developer Guide.

    authorize-security-group-egress

        This action applies only to security groups in a VPC; it's not supported
        for EC2 security groups. For information about Amazon Virtual Private
        Cloud and VPC security groups, go to the Amazon Virtual Private Cloud
        User Guide.

        The action adds one or more egress rules to a VPC security group.
        Specifically, this permits instances in a security group to send traffic
        to either one or more destination CIDR IP address ranges, or to one or
        more destination security groups in the same VPC.

        Each rule consists of the protocol (e.g., TCP), plus either a CIDR
        range, or a source group. For the TCP and UDP protocols, you must also
        specify the destination port or port range. For the ICMP protocol, you
        must also specify the ICMP type and code. You can use -1 as a
        wildcard for the ICMP type or code.

        Rule changes are propagated to instances within the security group as
        quickly as possible. However, a small delay might occur.

         Important:For VPC security groups: You can have up to 50 rules total
        per group (covering both ingress and egress).

    authorize-security-group-ingress

        The AuthorizeSecurityGroupIngress operation adds permissions to a
        security group.

        Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
        source of the request (by IP range or an Amazon EC2 user-group pair),
        the source and destination port ranges (for TCP and UDP), and the ICMP
        codes and types (for ICMP). When authorizing ICMP, -1 can be
        used as a wildcard in the type and code fields.

        Permission changes are propagated to instances within the security group
        as quickly as possible. However, depending on the number of instances, a
        small delay might occur.

    bundle-instance

        The BundleInstance operation request that an instance is bundled the
        next time it boots. The bundling process creates a new image from a
        running instance and stores the AMI data in S3. Once bundled, the image
        must be registered in the normal way using the RegisterImage API.

    cancel-bundle-task

        CancelBundleTask operation cancels a pending or in-progress bundling
        task. This is an asynchronous call and it make take a while for the task
        to be canceled. If a task is canceled while it is storing items, there
        may be parts of the incomplete AMI stored in S3. It is up to the caller
        to clean up these parts from S3.

    cancel-conversion-task
    cancel-export-task
    cancel-reserved-instances-listing
    cancel-spot-instance-requests

        Cancels one or more Spot Instance requests.

        Spot Instances are instances that Amazon EC2 starts on your behalf when
        the maximum price that you specify exceeds the current Spot Price.
        Amazon EC2 periodically sets the Spot Price based on available Spot
        Instance capacity and current spot instance requests.

        For conceptual information about Spot Instances, refer to the Amazon
        Elastic Compute Cloud Developer Guide  or Amazon Elastic Compute
        Cloud User Guide .

    confirm-product-instance

        The ConfirmProductInstance operation returns true if the specified
        product code is attached to the specified instance. The operation
        returns false if the product code is not attached to the instance.

        The ConfirmProductInstance operation can only be executed by the owner
        of the AMI. This feature is useful when an AMI owner is providing
        support and wants to verify whether a user's instance is eligible.

    copy-snapshot
    create-customer-gateway

        Provides information to AWS about your customer gateway device. The
        customer gateway is the appliance at your end of the VPN connection
        (compared to the VPN gateway, which is the device at the AWS side of the
        VPN connection). You can have a single active customer gateway per AWS
        account (active means that you've created a VPN connection to use with
        the customer gateway). AWS might delete any customer gateway that you
        create with this operation if you leave it inactive for an extended
        period of time.

        You must provide the Internet-routable IP address of the customer
        gateway's external interface. The IP address must be static.

        You must also provide the device's Border Gateway Protocol (BGP)
        Autonomous System Number (ASN). You can use an existing ASN assigned to
        your network. If you don't have an ASN already, you can use a private
        ASN (in the 64512 - 65534 range). For more information about ASNs, go to
         http://en.wikipedia.org/wiki/Autonomous_system_%28Internet%29.

    create-dhcp-options

        Creates a set of DHCP options that you can then associate with one or
        more VPCs, causing all existing and new instances that you launch in
        those VPCs to use the set of DHCP options. The following table lists the
        individual DHCP options you can specify. For more information about the
        options, go to http://www.ietf.org/rfc/rfc2132.txt

    create-image

        Creates an Amazon EBS-backed AMI from a "running" or "stopped" instance.
        AMIs that use an Amazon EBS root device boot faster than AMIs that use
        instance stores. They can be up to 1 TiB in size, use storage that
        persists on instance failure, and can be stopped and started.

    create-instance-export-task
    create-internet-gateway

        Creates a new Internet gateway in your AWS account. After creating the
        Internet gateway, you then attach it to a VPC using
        AttachInternetGateway. For more information about your VPC and
        Internet gateway, go to Amazon Virtual Private Cloud User Guide.

    create-key-pair

        The CreateKeyPair operation creates a new 2048 bit RSA key pair and
        returns a unique ID that can be used to reference this key pair when
        launching new instances. For more information, see RunInstances.

    create-network-acl

        Creates a new network ACL in a VPC. Network ACLs provide an optional
        layer of security (on top of security groups) for the instances in your
        VPC. For more information about network ACLs, go to Network ACLs in the
        Amazon Virtual Private Cloud User Guide.

    create-network-acl-entry

        Creates an entry (i.e., rule) in a network ACL with a rule number you
        specify. Each network ACL has a set of numbered ingress rules and a
        separate set of numbered egress rules. When determining whether a packet
        should be allowed in or out of a subnet associated with the ACL, Amazon
        VPC processes the entries in the ACL according to the rule numbers, in
        ascending order.

