AWS CLIを使ってみる。
新しいAWS CLIが出ていたので試してみました。(2013/02/08現在)
Amazon Linuxで以下の手順でインストールしてます。
sudo easy_install awscli
次にawscliconfig.txtを作成して、以下のように書き込みます。
aws_access_key_id = AKIAJFLJI2KDXLJIYVCA aws_secret_access_key = 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 region = ap-northeast-1
AWS_CONFIG_FILE環境変数を以下のように設定
export AWS_CONFIG_FILE=/home/ec2-user/awscliconfig.txt
以上で準備完了。
早速、コマンドを実行してみると、
aws ec2 describe-instances
$ aws ec2 describe-instances
{
"reservationSet": [
{
"ownerId": xxxx.......というJSON形式で表示される。
以下のように--output text でテキスト形式での出力も可能
aws ec2 describe-instances --output text 8d403395-265f-480b-a96a-cda801cae99a XXXXXXXXXXXXX r-21297821 Vyatta sg-XXXXXXXXXX aki-d609a2d7 i-555555555 ami-0ce9430d ap-northeast IuAhY1344502383480 0 t1.micro
ちなみに、helpコマンドでどんなコマンドが実行できるか確認してみた。
$ aws help
aws
The AWS Command Line Interface is a unified tool that provides a consistent
interface for interacting with all parts of AWS.
aws [options] service operation [parameters]
Use 'aws service help' for information on a specific
service.
Available services:
* autoscaling
* cloudformation
* cloudwatch
* directconnect
* ec2
* elasticbeanstalk
* elb
* emr
* iam
* rds
* s3
* ses
* sns
* sqs
* sts
Options
--output <output_format>
* json
* text
--region <region_name>
* ap-northeast-1
* ap-southeast-1
* ap-southeast-2
* eu-west-1
* sa-east-1
* us-east-1
* us-gov-west-1
* us-west-1
* us-west-2
--no-verify-ssl
Override default behavior of verifying SSL certificates
--version
Display the version of this tool
--debug
Turn on debug logging
--profile <profile_name>
Use a specific profile from your credential file
--endpoint-url <endpoint_url>
Override service's default URL with the given URLEC2関連コマンドは下記
$ aws ec2 help
NAME
ec2
DESCRIPTION
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides
resizable compute capacity in the cloud. It is designed to make web-scale
computing easier for developers.
Amazon EC2's simple web service interface allows you to obtain and configure
capacity with minimal friction. It provides you with complete control of
your computing resources and lets you run on Amazon's proven computing
environment. Amazon EC2 reduces the time required to obtain and boot new
server instances to minutes, allowing you to quickly scale capacity, both up
and down, as your computing requirements change. Amazon EC2 changes the
economics of computing by allowing you to pay only for capacity that you
actually use. Amazon EC2 provides developers the tools to build failure
resilient applications and isolate themselves from common failure scenarios.
Visit http://aws.amazon.com/ec2/ for more information.
activate-license
Activates a specific number of licenses for a 90-day period. Activations
can be done against a specific license ID.
allocate-address
The AllocateAddress operation acquires an elastic IP address for use
with your account.
assign-private-ip-addresses
associate-address
The AssociateAddress operation associates an elastic IP address with an
instance.
If the IP address is currently assigned to another instance, the IP
address is assigned to the new instance. This is an idempotent
operation. If you enter it more than once, Amazon EC2 does not return an
error.
associate-dhcp-options
Associates a set of DHCP options (that you've previously created) with
the specified VPC. Or, associates the default DHCP options with the VPC.
The default set consists of the standard EC2 host name, no domain name,
no DNS server, no NTP server, and no NetBIOS server or node type. After
you associate the options with the VPC, any existing instances and all
new instances that you launch in that VPC use the options. For more
information about the supported DHCP options and using them with Amazon
VPC, go to Using DHCP Options in the Amazon Virtual Private Cloud
Developer Guide.
associate-route-table
Associates a subnet with a route table. The subnet and route table must
be in the same VPC. This association causes traffic originating from the
subnet to be routed according to the routes in the route table. The
action returns an association ID, which you need if you want to
disassociate the route table from the subnet later. A route table can be
associated with multiple subnets.
For more information about route tables, go toRoute Tablesin the
Amazon Virtual Private Cloud User Guide.
attach-internet-gateway
Attaches an Internet gateway to a VPC, enabling connectivity between the
Internet and the VPC. For more information about your VPC and Internet
gateway, go to the Amazon Virtual Private Cloud User Guide.
attach-network-interface
attach-volume
Attach a previously created volume to a running instance.
attach-vpn-gateway
Attaches a VPN gateway to a VPC. This is the last step required to get
your VPC fully connected to your data center before launching instances
in it. For more information, go to Process for Using Amazon VPC in the
Amazon Virtual Private Cloud Developer Guide.
authorize-security-group-egress
This action applies only to security groups in a VPC; it's not supported
for EC2 security groups. For information about Amazon Virtual Private
Cloud and VPC security groups, go to the Amazon Virtual Private Cloud
User Guide.
The action adds one or more egress rules to a VPC security group.
Specifically, this permits instances in a security group to send traffic
to either one or more destination CIDR IP address ranges, or to one or
more destination security groups in the same VPC.
