AWS CLIを使ってみる。
新しいAWS CLIが出ていたので試してみました。(2013/02/08現在)
Amazon Linuxで以下の手順でインストールしてます。
sudo easy_install awscli
次にawscliconfig.txtを作成して、以下のように書き込みます。
aws_access_key_id = AKIAJFLJI2KDXLJIYVCA aws_secret_access_key = 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 region = ap-northeast-1
AWS_CONFIG_FILE環境変数を以下のように設定
export AWS_CONFIG_FILE=/home/ec2-user/awscliconfig.txt
以上で準備完了。
早速、コマンドを実行してみると、
aws ec2 describe-instances $ aws ec2 describe-instances { "reservationSet": [ { "ownerId": xxxx.......
というJSON形式で表示される。
以下のように--output text でテキスト形式での出力も可能
aws ec2 describe-instances --output text 8d403395-265f-480b-a96a-cda801cae99a XXXXXXXXXXXXX r-21297821 Vyatta sg-XXXXXXXXXX aki-d609a2d7 i-555555555 ami-0ce9430d ap-northeast IuAhY1344502383480 0 t1.micro
ちなみに、helpコマンドでどんなコマンドが実行できるか確認してみた。
$ aws help aws The AWS Command Line Interface is a unified tool that provides a consistent interface for interacting with all parts of AWS. aws [options] service operation [parameters] Use 'aws service help' for information on a specific service. Available services: * autoscaling * cloudformation * cloudwatch * directconnect * ec2 * elasticbeanstalk * elb * emr * iam * rds * s3 * ses * sns * sqs * sts Options --output <output_format> * json * text --region <region_name> * ap-northeast-1 * ap-southeast-1 * ap-southeast-2 * eu-west-1 * sa-east-1 * us-east-1 * us-gov-west-1 * us-west-1 * us-west-2 --no-verify-ssl Override default behavior of verifying SSL certificates --version Display the version of this tool --debug Turn on debug logging --profile <profile_name> Use a specific profile from your credential file --endpoint-url <endpoint_url> Override service's default URL with the given URL
EC2関連コマンドは下記
$ aws ec2 help NAME ec2 DESCRIPTION Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Amazon EC2's simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon's proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios. Visit http://aws.amazon.com/ec2/ for more information. activate-license Activates a specific number of licenses for a 90-day period. Activations can be done against a specific license ID. allocate-address The AllocateAddress operation acquires an elastic IP address for use with your account. assign-private-ip-addresses associate-address The AssociateAddress operation associates an elastic IP address with an instance. If the IP address is currently assigned to another instance, the IP address is assigned to the new instance. This is an idempotent operation. If you enter it more than once, Amazon EC2 does not return an error. associate-dhcp-options Associates a set of DHCP options (that you've previously created) with the specified VPC. Or, associates the default DHCP options with the VPC. The default set consists of the standard EC2 host name, no domain name, no DNS server, no NTP server, and no NetBIOS server or node type. After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. For more information about the supported DHCP options and using them with Amazon VPC, go to Using DHCP Options in the Amazon Virtual Private Cloud Developer Guide. associate-route-table Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. The action returns an association ID, which you need if you want to disassociate the route table from the subnet later. A route table can be associated with multiple subnets. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. attach-internet-gateway Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC. For more information about your VPC and Internet gateway, go to the Amazon Virtual Private Cloud User Guide. attach-network-interface attach-volume Attach a previously created volume to a running instance. attach-vpn-gateway Attaches a VPN gateway to a VPC. This is the last step required to get your VPC fully connected to your data center before launching instances in it. For more information, go to Process for Using Amazon VPC in the Amazon Virtual Private Cloud Developer Guide. authorize-security-group-egress This action applies only to security groups in a VPC; it's not supported for EC2 security groups. For information about Amazon Virtual Private Cloud and VPC security groups, go to the Amazon Virtual Private Cloud User Guide. The action adds one or more egress rules to a VPC security group. Specifically, this permits instances in a security group to send traffic to either one or more destination CIDR IP address ranges, or to one or more destination security groups in the same VPC. Each rule consists of the protocol (e.g., TCP), plus either a CIDR range, or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 as a wildcard for the ICMP type or code. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. Important:For VPC security groups: You can have up to 50 rules total per group (covering both ingress and egress). authorize-security-group-ingress The AuthorizeSecurityGroupIngress operation adds permissions to a security group. Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields. Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur. bundle-instance The BundleInstance operation request that an instance is bundled the next time it boots. The bundling process creates a new image from a running instance and stores the AMI data in S3. Once bundled, the image must be registered in the normal way using the RegisterImage API. cancel-bundle-task CancelBundleTask operation cancels a pending or in-progress bundling task. This is an asynchronous call and it make take a while for the task to be canceled. If a task is canceled while it is storing items, there may be parts of the incomplete AMI stored in S3. It is up to the caller to clean up these parts from S3. cancel-conversion-task cancel-export-task cancel-reserved-instances-listing cancel-spot-instance-requests Cancels one or more Spot Instance requests. Spot Instances are instances that Amazon EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current spot instance requests. For conceptual information about Spot Instances, refer to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide . confirm-product-instance The ConfirmProductInstance operation returns true if the specified product code is attached to the specified instance. The operation returns false if the product code is not attached to the instance. The ConfirmProductInstance operation can only be executed by the owner of the AMI. This feature is useful when an AMI owner is providing support and wants to verify whether a user's instance is eligible. copy-snapshot create-customer-gateway Provides information to AWS about your customer gateway device. The customer gateway is the appliance at your end of the VPN connection (compared to the VPN gateway, which is the device at the AWS side of the VPN connection). You can have a single active customer gateway per AWS account (active means that you've created a VPN connection to use with the customer gateway). AWS might delete any customer gateway that you create with this operation if you leave it inactive for an extended period of time. You must provide the Internet-routable IP address of the customer gateway's external interface. The IP address must be static. You must also provide the device's Border Gateway Protocol (BGP) Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don't have an ASN already, you can use a private ASN (in the 64512 - 65534 range). For more information about ASNs, go to http://en.wikipedia.org/wiki/Autonomous_system_%28Internet%29. create-dhcp-options Creates a set of DHCP options that you can then associate with one or more VPCs, causing all existing and new instances that you launch in those VPCs to use the set of DHCP options. The following table lists the individual DHCP options you can specify. For more information about the options, go to http://www.ietf.org/rfc/rfc2132.txt create-image Creates an Amazon EBS-backed AMI from a "running" or "stopped" instance. AMIs that use an Amazon EBS root device boot faster than AMIs that use instance stores. They can be up to 1 TiB in size, use storage that persists on instance failure, and can be stopped and started. create-instance-export-task create-internet-gateway Creates a new Internet gateway in your AWS account. After creating the Internet gateway, you then attach it to a VPC using AttachInternetGateway. For more information about your VPC and Internet gateway, go to Amazon Virtual Private Cloud User Guide. create-key-pair The CreateKeyPair operation creates a new 2048 bit RSA key pair and returns a unique ID that can be used to reference this key pair when launching new instances. For more information, see RunInstances. create-network-acl Creates a new network ACL in a VPC. Network ACLs provide an optional layer of security (on top of security groups) for the instances in your VPC. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide. create-network-acl-entry Creates an entry (i.e., rule) in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, Amazon VPC processes the entries in the ACL according to the rule numbers, in ascending order. Important:We recommend that you leave room between the rules (e.g., 100, 110, 120, etc.), and not number them sequentially (101, 102, 103, etc.). This allows you to easily add a new rule between existing ones without having to renumber the rules. After you add an entry, you can't modify it; you must either replace it, or create a new entry and delete the old one. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide. create-network-interface create-placement-group Creates a PlacementGroup into which multiple Amazon EC2 instances can be launched. Users must give the group a name unique within the scope of the user account. create-reserved-instances-listing create-route Creates a new route in a route table within a VPC. The route's target can be either a gateway attached to the VPC or a NAT instance in the VPC. When determining how to route traffic, we use the route with the most specific match. For example, let's say the traffic is destined for 192.0.2.3, and the route table includes the following two routes: * 192.0.2.0/24 (goes to some target A) * 192.0.2.0/28 (goes to some target B) Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list is more specific, so we use that route to determine where to target the traffic. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. create-route-table Creates a new route table within a VPC. After you create a new route table, you can add routes and associate the table with a subnet. For more information about route tables, go to Route Tablesin the Amazon Virtual Private Cloud User Guide. create-security-group The CreateSecurityGroup operation creates a new security group. Every instance is launched in a security group. If no security group is specified during launch, the instances are launched in the default security group. Instances within the same security group have unrestricted network access to each other. Instances will reject network access attempts from other instances in a different security group. As the owner of instances you can grant or revoke specific permissions using the AuthorizeSecurityGroupIngress and RevokeSecurityGroupIngress operations. create-snapshot Create a snapshot of the volume identified by volume ID. A volume does not have to be detached at the time the snapshot is taken. Snapshot creation requires that the system is in a consistent state. For instance, this means that if taking a snapshot of a database, the tables must be read-only locked to ensure that the snapshot will not contain a corrupted version of the database. Therefore, be careful when using this API to ensure that the system remains in the consistent state until the create snapshot status has