         Important:We recommend that you leave room between the rules (e.g.,
        100, 110, 120, etc.), and not number them sequentially (101, 102, 103,
        etc.). This allows you to easily add a new rule between existing ones
        without having to renumber the rules.

        After you add an entry, you can't modify it; you must either replace it,
        or create a new entry and delete the old one.

        For more information about network ACLs, go to Network ACLs in the
        Amazon Virtual Private Cloud User Guide.

    create-network-interface
    create-placement-group

        Creates a PlacementGroup into which multiple Amazon EC2
        instances can be launched. Users must give the group a name unique
        within the scope of the user account.

    create-reserved-instances-listing
    create-route

        Creates a new route in a route table within a VPC. The route's target
        can be either a gateway attached to the VPC or a NAT instance in the
        VPC.

        When determining how to route traffic, we use the route with the most
        specific match. For example, let's say the traffic is destined for
        192.0.2.3, and the route table includes the following two
        routes:

          *  192.0.2.0/24 (goes to some target A)
          *  192.0.2.0/28 (goes to some target B)
        Both routes apply to the traffic destined for 192.0.2.3.
        However, the second route in the list is more specific, so we use that
        route to determine where to target the traffic.

        For more information about route tables, go toRoute Tablesin the
        Amazon Virtual Private Cloud User Guide.

    create-route-table

        Creates a new route table within a VPC. After you create a new route
        table, you can add routes and associate the table with a subnet. For
        more information about route tables, go to Route Tablesin the
        Amazon Virtual Private Cloud User Guide.

    create-security-group

        The CreateSecurityGroup operation creates a new security group.

        Every instance is launched in a security group. If no security group is
        specified during launch, the instances are launched in the default
        security group. Instances within the same security group have
        unrestricted network access to each other. Instances will reject network
        access attempts from other instances in a different security group. As
        the owner of instances you can grant or revoke specific permissions
        using the AuthorizeSecurityGroupIngress and RevokeSecurityGroupIngress
        operations.

    create-snapshot

        Create a snapshot of the volume identified by volume ID. A volume does
        not have to be detached at the time the snapshot is taken. Snapshot
        creation requires that the system is in a consistent state. For
        instance, this means that if taking a snapshot of a database, the tables
        must be read-only locked to ensure that the snapshot will not contain a
        corrupted version of the database. Therefore, be careful when using this
        API to ensure that the system remains in the consistent state until the
        create snapshot status has returned.

    create-spot-datafeed-subscription

        Creates the data feed for Spot Instances, enabling you to view Spot
        Instance usage logs. You can create one data feed per account.

        For conceptual information about Spot Instances, refer to the Amazon
        Elastic Compute Cloud Developer Guide  or Amazon Elastic Compute
        Cloud User Guide .

    create-subnet

        Creates a subnet in an existing VPC. You can create up to 20 subnets in
        a VPC. If you add more than one subnet to a VPC, they're set up in a
        star topology with a logical router in the middle. When you create each
        subnet, you provide the VPC ID and the CIDR block you want for the
        subnet. Once you create a subnet, you can't change its CIDR block. The
        subnet's CIDR block can be the same as the VPC's CIDR block (assuming
        you want only a single subnet in the VPC), or a subset of the VPC's CIDR
        block. If you create more than one subnet in a VPC, the subnets' CIDR
        blocks must not overlap. The smallest subnet (and VPC) you can create
        uses a /28 netmask (16 IP addresses), and the largest uses a
        /18 netmask (16,384 IP addresses).

        AWS reserves both the first four and the last IP address in each
        subnet's CIDR block. They're not available for use.

    create-tags

        Adds or overwrites tags for the specified resources. Each resource can
        have a maximum of 10 tags. Each tag consists of a key-value pair. Tag
        keys must be unique per resource.

    create-volume

        Initializes an empty volume of a given size.

    create-vpc

        Creates a VPC with the CIDR block you specify. The smallest VPC you can
        create uses a /28 netmask (16 IP addresses), and the largest
        uses a /18 netmask (16,384 IP addresses). To help you decide how
        big to make your VPC, go to the topic about creating VPCs in the Amazon
        Virtual Private Cloud Developer Guide.

        By default, each instance you launch in the VPC has the default DHCP
        options (the standard EC2 host name, no domain name, no DNS server, no
        NTP server, and no NetBIOS server or node type).

    create-vpn-connection

        Creates a new VPN connection between an existing VPN gateway and
        customer gateway. The only supported connection type is ipsec.1.