Each rule consists of the protocol (e.g., TCP), plus either a CIDR
range, or a source group. For the TCP and UDP protocols, you must also
specify the destination port or port range. For the ICMP protocol, you
must also specify the ICMP type and code. You can use -1 as a
wildcard for the ICMP type or code.
Rule changes are propagated to instances within the security group as
quickly as possible. However, a small delay might occur.
Important:For VPC security groups: You can have up to 50 rules total
per group (covering both ingress and egress).
authorize-security-group-ingress
The AuthorizeSecurityGroupIngress operation adds permissions to a
security group.
Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
source of the request (by IP range or an Amazon EC2 user-group pair),
the source and destination port ranges (for TCP and UDP), and the ICMP
codes and types (for ICMP). When authorizing ICMP, -1 can be
used as a wildcard in the type and code fields.
Permission changes are propagated to instances within the security group
as quickly as possible. However, depending on the number of instances, a
small delay might occur.
bundle-instance
The BundleInstance operation request that an instance is bundled the
next time it boots. The bundling process creates a new image from a
running instance and stores the AMI data in S3. Once bundled, the image
must be registered in the normal way using the RegisterImage API.
cancel-bundle-task
CancelBundleTask operation cancels a pending or in-progress bundling
task. This is an asynchronous call and it make take a while for the task
to be canceled. If a task is canceled while it is storing items, there
may be parts of the incomplete AMI stored in S3. It is up to the caller
to clean up these parts from S3.
cancel-conversion-task
cancel-export-task
cancel-reserved-instances-listing
cancel-spot-instance-requests
Cancels one or more Spot Instance requests.
Spot Instances are instances that Amazon EC2 starts on your behalf when
the maximum price that you specify exceeds the current Spot Price.
Amazon EC2 periodically sets the Spot Price based on available Spot
Instance capacity and current spot instance requests.
For conceptual information about Spot Instances, refer to the Amazon
Elastic Compute Cloud Developer Guide or Amazon Elastic Compute
Cloud User Guide .
confirm-product-instance
The ConfirmProductInstance operation returns true if the specified
product code is attached to the specified instance. The operation
returns false if the product code is not attached to the instance.
The ConfirmProductInstance operation can only be executed by the owner
of the AMI. This feature is useful when an AMI owner is providing
support and wants to verify whether a user's instance is eligible.
copy-snapshot
create-customer-gateway
Provides information to AWS about your customer gateway device. The
customer gateway is the appliance at your end of the VPN connection
(compared to the VPN gateway, which is the device at the AWS side of the
VPN connection). You can have a single active customer gateway per AWS
account (active means that you've created a VPN connection to use with
the customer gateway). AWS might delete any customer gateway that you
create with this operation if you leave it inactive for an extended
period of time.
You must provide the Internet-routable IP address of the customer
gateway's external interface. The IP address must be static.
You must also provide the device's Border Gateway Protocol (BGP)
Autonomous System Number (ASN). You can use an existing ASN assigned to
your network. If you don't have an ASN already, you can use a private
ASN (in the 64512 - 65534 range). For more information about ASNs, go to
http://en.wikipedia.org/wiki/Autonomous_system_%28Internet%29.
create-dhcp-options
Creates a set of DHCP options that you can then associate with one or
more VPCs, causing all existing and new instances that you launch in
those VPCs to use the set of DHCP options. The following table lists the
individual DHCP options you can specify. For more information about the
options, go to http://www.ietf.org/rfc/rfc2132.txt
create-image
Creates an Amazon EBS-backed AMI from a "running" or "stopped" instance.
AMIs that use an Amazon EBS root device boot faster than AMIs that use
instance stores. They can be up to 1 TiB in size, use storage that
persists on instance failure, and can be stopped and started.
create-instance-export-task
create-internet-gateway
Creates a new Internet gateway in your AWS account. After creating the
Internet gateway, you then attach it to a VPC using
AttachInternetGateway. For more information about your VPC and
Internet gateway, go to Amazon Virtual Private Cloud User Guide.
create-key-pair
The CreateKeyPair operation creates a new 2048 bit RSA key pair and
returns a unique ID that can be used to reference this key pair when
launching new instances. For more information, see RunInstances.
create-network-acl
Creates a new network ACL in a VPC. Network ACLs provide an optional
layer of security (on top of security groups) for the instances in your
VPC. For more information about network ACLs, go to Network ACLs in the
Amazon Virtual Private Cloud User Guide.
create-network-acl-entry
Creates an entry (i.e., rule) in a network ACL with a rule number you
specify. Each network ACL has a set of numbered ingress rules and a
separate set of numbered egress rules. When determining whether a packet
should be allowed in or out of a subnet associated with the ACL, Amazon
VPC processes the entries in the ACL according to the rule numbers, in
ascending order.
Important:We recommend that you leave room between the rules (e.g.,
100, 110, 120, etc.), and not number them sequentially (101, 102, 103,
etc.). This allows you to easily add a new rule between existing ones
without having to renumber the rules.
After you add an entry, you can't modify it; you must either replace it,
or create a new entry and delete the old one.
For more information about network ACLs, go to Network ACLs in the
Amazon Virtual Private Cloud User Guide.
create-network-interface
create-placement-group
Creates a PlacementGroup into which multiple Amazon EC2
instances can be launched. Users must give the group a name unique
within the scope of the user account.
create-reserved-instances-listing
create-route
Creates a new route in a route table within a VPC. The route's target
can be either a gateway attached to the VPC or a NAT instance in the
VPC.