returned. create-spot-datafeed-subscription Creates the data feed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one data feed per account. For conceptual information about Spot Instances, refer to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide . create-subnet Creates a subnet in an existing VPC. You can create up to 20 subnets in a VPC. If you add more than one subnet to a VPC, they're set up in a star topology with a logical router in the middle. When you create each subnet, you provide the VPC ID and the CIDR block you want for the subnet. Once you create a subnet, you can't change its CIDR block. The subnet's CIDR block can be the same as the VPC's CIDR block (assuming you want only a single subnet in the VPC), or a subset of the VPC's CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap. The smallest subnet (and VPC) you can create uses a /28 netmask (16 IP addresses), and the largest uses a /18 netmask (16,384 IP addresses). AWS reserves both the first four and the last IP address in each subnet's CIDR block. They're not available for use. create-tags Adds or overwrites tags for the specified resources. Each resource can have a maximum of 10 tags. Each tag consists of a key-value pair. Tag keys must be unique per resource. create-volume Initializes an empty volume of a given size. create-vpc Creates a VPC with the CIDR block you specify. The smallest VPC you can create uses a /28 netmask (16 IP addresses), and the largest uses a /18 netmask (16,384 IP addresses). To help you decide how big to make your VPC, go to the topic about creating VPCs in the Amazon Virtual Private Cloud Developer Guide. By default, each instance you launch in the VPC has the default DHCP options (the standard EC2 host name, no domain name, no DNS server, no NTP server, and no NetBIOS server or node type). create-vpn-connection Creates a new VPN connection between an existing VPN gateway and customer gateway. The only supported connection type is ipsec.1. The response includes information that you need to configure your customer gateway, in XML format. We recommend you use the command line version of this operation (ec2-create-vpn-connection), which takes an -f option (for format) and returns configuration information formatted as expected by the vendor you specified, or in a generic, human readable format. For information about the command, go to ec2-create-vpn-connection in the Amazon Virtual Private Cloud Command Line Reference. We strongly recommend you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway. If you decide to shut down your VPN connection for any reason and then create a new one, you must re-configure your customer gateway with the new information returned from this call. create-vpn-connection-route create-vpn-gateway Creates a new VPN gateway. A VPN gateway is the VPC-side endpoint for your VPN connection. You can create a VPN gateway before creating the VPC itself. deactivate-license Deactivates a specific number of licenses. Deactivations can be done against a specific license ID after they have persisted for at least a 90-day period. delete-customer-gateway Deletes a customer gateway. You must delete the VPN connection before deleting the customer gateway. You can have a single active customer gateway per AWS account (active means that you've created a VPN connection with that customer gateway). AWS might delete any customer gateway you leave inactive for an extended period of time. delete-dhcp-options Deletes a set of DHCP options that you specify. Amazon VPC returns an error if the set of options you specify is currently associated with a VPC. You can disassociate the set of options by associating either a new set of options or the default options with the VPC. delete-internet-gateway Deletes an Internet gateway from your AWS account. The gateway must not be attached to a VPC. For more information about your VPC and Internet gateway, go to Amazon Virtual Private Cloud User Guide. delete-key-pair The DeleteKeyPair operation deletes a key pair. delete-network-acl Deletes a network ACL from a VPC. The ACL must not have any subnets associated with it. You can't delete the default network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide. delete-network-acl-entry Deletes an ingress or egress entry (i.e., rule) from a network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide. delete-network-interface delete-placement-group Deletes a PlacementGroup from a user's account. Terminate all Amazon EC2 instances in the placement group before deletion. delete-route Deletes a route from a route table in a VPC. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. delete-route-table Deletes a route table from a VPC. The route table must not be associated with a subnet. You can't delete the main route table. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. delete-security-group The DeleteSecurityGroup operation deletes a security group. If you attempt to delete a security group that contains instances, a fault is returned. If you attempt to delete a security group that is referenced by another security group, a fault is returned. For example, if security group B has a rule that allows access from security group A, security group A cannot be deleted until the allow rule is removed. delete-snapshot Deletes the snapshot identified by snapshotId. delete-spot-datafeed-subscription Deletes the data feed for Spot Instances. For conceptual information about Spot Instances, refer to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide . delete-subnet Deletes a subnet from a VPC. You must terminate all running instances in the subnet before deleting it, otherwise Amazon VPC returns an error. delete-tags Deletes tags from the specified Amazon EC2 resources. delete-volume Deletes a previously created volume. Once successfully deleted, a new volume can be created with the