        The response includes information that you need to configure your
        customer gateway, in XML format. We recommend you use the command line
        version of this operation (ec2-create-vpn-connection), which
        takes an -f option (for format) and returns configuration
        information formatted as expected by the vendor you specified, or in a
        generic, human readable format. For information about the command, go to
        ec2-create-vpn-connection in the Amazon Virtual Private Cloud
        Command Line Reference.

        We strongly recommend you use HTTPS when calling this operation because
        the response contains sensitive cryptographic information for
        configuring your customer gateway.

        If you decide to shut down your VPN connection for any reason and then
        create a new one, you must re-configure your customer gateway with the
        new information returned from this call.

    create-vpn-connection-route
    create-vpn-gateway

        Creates a new VPN gateway. A VPN gateway is the VPC-side endpoint for
        your VPN connection. You can create a VPN gateway before creating the
        VPC itself.

    deactivate-license

        Deactivates a specific number of licenses. Deactivations can be done
        against a specific license ID after they have persisted for at least a
        90-day period.

    delete-customer-gateway

        Deletes a customer gateway. You must delete the VPN connection before
        deleting the customer gateway.

        You can have a single active customer gateway per AWS account (active
        means that you've created a VPN connection with that customer gateway).
        AWS might delete any customer gateway you leave inactive for an extended
        period of time.

    delete-dhcp-options

        Deletes a set of DHCP options that you specify. Amazon VPC returns an
        error if the set of options you specify is currently associated with a
        VPC. You can disassociate the set of options by associating either a new
        set of options or the default options with the VPC.

    delete-internet-gateway

        Deletes an Internet gateway from your AWS account. The gateway must not
        be attached to a VPC. For more information about your VPC and Internet
        gateway, go to Amazon Virtual Private Cloud User Guide.

    delete-key-pair

        The DeleteKeyPair operation deletes a key pair.

    delete-network-acl

        Deletes a network ACL from a VPC. The ACL must not have any subnets
        associated with it. You can't delete the default network ACL. For more
        information about network ACLs, go to Network ACLs in the Amazon Virtual
        Private Cloud User Guide.

    delete-network-acl-entry

        Deletes an ingress or egress entry (i.e., rule) from a network ACL. For
        more information about network ACLs, go to Network ACLs in the Amazon
        Virtual Private Cloud User Guide.

    delete-network-interface
    delete-placement-group

        Deletes a PlacementGroup from a user's account. Terminate all
        Amazon EC2 instances in the placement group before deletion.

    delete-route

        Deletes a route from a route table in a VPC. For more information about
        route tables, go toRoute Tablesin the Amazon Virtual Private
        Cloud User Guide.

    delete-route-table

        Deletes a route table from a VPC. The route table must not be associated
        with a subnet. You can't delete the main route table. For more
        information about route tables, go toRoute Tablesin the Amazon
        Virtual Private Cloud User Guide.

    delete-security-group

        The DeleteSecurityGroup operation deletes a security group.

        If you attempt to delete a security group that contains instances, a
        fault is returned.

        If you attempt to delete a security group that is referenced by another
        security group, a fault is returned. For example, if security group B
        has a rule that allows access from security group A, security group A
        cannot be deleted until the allow rule is removed.

    delete-snapshot

        Deletes the snapshot identified by snapshotId.

    delete-spot-datafeed-subscription

        Deletes the data feed for Spot Instances.

        For conceptual information about Spot Instances, refer to the Amazon
        Elastic Compute Cloud Developer Guide  or Amazon Elastic Compute
        Cloud User Guide .

    delete-subnet

        Deletes a subnet from a VPC. You must terminate all running instances in
        the subnet before deleting it, otherwise Amazon VPC returns an error.

    delete-tags

        Deletes tags from the specified Amazon EC2 resources.

    delete-volume

        Deletes a previously created volume. Once successfully deleted, a new
        volume can be created with the same name.

    delete-vpc

        Deletes a VPC. You must detach or delete all gateways or other objects
        that are dependent on the VPC first. For example, you must terminate all
        running instances, delete all VPC security groups (except the default),
        delete all the route tables (except the default), etc.

    delete-vpn-connection

        Deletes a VPN connection. Use this if you want to delete a VPC and all
        its associated components. Another reason to use this operation is if
        you believe the tunnel credentials for your VPN connection have been
        compromised. In that situation, you can delete the VPN connection and
        create a new one that has new keys, without needing to delete the VPC or
        VPN gateway. If you create a new VPN connection, you must reconfigure
        the customer gateway using the new configuration information returned
        with the new VPN connection ID.

        If you're deleting the VPC and all its associated parts, we recommend
        you detach the VPN gateway from the VPC and delete the VPC before
        deleting the VPN connection.

    delete-vpn-connection-route
    delete-vpn-gateway

        Deletes a VPN gateway. Use this when you want to delete a VPC and all
        its associated components because you no longer need them. We recommend
        that before you delete a VPN gateway, you detach it from the VPC and
        delete the VPN connection. Note that you don't need to delete the VPN
        gateway if you just want to delete and re-create the VPN connection
        between your VPC and data center.

    deregister-image

        The DeregisterImage operation deregisters an AMI. Once deregistered,
        instances of the AMI can no longer be launched.

    describe-addresses

        The DescribeAddresses operation lists elastic IP addresses assigned to
        your account.

    describe-availability-zones

        The DescribeAvailabilityZones operation describes availability zones
        that are currently available to the account and their states.