When determining how to route traffic, we use the route with the most
specific match. For example, let's say the traffic is destined for
192.0.2.3, and the route table includes the following two
routes:
* 192.0.2.0/24 (goes to some target A)
* 192.0.2.0/28 (goes to some target B)
Both routes apply to the traffic destined for 192.0.2.3.
However, the second route in the list is more specific, so we use that
route to determine where to target the traffic.
For more information about route tables, go toRoute Tablesin the
Amazon Virtual Private Cloud User Guide.
create-route-table
Creates a new route table within a VPC. After you create a new route
table, you can add routes and associate the table with a subnet. For
more information about route tables, go to Route Tablesin the
Amazon Virtual Private Cloud User Guide.
create-security-group
The CreateSecurityGroup operation creates a new security group.
Every instance is launched in a security group. If no security group is
specified during launch, the instances are launched in the default
security group. Instances within the same security group have
unrestricted network access to each other. Instances will reject network
access attempts from other instances in a different security group. As
the owner of instances you can grant or revoke specific permissions
using the AuthorizeSecurityGroupIngress and RevokeSecurityGroupIngress
operations.
create-snapshot
Create a snapshot of the volume identified by volume ID. A volume does
not have to be detached at the time the snapshot is taken. Snapshot
creation requires that the system is in a consistent state. For
instance, this means that if taking a snapshot of a database, the tables
must be read-only locked to ensure that the snapshot will not contain a
corrupted version of the database. Therefore, be careful when using this
API to ensure that the system remains in the consistent state until the
create snapshot status has returned.
create-spot-datafeed-subscription
Creates the data feed for Spot Instances, enabling you to view Spot
Instance usage logs. You can create one data feed per account.
For conceptual information about Spot Instances, refer to the Amazon
Elastic Compute Cloud Developer Guide or Amazon Elastic Compute
Cloud User Guide .
create-subnet
Creates a subnet in an existing VPC. You can create up to 20 subnets in
a VPC. If you add more than one subnet to a VPC, they're set up in a
star topology with a logical router in the middle. When you create each
subnet, you provide the VPC ID and the CIDR block you want for the
subnet. Once you create a subnet, you can't change its CIDR block. The
subnet's CIDR block can be the same as the VPC's CIDR block (assuming
you want only a single subnet in the VPC), or a subset of the VPC's CIDR
block. If you create more than one subnet in a VPC, the subnets' CIDR
blocks must not overlap. The smallest subnet (and VPC) you can create
uses a /28 netmask (16 IP addresses), and the largest uses a
/18 netmask (16,384 IP addresses).
AWS reserves both the first four and the last IP address in each
subnet's CIDR block. They're not available for use.
create-tags
Adds or overwrites tags for the specified resources. Each resource can
have a maximum of 10 tags. Each tag consists of a key-value pair. Tag
keys must be unique per resource.
create-volume
Initializes an empty volume of a given size.
create-vpc
Creates a VPC with the CIDR block you specify. The smallest VPC you can
create uses a /28 netmask (16 IP addresses), and the largest
uses a /18 netmask (16,384 IP addresses). To help you decide how
big to make your VPC, go to the topic about creating VPCs in the Amazon
Virtual Private Cloud Developer Guide.
By default, each instance you launch in the VPC has the default DHCP
options (the standard EC2 host name, no domain name, no DNS server, no
NTP server, and no NetBIOS server or node type).
create-vpn-connection
Creates a new VPN connection between an existing VPN gateway and
customer gateway. The only supported connection type is ipsec.1.
The response includes information that you need to configure your
customer gateway, in XML format. We recommend you use the command line
version of this operation (ec2-create-vpn-connection), which
takes an -f option (for format) and returns configuration
information formatted as expected by the vendor you specified, or in a
generic, human readable format. For information about the command, go to
ec2-create-vpn-connection in the Amazon Virtual Private Cloud
Command Line Reference.
We strongly recommend you use HTTPS when calling this operation because
the response contains sensitive cryptographic information for
configuring your customer gateway.
If you decide to shut down your VPN connection for any reason and then
create a new one, you must re-configure your customer gateway with the
new information returned from this call.
create-vpn-connection-route
create-vpn-gateway
Creates a new VPN gateway. A VPN gateway is the VPC-side endpoint for
your VPN connection. You can create a VPN gateway before creating the
VPC itself.
deactivate-license
Deactivates a specific number of licenses. Deactivations can be done
against a specific license ID after they have persisted for at least a
90-day period.
delete-customer-gateway
Deletes a customer gateway. You must delete the VPN connection before
deleting the customer gateway.
You can have a single active customer gateway per AWS account (active
means that you've created a VPN connection with that customer gateway).