same name. delete-vpc Deletes a VPC. You must detach or delete all gateways or other objects that are dependent on the VPC first. For example, you must terminate all running instances, delete all VPC security groups (except the default), delete all the route tables (except the default), etc. delete-vpn-connection Deletes a VPN connection. Use this if you want to delete a VPC and all its associated components. Another reason to use this operation is if you believe the tunnel credentials for your VPN connection have been compromised. In that situation, you can delete the VPN connection and create a new one that has new keys, without needing to delete the VPC or VPN gateway. If you create a new VPN connection, you must reconfigure the customer gateway using the new configuration information returned with the new VPN connection ID. If you're deleting the VPC and all its associated parts, we recommend you detach the VPN gateway from the VPC and delete the VPC before deleting the VPN connection. delete-vpn-connection-route delete-vpn-gateway Deletes a VPN gateway. Use this when you want to delete a VPC and all its associated components because you no longer need them. We recommend that before you delete a VPN gateway, you detach it from the VPC and delete the VPN connection. Note that you don't need to delete the VPN gateway if you just want to delete and re-create the VPN connection between your VPC and data center. deregister-image The DeregisterImage operation deregisters an AMI. Once deregistered, instances of the AMI can no longer be launched. describe-addresses The DescribeAddresses operation lists elastic IP addresses assigned to your account. describe-availability-zones The DescribeAvailabilityZones operation describes availability zones that are currently available to the account and their states. Availability zones are not the same across accounts. The availability zone us-east-1a for account A is not necessarily the same as us-east-1a for account B. Zone assignments are mapped independently for each account. describe-bundle-tasks The DescribeBundleTasks operation describes in-progress and recent bundle tasks. Complete and failed tasks are removed from the list a short time after completion. If no bundle ids are given, all bundle tasks are returned. describe-conversion-tasks describe-customer-gateways Gives you information about your customer gateways. You can filter the results to return information only about customer gateways that match criteria you specify. For example, you could ask to get information about a particular customer gateway (or all) only if the gateway's state is pending or available. You can specify multiple filters (e.g., the customer gateway has a particular IP address for the Internet-routable external interface, and the gateway's state is pending or available). The result includes information for a particular customer gateway only if the gateway matches all your filters. If there's no match, no special message is returned; the response is simply empty. The following table shows the available filters. describe-dhcp-options Gives you information about one or more sets of DHCP options. You can specify one or more DHCP options set IDs, or no IDs (to describe all your sets of DHCP options). The returned information consists of: * The DHCP options set ID * The options describe-export-tasks describe-image-attribute The DescribeImageAttribute operation returns information about an attribute of an AMI. Only one attribute can be specified per call. describe-images The DescribeImages operation returns information about AMIs, AKIs, and ARIs available to the user. Information returned includes image type, product codes, architecture, and kernel and RAM disk IDs. Images available to the user include public images available for any user to launch, private images owned by the user making the request, and private images owned by other users for which the user has explicit launch permissions. Launch permissions fall into three categories: * Public:The owner of the AMI granted launch permissions for the AMI to the all group. All users have launch permissions for these AMIs. * Explicit:The owner of the AMI granted launch permissions to a specific user. * Implicit:A user has implicit launch permissions for all AMIs he or she owns. The list of AMIs returned can be modified by specifying AMI IDs, AMI owners, or users with launch permissions. If no options are specified, Amazon EC2 returns all AMIs for which the user has launch permissions. If you specify one or more AMI IDs, only AMIs that have the specified IDs are returned. If you specify an invalid AMI ID, a fault is returned. If you specify an AMI ID for which you do not have access, it will not be included in the returned results. If you specify one or more AMI owners, only AMIs from the specified owners and for which you have access are returned. The results can include the account IDs of the specified owners, amazon for AMIs owned by Amazon or self for AMIs that you own. If you specify a list of executable users, only users that have launch permissions for the AMIs are returned. You can specify account IDs (if you own the AMI(s)), self for AMIs for which you own or have explicit permissions, or all for public AMIs. Deregistered images are included in the returned results for an unspecified interval after deregistration. describe-instance-attribute Returns information about an attribute of an instance. Only one attribute can be specified per call. describe-instance-status Describes the status of an Amazon Elastic Compute Cloud (Amazon EC2) instance. Instance status provides information about two types of scheduled events for an instance that may require your attention: * Scheduled Reboot: When Amazon EC2 determines that an instance must be rebooted, the instance's status will return one of two event codes: system-reboot or instance-reboot. System reboot commonly occurs if certain maintenance or upgrade operations require a reboot of the underlying host that supports an instance. Instance reboot commonly occurs if the instance must be rebooted, rather than the underlying host. Rebooting events include a scheduled start and end time. * Scheduled Retirement: When Amazon EC2 determines that an instance must be shut down, the instance's status will return an event code called instance-retirement. Retirement commonly occurs when the underlying host is degraded and must be replaced. Retirement events include a scheduled start and end time. You're also notified by email if one of your instances is set to retiring. The email message indicates when your instance will be permanently retired. If your instance is permanently retired, it will not be restarted. You can avoid retirement by manually restarting your instance when its event code is instance-retirement. This ensures that your instance is started on a healthy host. DescribeInstanceStatus returns information only for instances in the running state. You can filter the results to return information only about instances that match criteria you specify. For example, you could get information about instances in a specific Availability Zone. You can specify multiple values for a filter (e.g., more than one Availability Zone). An instance must match at least one of the specified values for it to be included in the results. You can specify multiple filters. An instance must match all the filters for it to be included in the results. If there's no match, no special message is returned; the response is simply empty. You can use wildcards with the filter values: * matches zero or more characters, and ? matches exactly one character. You can escape special characters using a backslash before the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\. The following filters are available: * availability-zone - Filter on an instance's availability zone. * instance-state-name - Filter on the intended state of the instance, e.g., running. * instance-state-code - Filter on the intended state code of the instance, e.g., 16. describe-instances The DescribeInstances operation returns information about instances that you own. If you specify one or more instance IDs, Amazon EC2 returns information for those instances. If you do not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an invalid instance ID, a fault is returned. If you specify an instance that you do not own, it will not be included in the returned results. Recently terminated instances might appear in the returned results. This interval is usually less than one hour. describe-internet-gateways Gives you information about your Internet gateways. You can filter the results to return information only about Internet gateways that match criteria you specify. For example, you could get information only about gateways with particular tags. The Internet gateway must match at least one of the specified values for it to be included in the results. You can specify multiple filters (e.g., the Internet gateway is attached to a particular VPC and is tagged with a particular value). The result includes information for a particular Internet gateway only if the gateway matches all your filters. If there's no match, no special message is returned; the response is simply empty. You can use wildcards with the filter values: an asterisk matches zero or more characters, and ?matches exactly one character. You can escape special characters using a backslash before the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\. describe-key-pairs The DescribeKeyPairs operation returns information about key pairs available to you. If you specify key pairs, information about those key pairs is returned. Otherwise, information for all registered key pairs is returned. describe-licenses Provides details of a user's registered licenses. Zero or more IDs may be specified on the call. When one or more license IDs are specified, only data for the specified IDs are returned. describe-network-acls Gives you information about the network ACLs in your VPC. You can filter the results to return information only about ACLs that match criteria you specify. For example, you could get information only the ACL associated with a particular subnet. The ACL must match at least one of the specified values for it to be included in the results. You can specify multiple filters (e.g., the ACL is associated with a particular subnet and has an egress entry that denies traffic to a particular port). The result includes information for a particular ACL only if it matches all your filters. If there's no match, no special message is returned; the response is simply empty. You can use wildcards with the filter values: an asterisk matches zero or more characters, and? matches exactly one character. You can escape special characters using a backslash before the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\. describe-network-interface-attribute describe-network-interfaces describe-placement-groups Returns information about one or more PlacementGroup instances in a user's account. describe-regions The DescribeRegions operation describes regions zones that are currently available to the account. describe-reserved-instances The DescribeReservedInstances operation describes Reserved Instances that were purchased for use with your account. describe-reserved-instances-listings describe-reserved-instances-offerings The DescribeReservedInstancesOfferings operation describes Reserved Instance offerings that are available for purchase. With Amazon EC2 Reserved Instances, you purchase the right to launch Amazon EC2 instances for a period of time (without getting insufficient capacity errors) and pay a lower usage rate for the actual time