        Availability zones are not the same across accounts. The availability
        zone us-east-1a for account A is not necessarily the same as
        us-east-1a for account B. Zone assignments are mapped
        independently for each account.

    describe-bundle-tasks

        The DescribeBundleTasks operation describes in-progress and recent
        bundle tasks. Complete and failed tasks are removed from the list a
        short time after completion. If no bundle ids are given, all bundle
        tasks are returned.

    describe-conversion-tasks
    describe-customer-gateways

        Gives you information about your customer gateways. You can filter the
        results to return information only about customer gateways that match
        criteria you specify. For example, you could ask to get information
        about a particular customer gateway (or all) only if the gateway's state
        is pending or available. You can specify multiple filters (e.g., the
        customer gateway has a particular IP address for the Internet-routable
        external interface, and the gateway's state is pending or available).
        The result includes information for a particular customer gateway only
        if the gateway matches all your filters. If there's no match, no special
        message is returned; the response is simply empty. The following table
        shows the available filters.

    describe-dhcp-options

        Gives you information about one or more sets of DHCP options. You can
        specify one or more DHCP options set IDs, or no IDs (to describe all
        your sets of DHCP options). The returned information consists of:

          * The DHCP options set ID
          * The options
    describe-export-tasks
    describe-image-attribute

        The DescribeImageAttribute operation returns information about an
        attribute of an AMI. Only one attribute can be specified per call.

    describe-images

        The DescribeImages operation returns information about AMIs, AKIs, and
        ARIs available to the user. Information returned includes image type,
        product codes, architecture, and kernel and RAM disk IDs. Images
        available to the user include public images available for any user to
        launch, private images owned by the user making the request, and private
        images owned by other users for which the user has explicit launch
        permissions.

        Launch permissions fall into three categories:

          *  Public:The owner of the AMI granted launch permissions for the AMI
            to the all group. All users have launch permissions for these AMIs.
          *  Explicit:The owner of the AMI granted launch permissions to a
            specific user.
          *  Implicit:A user has implicit launch permissions for all AMIs he or
            she owns.
        The list of AMIs returned can be modified by specifying AMI IDs, AMI
        owners, or users with launch permissions. If no options are specified,
        Amazon EC2 returns all AMIs for which the user has launch permissions.

        If you specify one or more AMI IDs, only AMIs that have the specified
        IDs are returned. If you specify an invalid AMI ID, a fault is returned.
        If you specify an AMI ID for which you do not have access, it will not
        be included in the returned results.

        If you specify one or more AMI owners, only AMIs from the specified
        owners and for which you have access are returned. The results can
        include the account IDs of the specified owners, amazon for AMIs owned
        by Amazon or self for AMIs that you own.

        If you specify a list of executable users, only users that have launch
        permissions for the AMIs are returned. You can specify account IDs (if
        you own the AMI(s)), self for AMIs for which you own or have explicit
        permissions, or all for public AMIs. Deregistered images are included in
        the returned results for an unspecified interval after deregistration.

    describe-instance-attribute

        Returns information about an attribute of an instance. Only one
        attribute can be specified per call.

    describe-instance-status

        Describes the status of an Amazon Elastic Compute Cloud (Amazon EC2)
        instance. Instance status provides information about two types of
        scheduled events for an instance that may require your attention:

          * Scheduled Reboot: When Amazon EC2 determines that an instance must
            be rebooted, the instance's status will return one of two event
            codes: system-reboot or instance-reboot. System
            reboot commonly occurs if certain maintenance or upgrade operations
            require a reboot of the underlying host that supports an instance.
            Instance reboot commonly occurs if the instance must be rebooted,
            rather than the underlying host. Rebooting events include a
            scheduled start and end time.
          * Scheduled Retirement: When Amazon EC2 determines that an instance
            must be shut down, the instance's status will return an event code
            called instance-retirement. Retirement commonly occurs when
            the underlying host is degraded and must be replaced. Retirement
            events include a scheduled start and end time. You're also notified
            by email if one of your instances is set to retiring. The email
            message indicates when your instance will be permanently retired.
        If your instance is permanently retired, it will not be restarted. You
        can avoid retirement by manually restarting your instance when its event
        code is instance-retirement. This ensures that your instance is
        started on a healthy host.

         DescribeInstanceStatus returns information only for instances
        in the running state.

        You can filter the results to return information only about instances
        that match criteria you specify. For example, you could get information
        about instances in a specific Availability Zone. You can specify
        multiple values for a filter (e.g., more than one Availability Zone). An
        instance must match at least one of the specified values for it to be
        included in the results.

        You can specify multiple filters. An instance must match all the filters
        for it to be included in the results. If there's no match, no special
        message is returned; the response is simply empty.

        You can use wildcards with the filter values: * matches zero or
        more characters, and ? matches exactly one character. You can
        escape special characters using a backslash before the character. For
        example, a value of \*amazon\?\\ searches for the literal string
        *amazon?\.