AWS might delete any customer gateway you leave inactive for an extended
period of time.
delete-dhcp-options
Deletes a set of DHCP options that you specify. Amazon VPC returns an
error if the set of options you specify is currently associated with a
VPC. You can disassociate the set of options by associating either a new
set of options or the default options with the VPC.
delete-internet-gateway
Deletes an Internet gateway from your AWS account. The gateway must not
be attached to a VPC. For more information about your VPC and Internet
gateway, go to Amazon Virtual Private Cloud User Guide.
delete-key-pair
The DeleteKeyPair operation deletes a key pair.
delete-network-acl
Deletes a network ACL from a VPC. The ACL must not have any subnets
associated with it. You can't delete the default network ACL. For more
information about network ACLs, go to Network ACLs in the Amazon Virtual
Private Cloud User Guide.
delete-network-acl-entry
Deletes an ingress or egress entry (i.e., rule) from a network ACL. For
more information about network ACLs, go to Network ACLs in the Amazon
Virtual Private Cloud User Guide.
delete-network-interface
delete-placement-group
Deletes a PlacementGroup from a user's account. Terminate all
Amazon EC2 instances in the placement group before deletion.
delete-route
Deletes a route from a route table in a VPC. For more information about
route tables, go toRoute Tablesin the Amazon Virtual Private
Cloud User Guide.
delete-route-table
Deletes a route table from a VPC. The route table must not be associated
with a subnet. You can't delete the main route table. For more
information about route tables, go toRoute Tablesin the Amazon
Virtual Private Cloud User Guide.
delete-security-group
The DeleteSecurityGroup operation deletes a security group.
If you attempt to delete a security group that contains instances, a
fault is returned.
If you attempt to delete a security group that is referenced by another
security group, a fault is returned. For example, if security group B
has a rule that allows access from security group A, security group A
cannot be deleted until the allow rule is removed.
delete-snapshot
Deletes the snapshot identified by snapshotId.
delete-spot-datafeed-subscription
Deletes the data feed for Spot Instances.
For conceptual information about Spot Instances, refer to the Amazon
Elastic Compute Cloud Developer Guide or Amazon Elastic Compute
Cloud User Guide .
delete-subnet
Deletes a subnet from a VPC. You must terminate all running instances in
the subnet before deleting it, otherwise Amazon VPC returns an error.
delete-tags
Deletes tags from the specified Amazon EC2 resources.
delete-volume
Deletes a previously created volume. Once successfully deleted, a new
volume can be created with the same name.
delete-vpc
Deletes a VPC. You must detach or delete all gateways or other objects
that are dependent on the VPC first. For example, you must terminate all
running instances, delete all VPC security groups (except the default),
delete all the route tables (except the default), etc.
delete-vpn-connection
Deletes a VPN connection. Use this if you want to delete a VPC and all
its associated components. Another reason to use this operation is if
you believe the tunnel credentials for your VPN connection have been
compromised. In that situation, you can delete the VPN connection and
create a new one that has new keys, without needing to delete the VPC or
VPN gateway. If you create a new VPN connection, you must reconfigure
the customer gateway using the new configuration information returned
with the new VPN connection ID.
If you're deleting the VPC and all its associated parts, we recommend
you detach the VPN gateway from the VPC and delete the VPC before
deleting the VPN connection.
delete-vpn-connection-route
delete-vpn-gateway
Deletes a VPN gateway. Use this when you want to delete a VPC and all
its associated components because you no longer need them. We recommend
that before you delete a VPN gateway, you detach it from the VPC and
delete the VPN connection. Note that you don't need to delete the VPN
gateway if you just want to delete and re-create the VPN connection
between your VPC and data center.
deregister-image
The DeregisterImage operation deregisters an AMI. Once deregistered,
instances of the AMI can no longer be launched.
describe-addresses
The DescribeAddresses operation lists elastic IP addresses assigned to
your account.
describe-availability-zones
The DescribeAvailabilityZones operation describes availability zones
that are currently available to the account and their states.
Availability zones are not the same across accounts. The availability
zone us-east-1a for account A is not necessarily the same as
us-east-1a for account B. Zone assignments are mapped
independently for each account.
describe-bundle-tasks
The DescribeBundleTasks operation describes in-progress and recent
bundle tasks. Complete and failed tasks are removed from the list a
short time after completion. If no bundle ids are given, all bundle
tasks are returned.
describe-conversion-tasks
describe-customer-gateways
Gives you information about your customer gateways. You can filter the
results to return information only about customer gateways that match
criteria you specify. For example, you could ask to get information
about a particular customer gateway (or all) only if the gateway's state
is pending or available. You can specify multiple filters (e.g., the
customer gateway has a particular IP address for the Internet-routable
external interface, and the gateway's state is pending or available).
The result includes information for a particular customer gateway only
if the gateway matches all your filters. If there's no match, no special
message is returned; the response is simply empty. The following table
shows the available filters.
describe-dhcp-options
Gives you information about one or more sets of DHCP options. You can
specify one or more DHCP options set IDs, or no IDs (to describe all
your sets of DHCP options). The returned information consists of:
* The DHCP options set ID
* The options
describe-export-tasks
describe-image-attribute
The DescribeImageAttribute operation returns information about an
attribute of an AMI. Only one attribute can be specified per call.
describe-images
The DescribeImages operation returns information about AMIs, AKIs, and
ARIs available to the user. Information returned includes image type,
product codes, architecture, and kernel and RAM disk IDs. Images
available to the user include public images available for any user to
launch, private images owned by the user making the request, and private
images owned by other users for which the user has explicit launch
permissions.
Launch permissions fall into three categories:
* Public:The owner of the AMI granted launch permissions for the AMI
to the all group. All users have launch permissions for these AMIs.
* Explicit:The owner of the AMI granted launch permissions to a
specific user.
* Implicit:A user has implicit launch permissions for all AMIs he or
she owns.
The list of AMIs returned can be modified by specifying AMI IDs, AMI
owners, or users with launch permissions. If no options are specified,
Amazon EC2 returns all AMIs for which the user has launch permissions.