used. describe-route-tables Gives you information about your route tables. You can filter the results to return information only about tables that match criteria you specify. For example, you could get information only about a table associated with a particular subnet. You can specify multiple values for the filter. The table must match at least one of the specified values for it to be included in the results. You can specify multiple filters (e.g., the table has a particular route, and is associated with a particular subnet). The result includes information for a particular table only if it matches all your filters. If there's no match, no special message is returned; the response is simply empty. You can use wildcards with the filter values: an asterisk matches zero or more characters, and? matches exactly one character. You can escape special characters using a backslash before the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\. describe-security-groups The DescribeSecurityGroups operation returns information about security groups that you own. If you specify security group names, information about those security group is returned. Otherwise, information for all security group is returned. If you specify a group that does not exist, a fault is returned. describe-snapshot-attribute Returns information about an attribute of a snapshot. Only one attribute can be specified per call. describe-snapshots Returns information about the Amazon EBS snapshots available to you. Snapshots available to you include public snapshots available for any AWS account to launch, private snapshots you own, and private snapshots owned by another AWS account but for which you've been given explicit create volume permissions. describe-spot-datafeed-subscription Describes the data feed for Spot Instances. For conceptual information about Spot Instances, refer to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide . describe-spot-instance-requests Describes Spot Instance requests. Spot Instances are instances that Amazon EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current spot instance requests. For conceptual information about Spot Instances, refer to theAmazon Elastic Compute Cloud Developer GuideorAmazon Elastic Compute Cloud User Guide. You can filter the results to return information only about Spot Instance requests that match criteria you specify. For example, you could get information about requests where the Spot Price you specified is a certain value (you can't use greater than or less than comparison, but you can use * and ? wildcards). You can specify multiple values for a filter. A Spot Instance request must match at least one of the specified values for it to be included in the results. You can specify multiple filters (e.g., the Spot Price is equal to a particular value, and the instance type is m1.small). The result includes information for a particular request only if it matches all your filters. If there's no match, no special message is returned; the response is simply empty. You can use wildcards with the filter values: an asterisk matches zero or more characters, and ? matches exactly one character. You can escape special characters using a backslash before the character. For example, a value of \*amazon\?\\ searches for the literal string *amazon?\. describe-spot-price-history Describes the Spot Price history. Spot Instances are instances that Amazon EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current spot instance requests. For conceptual information about Spot Instances, refer to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide . describe-subnets Gives you information about your subnets. You can filter the results to return information only about subnets that match criteria you specify. For example, you could ask to get information about a particular subnet (or all) only if the subnet's state is available. You can specify multiple filters (e.g., the subnet is in a particular VPC, and the subnet's state is available). The result includes information for a particular subnet only if the subnet matches all your filters. If there's no match, no special message is returned; the response is simply empty. The following table shows the available filters. describe-tags Describes the tags for the specified resources. describe-volume-attribute describe-volume-status Describes the status of a volume. describe-volumes Describes the status of the indicated volume or, in lieu of any specified, all volumes belonging to the caller. Volumes that have been deleted are not described. describe-vpcs Gives you information about your VPCs. You can filter the results to return information only about VPCs that match criteria you specify. For example, you could ask to get information about a particular VPC or VPCs (or all your VPCs) only if the VPC's state is available. You can specify multiple filters (e.g., the VPC uses one of several sets of DHCP options, and the VPC's state is available). The result includes information for a particular VPC only if the VPC matches all your filters. If there's no match, no special message is returned; the response is simply empty. The following table shows the available filters. describe-vpn-connections Gives you information about your VPN connections. We strongly recommend you use HTTPS when calling this operation because the response contains sensitive cryptographic information for configuring your customer gateway. You can filter the results to return information only about VPN connections that match criteria you specify. For example, you could ask to get information about a particular VPN connection (or all) only if the VPN's state is pending or available. You can specify multiple filters (e.g., the VPN connection is associated with a particular VPN gateway, and the gateway's state is pending or available). The result includes