        The following filters are available:

          *  availability-zone - Filter on an instance's availability
            zone.
          *  instance-state-name - Filter on the intended state of the
            instance, e.g., running.
          *  instance-state-code - Filter on the intended state code of
            the instance, e.g., 16.
    describe-instances

        The DescribeInstances operation returns information about instances that
        you own.

        If you specify one or more instance IDs, Amazon EC2 returns information
        for those instances. If you do not specify instance IDs, Amazon EC2
        returns information for all relevant instances. If you specify an
        invalid instance ID, a fault is returned. If you specify an instance
        that you do not own, it will not be included in the returned results.

        Recently terminated instances might appear in the returned results. This
        interval is usually less than one hour.

    describe-internet-gateways

        Gives you information about your Internet gateways. You can filter the
        results to return information only about Internet gateways that match
        criteria you specify. For example, you could get information only about
        gateways with particular tags. The Internet gateway must match at least
        one of the specified values for it to be included in the results.

        You can specify multiple filters (e.g., the Internet gateway is attached
        to a particular VPC and is tagged with a particular value). The result
        includes information for a particular Internet gateway only if the
        gateway matches all your filters. If there's no match, no special
        message is returned; the response is simply empty.

        You can use wildcards with the filter values: an asterisk matches zero
        or more characters, and ?matches exactly one character. You can
        escape special characters using a backslash before the character. For
        example, a value of \*amazon\?\\ searches for the literal string
        *amazon?\.

    describe-key-pairs

        The DescribeKeyPairs operation returns information about key pairs
        available to you. If you specify key pairs, information about those key
        pairs is returned. Otherwise, information for all registered key pairs
        is returned.

    describe-licenses

        Provides details of a user's registered licenses. Zero or more IDs may
        be specified on the call. When one or more license IDs are specified,
        only data for the specified IDs are returned.

    describe-network-acls

        Gives you information about the network ACLs in your VPC. You can filter
        the results to return information only about ACLs that match criteria
        you specify. For example, you could get information only the ACL
        associated with a particular subnet. The ACL must match at least one of
        the specified values for it to be included in the results.

        You can specify multiple filters (e.g., the ACL is associated with a
        particular subnet and has an egress entry that denies traffic to a
        particular port). The result includes information for a particular ACL
        only if it matches all your filters. If there's no match, no special
        message is returned; the response is simply empty.

        You can use wildcards with the filter values: an asterisk matches zero
        or more characters, and? matches exactly one character. You can
        escape special characters using a backslash before the character. For
        example, a value of \*amazon\?\\ searches for the literal string
        *amazon?\.

    describe-network-interface-attribute
    describe-network-interfaces
    describe-placement-groups

        Returns information about one or more PlacementGroup instances
        in a user's account.

    describe-regions

        The DescribeRegions operation describes regions zones that are currently
        available to the account.

    describe-reserved-instances

        The DescribeReservedInstances operation describes Reserved Instances
        that were purchased for use with your account.

    describe-reserved-instances-listings
    describe-reserved-instances-offerings

        The DescribeReservedInstancesOfferings operation describes Reserved
        Instance offerings that are available for purchase. With Amazon EC2
        Reserved Instances, you purchase the right to launch Amazon EC2
        instances for a period of time (without getting insufficient capacity
        errors) and pay a lower usage rate for the actual time used.

    describe-route-tables

        Gives you information about your route tables. You can filter the
        results to return information only about tables that match criteria you
        specify. For example, you could get information only about a table
        associated with a particular subnet. You can specify multiple values for
        the filter. The table must match at least one of the specified values
        for it to be included in the results.

        You can specify multiple filters (e.g., the table has a particular
        route, and is associated with a particular subnet). The result includes
        information for a particular table only if it matches all your filters.
        If there's no match, no special message is returned; the response is
        simply empty.

        You can use wildcards with the filter values: an asterisk matches zero
        or more characters, and? matches exactly one character. You can
        escape special characters using a backslash before the character. For
        example, a value of \*amazon\?\\ searches for the literal string
        *amazon?\.

    describe-security-groups

        The DescribeSecurityGroups operation returns information about security
        groups that you own.

        If you specify security group names, information about those security
        group is returned. Otherwise, information for all security group is
        returned. If you specify a group that does not exist, a fault is
        returned.

    describe-snapshot-attribute

        Returns information about an attribute of a snapshot. Only one attribute
        can be specified per call.

    describe-snapshots

        Returns information about the Amazon EBS snapshots available to you.
        Snapshots available to you include public snapshots available for any
        AWS account to launch, private snapshots you own, and private snapshots
        owned by another AWS account but for which you've been given explicit
        create volume permissions.

    describe-spot-datafeed-subscription

        Describes the data feed for Spot Instances.