If you specify one or more AMI IDs, only AMIs that have the specified
IDs are returned. If you specify an invalid AMI ID, a fault is returned.
If you specify an AMI ID for which you do not have access, it will not
be included in the returned results.
If you specify one or more AMI owners, only AMIs from the specified
owners and for which you have access are returned. The results can
include the account IDs of the specified owners, amazon for AMIs owned
by Amazon or self for AMIs that you own.
If you specify a list of executable users, only users that have launch
permissions for the AMIs are returned. You can specify account IDs (if
you own the AMI(s)), self for AMIs for which you own or have explicit
permissions, or all for public AMIs. Deregistered images are included in
the returned results for an unspecified interval after deregistration.
describe-instance-attribute
Returns information about an attribute of an instance. Only one
attribute can be specified per call.
describe-instance-status
Describes the status of an Amazon Elastic Compute Cloud (Amazon EC2)
instance. Instance status provides information about two types of
scheduled events for an instance that may require your attention:
* Scheduled Reboot: When Amazon EC2 determines that an instance must
be rebooted, the instance's status will return one of two event
codes: system-reboot or instance-reboot. System
reboot commonly occurs if certain maintenance or upgrade operations
require a reboot of the underlying host that supports an instance.
Instance reboot commonly occurs if the instance must be rebooted,
rather than the underlying host. Rebooting events include a
scheduled start and end time.
* Scheduled Retirement: When Amazon EC2 determines that an instance
must be shut down, the instance's status will return an event code
called instance-retirement. Retirement commonly occurs when
the underlying host is degraded and must be replaced. Retirement
events include a scheduled start and end time. You're also notified
by email if one of your instances is set to retiring. The email
message indicates when your instance will be permanently retired.
If your instance is permanently retired, it will not be restarted. You
can avoid retirement by manually restarting your instance when its event
code is instance-retirement. This ensures that your instance is
started on a healthy host.
DescribeInstanceStatus returns information only for instances
in the running state.
You can filter the results to return information only about instances
that match criteria you specify. For example, you could get information
about instances in a specific Availability Zone. You can specify
multiple values for a filter (e.g., more than one Availability Zone). An
instance must match at least one of the specified values for it to be
included in the results.
You can specify multiple filters. An instance must match all the filters
for it to be included in the results. If there's no match, no special
message is returned; the response is simply empty.
You can use wildcards with the filter values: * matches zero or
more characters, and ? matches exactly one character. You can
escape special characters using a backslash before the character. For
example, a value of \*amazon\?\\ searches for the literal string
*amazon?\.
The following filters are available:
* availability-zone - Filter on an instance's availability
zone.
* instance-state-name - Filter on the intended state of the
instance, e.g., running.
* instance-state-code - Filter on the intended state code of
the instance, e.g., 16.
describe-instances
The DescribeInstances operation returns information about instances that
you own.
If you specify one or more instance IDs, Amazon EC2 returns information
for those instances. If you do not specify instance IDs, Amazon EC2
returns information for all relevant instances. If you specify an
invalid instance ID, a fault is returned. If you specify an instance
that you do not own, it will not be included in the returned results.
Recently terminated instances might appear in the returned results. This
interval is usually less than one hour.
describe-internet-gateways
Gives you information about your Internet gateways. You can filter the
results to return information only about Internet gateways that match
criteria you specify. For example, you could get information only about
gateways with particular tags. The Internet gateway must match at least
one of the specified values for it to be included in the results.
You can specify multiple filters (e.g., the Internet gateway is attached
to a particular VPC and is tagged with a particular value). The result
includes information for a particular Internet gateway only if the
gateway matches all your filters. If there's no match, no special
message is returned; the response is simply empty.
You can use wildcards with the filter values: an asterisk matches zero
or more characters, and ?matches exactly one character. You can
escape special characters using a backslash before the character. For
example, a value of \*amazon\?\\ searches for the literal string
*amazon?\.
describe-key-pairs
The DescribeKeyPairs operation returns information about key pairs
available to you. If you specify key pairs, information about those key
pairs is returned. Otherwise, information for all registered key pairs
is returned.
describe-licenses
Provides details of a user's registered licenses. Zero or more IDs may
be specified on the call. When one or more license IDs are specified,
only data for the specified IDs are returned.
describe-network-acls
Gives you information about the network ACLs in your VPC. You can filter
the results to return information only about ACLs that match criteria
you specify. For example, you could get information only the ACL
associated with a particular subnet. The ACL must match at least one of
the specified values for it to be included in the results.
You can specify multiple filters (e.g., the ACL is associated with a
particular subnet and has an egress entry that denies traffic to a
particular port). The result includes information for a particular ACL
only if it matches all your filters. If there's no match, no special
message is returned; the response is simply empty.
You can use wildcards with the filter values: an asterisk matches zero
or more characters, and? matches exactly one character. You can
escape special characters using a backslash before the character. For
example, a value of \*amazon\?\\ searches for the literal string
*amazon?\.
describe-network-interface-attribute
describe-network-interfaces
describe-placement-groups
Returns information about one or more PlacementGroup instances
in a user's account.
describe-regions
The DescribeRegions operation describes regions zones that are currently
available to the account.
describe-reserved-instances
The DescribeReservedInstances operation describes Reserved Instances
that were purchased for use with your account.
describe-reserved-instances-listings
describe-reserved-instances-offerings
The DescribeReservedInstancesOfferings operation describes Reserved
Instance offerings that are available for purchase. With Amazon EC2
Reserved Instances, you purchase the right to launch Amazon EC2
instances for a period of time (without getting insufficient capacity
errors) and pay a lower usage rate for the actual time used.
describe-route-tables
Gives you information about your route tables. You can filter the
results to return information only about tables that match criteria you
specify. For example, you could get information only about a table
associated with a particular subnet. You can specify multiple values for
the filter. The table must match at least one of the specified values
for it to be included in the results.