information for a particular VPN connection only if the VPN connection matches all your filters. If there's no match, no special message is returned; the response is simply empty. The following table shows the available filters. describe-vpn-gateways Gives you information about your VPN gateways. You can filter the results to return information only about VPN gateways that match criteria you specify. For example, you could ask to get information about a particular VPN gateway (or all) only if the gateway's state is pending or available. You can specify multiple filters (e.g., the VPN gateway is in a particular Availability Zone and the gateway's state is pending or available). The result includes information for a particular VPN gateway only if the gateway matches all your filters. If there's no match, no special message is returned; the response is simply empty. The following table shows the available filters. detach-internet-gateway Detaches an Internet gateway from a VPC, disabling connectivity between the Internet and the VPC. The VPC must not contain any running instances with elastic IP addresses. For more information about your VPC and Internet gateway, go to Amazon Virtual Private Cloud User Guide. For more information about Amazon Virtual Private Cloud and Internet gateways, go to the Amazon Virtual Private Cloud User Guide. detach-network-interface detach-volume Detach a previously attached volume from a running instance. detach-vpn-gateway Detaches a VPN gateway from a VPC. You do this if you're planning to turn off the VPC and not use it anymore. You can confirm a VPN gateway has been completely detached from a VPC by describing the VPN gateway (any attachments to the VPN gateway are also described). You must wait for the attachment's state to switch to detached before you can delete the VPC or attach a different VPC to the VPN gateway. disable-vgw-route-propagation disassociate-address The DisassociateAddress operation disassociates the specified elastic IP address from the instance to which it is assigned. This is an idempotent operation. If you enter it more than once, Amazon EC2 does not return an error. disassociate-route-table Disassociates a subnet from a route table. After you perform this action, the subnet no longer uses the routes in the route table. Instead it uses the routes in the VPC's main route table. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. enable-vgw-route-propagation enable-volume-io Enable IO on the volume after an event has occured. get-console-output The GetConsoleOutput operation retrieves console output for the specified instance. Instance console output is buffered and posted shortly after instance boot, reboot, and termination. Amazon EC2 preserves the most recent 64 KB output which will be available for at least one hour after the most recent post. get-password-data Retrieves the encrypted administrator password for the instances running Windows. The Windows password is only generated the first time an AMI is launched. It is not generated for rebundled AMIs or after the password is changed on an instance. The password is encrypted using the key pair that you provided. import-instance import-key-pair Imports the public key from an RSA key pair created with a third-party tool. This operation differs from CreateKeyPair as the private key is never transferred between the caller and AWS servers. RSA key pairs are easily created on Microsoft Windows and Linux OS systems using the ssh-keygen command line tool provided with the standard OpenSSH installation. Standard library support for RSA key pair creation is also available for Java, Ruby, Python, and many other programming languages. The following formats are supported: * OpenSSH public key format, * Base64 encoded DER format. * SSH public key file format as specified in RFC4716 . import-volume modify-image-attribute The ModifyImageAttribute operation modifies an attribute of an AMI. modify-instance-attribute Modifies an attribute of an instance. modify-network-interface-attribute modify-snapshot-attribute Adds or remove permission settings for the specified snapshot. modify-volume-attribute monitor-instances Enables monitoring for a running instance. purchase-reserved-instances-offering The PurchaseReservedInstancesOffering operation purchases a Reserved Instance for use with your account. With Amazon EC2 Reserved Instances, you purchase the right to launch Amazon EC2 instances for a period of time (without getting insufficient capacity errors) and pay a lower usage rate for the actual time used. reboot-instances The RebootInstances operation requests a reboot of one or more instances. This operation is asynchronous; it only queues a request to reboot the specified instance(s). The operation will succeed if the instances are valid and belong to the user. Requests to reboot terminated instances are ignored. register-image The RegisterImage operation registers an AMI with Amazon EC2. Images must be registered before they can be launched. For more information, see RunInstances. Each AMI is associated with an unique ID which is provided by the Amazon EC2 service through the RegisterImage operation. During registration, Amazon EC2 retrieves the specified image manifest from Amazon S3 and verifies that the image is owned by the user registering the image. The image manifest is retrieved once and stored within the Amazon EC2. Any modifications to an image in Amazon S3 invalidates this registration. If you make changes to an image, deregister the previous image and register the new image. For more information, see DeregisterImage. release-address The ReleaseAddress operation releases an elastic IP address associated with your account. Releasing an IP address automatically disassociates it from any instance with which it is associated. For more information, see DisassociateAddress. After releasing an elastic IP address, it is released to the IP address pool and might no longer be available to your account. Make sure to update your DNS records and any servers or devices that communicate with the address. If you run this operation on an elastic IP address that is already released, the address might be assigned to another account which will cause Amazon EC2 to return an error. replace-network-acl-association Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide. replace-network-acl-entry Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide. replace-route Replaces an existing route within a route table in a VPC. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. replace-route-table-association Changes the route table associated with a given subnet in a VPC. After you execute this action, the subnet uses the routes in the new route table it's associated with. For more information about route tables, go toRoute Tablesin the Amazon Virtual Private Cloud User Guide. You can also use this to change which table is the main route table in the VPC. You just specify the main route table's association ID and the route table that you want to be the new main route table. report-instance-status request-spot-instances Creates a Spot Instance request. Spot Instances are instances that Amazon EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current spot instance requests. For conceptual information about Spot Instances, refer to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide. reset-image-attribute The ResetImageAttribute operation resets an attribute of an AMI to its default value. The productCodes attribute cannot be reset. reset-instance-attribute Resets an attribute of an instance to its default value. reset-network-interface-attribute reset-snapshot-attribute Resets permission settings for the specified snapshot. revoke-security-group-egress This action applies only to security groups in a VPC. It doesn't work with EC2 security groups. For information about Amazon Virtual Private Cloud and VPC security groups, go to the Amazon Virtual Private Cloud User Guide. The action removes one or more egress rules from a VPC security group. The values that you specify in the revoke request (e.g., ports, etc.) must match the existing rule's values in order for the rule to be revoked. Each rule consists of the protocol, and the CIDR range or destination security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. revoke-security-group-ingress The RevokeSecurityGroupIngress operation revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions. Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay might occur. run-instances The RunInstances operation launches a specified number of instances. If Amazon EC2 cannot launch the minimum number AMIs you request, no instances launch. If there is insufficient capacity to launch the maximum number of AMIs you request, Amazon EC2 launches as many as possible to satisfy the requested maximum values. Every instance is launched in a security group. If you do not specify a security group at launch, the instances start in your default security group. For more information on creating security groups, see CreateSecurityGroup. An optional instance type can be specified. For information about instance types, see Instance Types. You can provide an optional key pair ID for each image in the launch request (for more information, see CreateKeyPair). All instances that are created from images that use this key pair will have access to the associated public key at boot. You can use this key to provide secure access to an instance of an image on a per-instance basis. Amazon EC2 public images use this feature to provide secure access without passwords. Launching public images without a key pair ID will leave them inaccessible. The public key material is made available to the instance at boot time by placing it in the openssh_id.pub file on a logical device that is exposed to the instance as /dev/sda2 (the ephemeral store). The format of this file is suitable for use as an entry within ~/.ssh/authorized_keys (the OpenSSH format). This can be done at boot (e.g., as part of rc.local) allowing for secure access without passwords. Optional user data can be provided in the launch request. All instances that collectively comprise the launch request have access to this data For more information, see Instance Metadata. If any of the AMIs have a product code attached for which the user has not subscribed, the RunInstances call will fail. We strongly recommend using the 2.6.18 Xen stock kernel with the c1.medium and c1.xlarge instances. Although the default Amazon EC2 kernels will work, the new kernels provide greater stability and performance for these instance types. For more information about kernels, see Kernels, RAM Disks, and Block Device Mappings. start-instances Starts an instance that uses an Amazon EBS volume as its root device. Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for hourly instance usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Performing this operation on an instance that uses an instance store as its root device returns an error. stop-instances Stops an instance that uses an Amazon EBS volume as its root device. Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for hourly instance usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM. Performing this operation on an instance that uses an instance store as its root device returns an error. terminate-instances The TerminateInstances operation shuts down one or more instances. This operation is idempotent; if you terminate an instance more than once, each call will succeed. Terminated instances will remain visible after termination (approximately one hour). unassign-private-ip-addresses unmonitor-instances Disables monitoring for a running instance.