        For conceptual information about Spot Instances, refer to the Amazon
        Elastic Compute Cloud Developer Guide  or Amazon Elastic Compute
        Cloud User Guide .

    describe-spot-instance-requests

        Describes Spot Instance requests. Spot Instances are instances that
        Amazon EC2 starts on your behalf when the maximum price that you specify
        exceeds the current Spot Price. Amazon EC2 periodically sets the Spot
        Price based on available Spot Instance capacity and current spot
        instance requests. For conceptual information about Spot Instances,
        refer to theAmazon Elastic Compute Cloud Developer
        GuideorAmazon Elastic Compute Cloud User Guide.

        You can filter the results to return information only about Spot
        Instance requests that match criteria you specify. For example, you
        could get information about requests where the Spot Price you specified
        is a certain value (you can't use greater than or less than comparison,
        but you can use * and ? wildcards). You can specify
        multiple values for a filter. A Spot Instance request must match at
        least one of the specified values for it to be included in the results.

        You can specify multiple filters (e.g., the Spot Price is equal to a
        particular value, and the instance type is m1.small). The result
        includes information for a particular request only if it matches all
        your filters. If there's no match, no special message is returned; the
        response is simply empty.

        You can use wildcards with the filter values: an asterisk matches zero
        or more characters, and ? matches exactly one character. You can
        escape special characters using a backslash before the character. For
        example, a value of \*amazon\?\\ searches for the literal string
        *amazon?\.

    describe-spot-price-history

        Describes the Spot Price history.

        Spot Instances are instances that Amazon EC2 starts on your behalf when
        the maximum price that you specify exceeds the current Spot Price.
        Amazon EC2 periodically sets the Spot Price based on available Spot
        Instance capacity and current spot instance requests.

        For conceptual information about Spot Instances, refer to the Amazon
        Elastic Compute Cloud Developer Guide  or Amazon Elastic Compute
        Cloud User Guide .

    describe-subnets

        Gives you information about your subnets. You can filter the results to
        return information only about subnets that match criteria you specify.

        For example, you could ask to get information about a particular subnet
        (or all) only if the subnet's state is available. You can specify
        multiple filters (e.g., the subnet is in a particular VPC, and the
        subnet's state is available).

        The result includes information for a particular subnet only if the
        subnet matches all your filters. If there's no match, no special message
        is returned; the response is simply empty. The following table shows the
        available filters.

    describe-tags

        Describes the tags for the specified resources.

    describe-volume-attribute
    describe-volume-status

        Describes the status of a volume.

    describe-volumes

        Describes the status of the indicated volume or, in lieu of any
        specified, all volumes belonging to the caller. Volumes that have been
        deleted are not described.

    describe-vpcs

        Gives you information about your VPCs. You can filter the results to
        return information only about VPCs that match criteria you specify.

        For example, you could ask to get information about a particular VPC or
        VPCs (or all your VPCs) only if the VPC's state is available. You can
        specify multiple filters (e.g., the VPC uses one of several sets of DHCP
        options, and the VPC's state is available). The result includes
        information for a particular VPC only if the VPC matches all your
        filters.

        If there's no match, no special message is returned; the response is
        simply empty. The following table shows the available filters.

    describe-vpn-connections

        Gives you information about your VPN connections.

        We strongly recommend you use HTTPS when calling this operation because
        the response contains sensitive cryptographic information for
        configuring your customer gateway.

        You can filter the results to return information only about VPN
        connections that match criteria you specify. For example, you could ask
        to get information about a particular VPN connection (or all) only if
        the VPN's state is pending or available. You can specify multiple
        filters (e.g., the VPN connection is associated with a particular VPN
        gateway, and the gateway's state is pending or available). The result
        includes information for a particular VPN connection only if the VPN
        connection matches all your filters. If there's no match, no special
        message is returned; the response is simply empty. The following table
        shows the available filters.

    describe-vpn-gateways

        Gives you information about your VPN gateways. You can filter the
        results to return information only about VPN gateways that match
        criteria you specify.

        For example, you could ask to get information about a particular VPN
        gateway (or all) only if the gateway's state is pending or available.
        You can specify multiple filters (e.g., the VPN gateway is in a
        particular Availability Zone and the gateway's state is pending or
        available).

        The result includes information for a particular VPN gateway only if the
        gateway matches all your filters. If there's no match, no special
        message is returned; the response is simply empty. The following table
        shows the available filters.

    detach-internet-gateway

        Detaches an Internet gateway from a VPC, disabling connectivity between
        the Internet and the VPC. The VPC must not contain any running instances
        with elastic IP addresses. For more information about your VPC and
        Internet gateway, go to Amazon Virtual Private Cloud User Guide.

        For more information about Amazon Virtual Private Cloud and Internet
        gateways, go to the Amazon Virtual Private Cloud User Guide.

    detach-network-interface
    detach-volume

        Detach a previously attached volume from a running instance.

    detach-vpn-gateway

        Detaches a VPN gateway from a VPC. You do this if you're planning to
        turn off the VPC and not use it anymore. You can confirm a VPN gateway
        has been completely detached from a VPC by describing the VPN gateway
        (any attachments to the VPN gateway are also described).