You can specify multiple filters (e.g., the table has a particular
route, and is associated with a particular subnet). The result includes
information for a particular table only if it matches all your filters.
If there's no match, no special message is returned; the response is
simply empty.
You can use wildcards with the filter values: an asterisk matches zero
or more characters, and? matches exactly one character. You can
escape special characters using a backslash before the character. For
example, a value of \*amazon\?\\ searches for the literal string
*amazon?\.
describe-security-groups
The DescribeSecurityGroups operation returns information about security
groups that you own.
If you specify security group names, information about those security
group is returned. Otherwise, information for all security group is
returned. If you specify a group that does not exist, a fault is
returned.
describe-snapshot-attribute
Returns information about an attribute of a snapshot. Only one attribute
can be specified per call.
describe-snapshots
Returns information about the Amazon EBS snapshots available to you.
Snapshots available to you include public snapshots available for any
AWS account to launch, private snapshots you own, and private snapshots
owned by another AWS account but for which you've been given explicit
create volume permissions.
describe-spot-datafeed-subscription
Describes the data feed for Spot Instances.
For conceptual information about Spot Instances, refer to the Amazon
Elastic Compute Cloud Developer Guide or Amazon Elastic Compute
Cloud User Guide .
describe-spot-instance-requests
Describes Spot Instance requests. Spot Instances are instances that
Amazon EC2 starts on your behalf when the maximum price that you specify
exceeds the current Spot Price. Amazon EC2 periodically sets the Spot
Price based on available Spot Instance capacity and current spot
instance requests. For conceptual information about Spot Instances,
refer to theAmazon Elastic Compute Cloud Developer
GuideorAmazon Elastic Compute Cloud User Guide.
You can filter the results to return information only about Spot
Instance requests that match criteria you specify. For example, you
could get information about requests where the Spot Price you specified
is a certain value (you can't use greater than or less than comparison,
but you can use * and ? wildcards). You can specify
multiple values for a filter. A Spot Instance request must match at
least one of the specified values for it to be included in the results.
You can specify multiple filters (e.g., the Spot Price is equal to a
particular value, and the instance type is m1.small). The result
includes information for a particular request only if it matches all
your filters. If there's no match, no special message is returned; the
response is simply empty.
You can use wildcards with the filter values: an asterisk matches zero
or more characters, and ? matches exactly one character. You can
escape special characters using a backslash before the character. For
example, a value of \*amazon\?\\ searches for the literal string
*amazon?\.
describe-spot-price-history
Describes the Spot Price history.
Spot Instances are instances that Amazon EC2 starts on your behalf when
the maximum price that you specify exceeds the current Spot Price.
Amazon EC2 periodically sets the Spot Price based on available Spot
Instance capacity and current spot instance requests.
For conceptual information about Spot Instances, refer to the Amazon
Elastic Compute Cloud Developer Guide or Amazon Elastic Compute
Cloud User Guide .
describe-subnets
Gives you information about your subnets. You can filter the results to
return information only about subnets that match criteria you specify.
For example, you could ask to get information about a particular subnet
(or all) only if the subnet's state is available. You can specify
multiple filters (e.g., the subnet is in a particular VPC, and the
subnet's state is available).
The result includes information for a particular subnet only if the
subnet matches all your filters. If there's no match, no special message
is returned; the response is simply empty. The following table shows the
available filters.
describe-tags
Describes the tags for the specified resources.
describe-volume-attribute
describe-volume-status
Describes the status of a volume.
describe-volumes
Describes the status of the indicated volume or, in lieu of any
specified, all volumes belonging to the caller. Volumes that have been
deleted are not described.
describe-vpcs
Gives you information about your VPCs. You can filter the results to
return information only about VPCs that match criteria you specify.
For example, you could ask to get information about a particular VPC or
VPCs (or all your VPCs) only if the VPC's state is available. You can
specify multiple filters (e.g., the VPC uses one of several sets of DHCP
options, and the VPC's state is available). The result includes
information for a particular VPC only if the VPC matches all your
filters.
If there's no match, no special message is returned; the response is
simply empty. The following table shows the available filters.
describe-vpn-connections
Gives you information about your VPN connections.
We strongly recommend you use HTTPS when calling this operation because
the response contains sensitive cryptographic information for
configuring your customer gateway.
You can filter the results to return information only about VPN
connections that match criteria you specify. For example, you could ask
to get information about a particular VPN connection (or all) only if
the VPN's state is pending or available. You can specify multiple
filters (e.g., the VPN connection is associated with a particular VPN
gateway, and the gateway's state is pending or available). The result
includes information for a particular VPN connection only if the VPN
connection matches all your filters. If there's no match, no special
message is returned; the response is simply empty. The following table
shows the available filters.
describe-vpn-gateways
Gives you information about your VPN gateways. You can filter the
results to return information only about VPN gateways that match
criteria you specify.