        You must wait for the attachment's state to switch to detached before
        you can delete the VPC or attach a different VPC to the VPN gateway.

    disable-vgw-route-propagation
    disassociate-address

        The DisassociateAddress operation disassociates the specified elastic IP
        address from the instance to which it is assigned. This is an idempotent
        operation. If you enter it more than once, Amazon EC2 does not return an
        error.

    disassociate-route-table

        Disassociates a subnet from a route table.

        After you perform this action, the subnet no longer uses the routes in
        the route table. Instead it uses the routes in the VPC's main route
        table. For more information about route tables, go toRoute
        Tablesin the Amazon Virtual Private Cloud User Guide.

    enable-vgw-route-propagation
    enable-volume-io

        Enable IO on the volume after an event has occured.

    get-console-output

        The GetConsoleOutput operation retrieves console output for the
        specified instance.

        Instance console output is buffered and posted shortly after instance
        boot, reboot, and termination. Amazon EC2 preserves the most recent 64
        KB output which will be available for at least one hour after the most
        recent post.

    get-password-data

        Retrieves the encrypted administrator password for the instances running
        Windows. The Windows password is only generated the first time an AMI is
        launched. It is not generated for rebundled AMIs or after the password
        is changed on an instance. The password is encrypted using the key pair
        that you provided.

    import-instance
    import-key-pair

        Imports the public key from an RSA key pair created with a third-party
        tool. This operation differs from CreateKeyPair as the private
        key is never transferred between the caller and AWS servers.

        RSA key pairs are easily created on Microsoft Windows and Linux OS
        systems using the ssh-keygen command line tool provided with the
        standard OpenSSH installation. Standard library support for RSA key pair
        creation is also available for Java, Ruby, Python, and many other
        programming languages.

        The following formats are supported:

          * OpenSSH public key format,
          * Base64 encoded DER format.
          * SSH public key file format as specified in RFC4716 .
    import-volume
    modify-image-attribute

        The ModifyImageAttribute operation modifies an attribute of an AMI.

    modify-instance-attribute

        Modifies an attribute of an instance.

    modify-network-interface-attribute
    modify-snapshot-attribute

        Adds or remove permission settings for the specified snapshot.

    modify-volume-attribute
    monitor-instances

        Enables monitoring for a running instance.

    purchase-reserved-instances-offering

        The PurchaseReservedInstancesOffering operation purchases a Reserved
        Instance for use with your account. With Amazon EC2 Reserved Instances,
        you purchase the right to launch Amazon EC2 instances for a period of
        time (without getting insufficient capacity errors) and pay a lower
        usage rate for the actual time used.

    reboot-instances

        The RebootInstances operation requests a reboot of one or more
        instances. This operation is asynchronous; it only queues a request to
        reboot the specified instance(s). The operation will succeed if the
        instances are valid and belong to the user. Requests to reboot
        terminated instances are ignored.

    register-image

        The RegisterImage operation registers an AMI with Amazon EC2. Images
        must be registered before they can be launched. For more information,
        see RunInstances.

        Each AMI is associated with an unique ID which is provided by the Amazon
        EC2 service through the RegisterImage operation. During registration,
        Amazon EC2 retrieves the specified image manifest from Amazon S3 and
        verifies that the image is owned by the user registering the image.

        The image manifest is retrieved once and stored within the Amazon EC2.
        Any modifications to an image in Amazon S3 invalidates this
        registration. If you make changes to an image, deregister the previous
        image and register the new image. For more information, see
        DeregisterImage.

    release-address

        The ReleaseAddress operation releases an elastic IP address associated
        with your account. Releasing an IP address automatically disassociates
        it from any instance with which it is associated. For more information,
        see DisassociateAddress.

        After releasing an elastic IP address, it is released to the IP address
        pool and might no longer be available to your account. Make sure to
        update your DNS records and any servers or devices that communicate with
        the address.

        If you run this operation on an elastic IP address that is already
        released, the address might be assigned to another account which will
        cause Amazon EC2 to return an error.

    replace-network-acl-association

        Changes which network ACL a subnet is associated with. By default when
        you create a subnet, it's automatically associated with the default
        network ACL. For more information about network ACLs, go to Network ACLs
        in the Amazon Virtual Private Cloud User Guide.

    replace-network-acl-entry

        Replaces an entry (i.e., rule) in a network ACL. For more information
        about network ACLs, go to Network ACLs in the Amazon Virtual Private
        Cloud User Guide.

    replace-route

        Replaces an existing route within a route table in a VPC. For more
        information about route tables, go toRoute Tablesin the Amazon
        Virtual Private Cloud User Guide.

    replace-route-table-association

        Changes the route table associated with a given subnet in a VPC. After
        you execute this action, the subnet uses the routes in the new route
        table it's associated with. For more information about route tables, go
        toRoute Tablesin the Amazon Virtual Private Cloud User Guide.

        You can also use this to change which table is the main route table in
        the VPC. You just specify the main route table's association ID and the
        route table that you want to be the new main route table.

    report-instance-status
    request-spot-instances

        Creates a Spot Instance request.

        Spot Instances are instances that Amazon EC2 starts on your behalf when
        the maximum price that you specify exceeds the current Spot Price.
        Amazon EC2 periodically sets the Spot Price based on available Spot
        Instance capacity and current spot instance requests.