For example, you could ask to get information about a particular VPN
gateway (or all) only if the gateway's state is pending or available.
You can specify multiple filters (e.g., the VPN gateway is in a
particular Availability Zone and the gateway's state is pending or
available).
The result includes information for a particular VPN gateway only if the
gateway matches all your filters. If there's no match, no special
message is returned; the response is simply empty. The following table
shows the available filters.
detach-internet-gateway
Detaches an Internet gateway from a VPC, disabling connectivity between
the Internet and the VPC. The VPC must not contain any running instances
with elastic IP addresses. For more information about your VPC and
Internet gateway, go to Amazon Virtual Private Cloud User Guide.
For more information about Amazon Virtual Private Cloud and Internet
gateways, go to the Amazon Virtual Private Cloud User Guide.
detach-network-interface
detach-volume
Detach a previously attached volume from a running instance.
detach-vpn-gateway
Detaches a VPN gateway from a VPC. You do this if you're planning to
turn off the VPC and not use it anymore. You can confirm a VPN gateway
has been completely detached from a VPC by describing the VPN gateway
(any attachments to the VPN gateway are also described).
You must wait for the attachment's state to switch to detached before
you can delete the VPC or attach a different VPC to the VPN gateway.
disable-vgw-route-propagation
disassociate-address
The DisassociateAddress operation disassociates the specified elastic IP
address from the instance to which it is assigned. This is an idempotent
operation. If you enter it more than once, Amazon EC2 does not return an
error.
disassociate-route-table
Disassociates a subnet from a route table.
After you perform this action, the subnet no longer uses the routes in
the route table. Instead it uses the routes in the VPC's main route
table. For more information about route tables, go toRoute
Tablesin the Amazon Virtual Private Cloud User Guide.
enable-vgw-route-propagation
enable-volume-io
Enable IO on the volume after an event has occured.
get-console-output
The GetConsoleOutput operation retrieves console output for the
specified instance.
Instance console output is buffered and posted shortly after instance
boot, reboot, and termination. Amazon EC2 preserves the most recent 64
KB output which will be available for at least one hour after the most
recent post.
get-password-data
Retrieves the encrypted administrator password for the instances running
Windows. The Windows password is only generated the first time an AMI is
launched. It is not generated for rebundled AMIs or after the password
is changed on an instance. The password is encrypted using the key pair
that you provided.
import-instance
import-key-pair
Imports the public key from an RSA key pair created with a third-party
tool. This operation differs from CreateKeyPair as the private
key is never transferred between the caller and AWS servers.
RSA key pairs are easily created on Microsoft Windows and Linux OS
systems using the ssh-keygen command line tool provided with the
standard OpenSSH installation. Standard library support for RSA key pair
creation is also available for Java, Ruby, Python, and many other
programming languages.
The following formats are supported:
* OpenSSH public key format,
* Base64 encoded DER format.
* SSH public key file format as specified in RFC4716 .
import-volume
modify-image-attribute
The ModifyImageAttribute operation modifies an attribute of an AMI.
modify-instance-attribute
Modifies an attribute of an instance.
modify-network-interface-attribute
modify-snapshot-attribute
Adds or remove permission settings for the specified snapshot.
modify-volume-attribute
monitor-instances
Enables monitoring for a running instance.
purchase-reserved-instances-offering
The PurchaseReservedInstancesOffering operation purchases a Reserved
Instance for use with your account. With Amazon EC2 Reserved Instances,
you purchase the right to launch Amazon EC2 instances for a period of
time (without getting insufficient capacity errors) and pay a lower
usage rate for the actual time used.
reboot-instances
The RebootInstances operation requests a reboot of one or more
instances. This operation is asynchronous; it only queues a request to
reboot the specified instance(s). The operation will succeed if the
instances are valid and belong to the user. Requests to reboot
terminated instances are ignored.
register-image
The RegisterImage operation registers an AMI with Amazon EC2. Images
must be registered before they can be launched. For more information,
see RunInstances.
Each AMI is associated with an unique ID which is provided by the Amazon
EC2 service through the RegisterImage operation. During registration,
Amazon EC2 retrieves the specified image manifest from Amazon S3 and
verifies that the image is owned by the user registering the image.
The image manifest is retrieved once and stored within the Amazon EC2.
Any modifications to an image in Amazon S3 invalidates this
registration. If you make changes to an image, deregister the previous
image and register the new image. For more information, see
DeregisterImage.
release-address
The ReleaseAddress operation releases an elastic IP address associated
with your account. Releasing an IP address automatically disassociates
it from any instance with which it is associated. For more information,
see DisassociateAddress.
After releasing an elastic IP address, it is released to the IP address
pool and might no longer be available to your account. Make sure to
update your DNS records and any servers or devices that communicate with
the address.
If you run this operation on an elastic IP address that is already
released, the address might be assigned to another account which will
cause Amazon EC2 to return an error.
replace-network-acl-association
Changes which network ACL a subnet is associated with. By default when
you create a subnet, it's automatically associated with the default
network ACL. For more information about network ACLs, go to Network ACLs
in the Amazon Virtual Private Cloud User Guide.
replace-network-acl-entry
Replaces an entry (i.e., rule) in a network ACL. For more information
about network ACLs, go to Network ACLs in the Amazon Virtual Private
Cloud User Guide.
replace-route
Replaces an existing route within a route table in a VPC. For more
information about route tables, go toRoute Tablesin the Amazon
Virtual Private Cloud User Guide.
replace-route-table-association
Changes the route table associated with a given subnet in a VPC. After
you execute this action, the subnet uses the routes in the new route
table it's associated with. For more information about route tables, go
toRoute Tablesin the Amazon Virtual Private Cloud User Guide.
You can also use this to change which table is the main route table in
the VPC. You just specify the main route table's association ID and the
route table that you want to be the new main route table.
report-instance-status
request-spot-instances
Creates a Spot Instance request.
Spot Instances are instances that Amazon EC2 starts on your behalf when
the maximum price that you specify exceeds the current Spot Price.
Amazon EC2 periodically sets the Spot Price based on available Spot
Instance capacity and current spot instance requests.
For conceptual information about Spot Instances, refer to the Amazon
Elastic Compute Cloud Developer Guide or Amazon Elastic Compute
Cloud User Guide.
reset-image-attribute
The ResetImageAttribute operation resets an attribute of an AMI to its
default value. The productCodes attribute cannot be reset.
reset-instance-attribute
Resets an attribute of an instance to its default value.
reset-network-interface-attribute
reset-snapshot-attribute
Resets permission settings for the specified snapshot.
revoke-security-group-egress
This action applies only to security groups in a VPC. It doesn't work
with EC2 security groups. For information about Amazon Virtual Private
Cloud and VPC security groups, go to the Amazon Virtual Private Cloud
User Guide.
The action removes one or more egress rules from a VPC security group.
The values that you specify in the revoke request (e.g., ports, etc.)
must match the existing rule's values in order for the rule to be
revoked.
Each rule consists of the protocol, and the CIDR range or destination
security group. For the TCP and UDP protocols, you must also specify the
destination port or range of ports. For the ICMP protocol, you must also
specify the ICMP type and code.
Rule changes are propagated to instances within the security group as
quickly as possible. However, a small delay might occur.
revoke-security-group-ingress
The RevokeSecurityGroupIngress operation revokes permissions from a
security group. The permissions used to revoke must be specified using
the same values used to grant the permissions.
Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source
of the request (by IP range or an Amazon EC2 user-group pair), the
source and destination port ranges (for TCP and UDP), and the ICMP codes
and types (for ICMP).
Permission changes are quickly propagated to instances within the
security group. However, depending on the number of instances in the
group, a small delay might occur.
run-instances
The RunInstances operation launches a specified number of instances.
If Amazon EC2 cannot launch the minimum number AMIs you request, no
instances launch. If there is insufficient capacity to launch the
maximum number of AMIs you request, Amazon EC2 launches as many as
possible to satisfy the requested maximum values.
Every instance is launched in a security group. If you do not specify a
security group at launch, the instances start in your default security
group. For more information on creating security groups, see
CreateSecurityGroup.
An optional instance type can be specified. For information about
instance types, see Instance Types.
You can provide an optional key pair ID for each image in the launch
request (for more information, see CreateKeyPair). All instances that
are created from images that use this key pair will have access to the
associated public key at boot. You can use this key to provide secure
access to an instance of an image on a per-instance basis. Amazon EC2
public images use this feature to provide secure access without
passwords.
Launching public images without a key pair ID will leave them
inaccessible.
The public key material is made available to the instance at boot time
by placing it in the openssh_id.pub file on a logical device
that is exposed to the instance as /dev/sda2 (the ephemeral
store). The format of this file is suitable for use as an entry within
~/.ssh/authorized_keys (the OpenSSH format). This can be done at
boot (e.g., as part of rc.local) allowing for secure access
without passwords.
Optional user data can be provided in the launch request. All instances
that collectively comprise the launch request have access to this data
For more information, see Instance Metadata. If any of the AMIs have a
product code attached for which the user has not subscribed, the
RunInstances call will fail.
We strongly recommend using the 2.6.18 Xen stock kernel with the
c1.medium and c1.xlarge instances. Although the default
Amazon EC2 kernels will work, the new kernels provide greater stability
and performance for these instance types. For more information about
kernels, see Kernels, RAM Disks, and Block Device Mappings.
start-instances
Starts an instance that uses an Amazon EBS volume as its root device.
Instances that use Amazon EBS volumes as their root devices can be
quickly stopped and started. When an instance is stopped, the compute
resources are released and you are not billed for hourly instance usage.
However, your root partition Amazon EBS volume remains, continues to
persist your data, and you are charged for Amazon EBS volume usage. You
can restart your instance at any time.
Performing this operation on an instance that uses an instance store as
its root device returns an error.
stop-instances
Stops an instance that uses an Amazon EBS volume as its root device.
Instances that use Amazon EBS volumes as their root devices can be
quickly stopped and started. When an instance is stopped, the compute
resources are released and you are not billed for hourly instance usage.
However, your root partition Amazon EBS volume remains, continues to
persist your data, and you are charged for Amazon EBS volume usage. You
can restart your instance at any time.
Before stopping an instance, make sure it is in a state from which it
can be restarted. Stopping an instance does not preserve data stored in
RAM.
Performing this operation on an instance that uses an instance store as
its root device returns an error.
terminate-instances
The TerminateInstances operation shuts down one or more instances. This
operation is idempotent; if you terminate an instance more than once,
each call will succeed.
Terminated instances will remain visible after termination
(approximately one hour).
unassign-private-ip-addresses
unmonitor-instances
Disables monitoring for a running instance.