        For conceptual information about Spot Instances, refer to the Amazon
        Elastic Compute Cloud Developer Guide  or Amazon Elastic Compute
        Cloud User Guide.

    reset-image-attribute

        The ResetImageAttribute operation resets an attribute of an AMI to its
        default value. The productCodes attribute cannot be reset.

    reset-instance-attribute

        Resets an attribute of an instance to its default value.

    reset-network-interface-attribute
    reset-snapshot-attribute

        Resets permission settings for the specified snapshot.

    revoke-security-group-egress

        This action applies only to security groups in a VPC. It doesn't work
        with EC2 security groups. For information about Amazon Virtual Private
        Cloud and VPC security groups, go to the Amazon Virtual Private Cloud
        User Guide.

        The action removes one or more egress rules from a VPC security group.
        The values that you specify in the revoke request (e.g., ports, etc.)
        must match the existing rule's values in order for the rule to be
        revoked.

        Each rule consists of the protocol, and the CIDR range or destination
        security group. For the TCP and UDP protocols, you must also specify the
        destination port or range of ports. For the ICMP protocol, you must also
        specify the ICMP type and code.

        Rule changes are propagated to instances within the security group as
        quickly as possible. However, a small delay might occur.

    revoke-security-group-ingress

        The RevokeSecurityGroupIngress operation revokes permissions from a
        security group. The permissions used to revoke must be specified using
        the same values used to grant the permissions.

        Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source
        of the request (by IP range or an Amazon EC2 user-group pair), the
        source and destination port ranges (for TCP and UDP), and the ICMP codes
        and types (for ICMP).

        Permission changes are quickly propagated to instances within the
        security group. However, depending on the number of instances in the
        group, a small delay might occur.

    run-instances

        The RunInstances operation launches a specified number of instances.

        If Amazon EC2 cannot launch the minimum number AMIs you request, no
        instances launch. If there is insufficient capacity to launch the
        maximum number of AMIs you request, Amazon EC2 launches as many as
        possible to satisfy the requested maximum values.

        Every instance is launched in a security group. If you do not specify a
        security group at launch, the instances start in your default security
        group. For more information on creating security groups, see
        CreateSecurityGroup.

        An optional instance type can be specified. For information about
        instance types, see Instance Types.

        You can provide an optional key pair ID for each image in the launch
        request (for more information, see CreateKeyPair). All instances that
        are created from images that use this key pair will have access to the
        associated public key at boot. You can use this key to provide secure
        access to an instance of an image on a per-instance basis. Amazon EC2
        public images use this feature to provide secure access without
        passwords.

        Launching public images without a key pair ID will leave them
        inaccessible.

        The public key material is made available to the instance at boot time
        by placing it in the openssh_id.pub file on a logical device
        that is exposed to the instance as /dev/sda2 (the ephemeral
        store). The format of this file is suitable for use as an entry within
        ~/.ssh/authorized_keys (the OpenSSH format). This can be done at
        boot (e.g., as part of rc.local) allowing for secure access
        without passwords.

        Optional user data can be provided in the launch request. All instances
        that collectively comprise the launch request have access to this data
        For more information, see Instance Metadata.  If any of the AMIs have a
        product code attached for which the user has not subscribed, the
        RunInstances call will fail.

        We strongly recommend using the 2.6.18 Xen stock kernel with the
        c1.medium and c1.xlarge instances. Although the default
        Amazon EC2 kernels will work, the new kernels provide greater stability
        and performance for these instance types. For more information about
        kernels, see Kernels, RAM Disks, and Block Device Mappings.

    start-instances

        Starts an instance that uses an Amazon EBS volume as its root device.
        Instances that use Amazon EBS volumes as their root devices can be
        quickly stopped and started. When an instance is stopped, the compute
        resources are released and you are not billed for hourly instance usage.
        However, your root partition Amazon EBS volume remains, continues to
        persist your data, and you are charged for Amazon EBS volume usage. You
        can restart your instance at any time.

        Performing this operation on an instance that uses an instance store as
        its root device returns an error.

    stop-instances

        Stops an instance that uses an Amazon EBS volume as its root device.
        Instances that use Amazon EBS volumes as their root devices can be
        quickly stopped and started. When an instance is stopped, the compute
        resources are released and you are not billed for hourly instance usage.
        However, your root partition Amazon EBS volume remains, continues to
        persist your data, and you are charged for Amazon EBS volume usage. You
        can restart your instance at any time.

        Before stopping an instance, make sure it is in a state from which it
        can be restarted. Stopping an instance does not preserve data stored in
        RAM.

        Performing this operation on an instance that uses an instance store as
        its root device returns an error.

    terminate-instances

        The TerminateInstances operation shuts down one or more instances. This
        operation is idempotent; if you terminate an instance more than once,
        each call will succeed.

        Terminated instances will remain visible after termination
        (approximately one hour).

    unassign-private-ip-addresses
    unmonitor-instances

        Disables monitoring for a running instance.