Action Description Resources Conditions
Accept a VPC peering connection request.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Accept a VPC peering connection request.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
  • arn:aws:ec2:$region:$account:vpc-peering-connection/$vpc-peering-connection-id
  • ec2:AccepterVpc
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RequesterVpc
  • Global Conditions
Associates an IAM instance profile with a running or stopped instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
[EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Adds one or more ingress rules to a security group.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:dhcp-options/*
  • arn:aws:ec2:$region:$account:dhcp-options/$dhcp-options-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region::image/*
  • arn:aws:ec2:$region::image/$image-id
  • ec2:CreateAction
  • ec2:ImageType
  • ec2:Owner
  • ec2:Public
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:internet-gateway/*
  • arn:aws:ec2:$region:$account:internet-gateway/$igw-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/$nacl-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:network-interface/*
  • arn:aws:ec2:$region:$account:network-interface/$eni-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:Region
  • ec2:Subnet
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:reserved-instance/*
  • arn:aws:ec2:$region:$account:reserved-instance/$reservation-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:InstanceType
  • ec2:ReservedInstancesOfferingType
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Tenancy
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region::snapshot/*
  • arn:aws:ec2:$region::snapshot/$snapshot-id
  • ec2:CreateAction
  • ec2:Owner
  • ec2:ParentVolume
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:SnapshotTime
  • ec2:VolumeSize
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:spot-instance-request/*
  • arn:aws:ec2:$region:$account:spot-instance-request/$spot-instance-request-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:subnet/*
  • arn:aws:ec2:$region:$account:subnet/$subnet-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Tenancy
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:vpn-connection/*
  • arn:aws:ec2:$region:$account:vpn-connection/$vpn-connection-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:vpn-gateway/*
  • arn:aws:ec2:$region:$account:vpn-gateway/$vpn-gateway-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Creates an EBS volume that can be attached to an instance in the same Availability Zone.
  • arn:aws:ec2:region:account:volume/*
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Requests a VPC peering connection between two VPCs.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Requests a VPC peering connection between two VPCs.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
Deletes the specified customer gateway.
  • arn:aws:ec2:$region:$account:customer-gateway/*
  • arn:aws:ec2:$region:$account:customer-gateway/$cgw-id
Deletes the specified set of DHCP options.
  • arn:aws:ec2:$region:$account:dhcp-options/*
  • arn:aws:ec2:$region:$account:dhcp-options/$dhcp-options-id
Deletes the specified Internet gateway.
  • arn:aws:ec2:$region:$account:internet-gateway/*
  • arn:aws:ec2:$region:$account:internet-gateway/igw-id
Deletes the specified network ACL.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/nacl-id
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/$nacl-id
Deletes the specified route from the specified route table.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
Deletes the specified route table.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
Deletes a security group.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:dhcp-options/*
  • arn:aws:ec2:$region:$account:dhcp-options/$dhcp-options-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region::image/*
  • arn:aws:ec2:$region::image/$image-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:internet-gateway/*
  • arn:aws:ec2:$region:$account:internet-gateway/$igw-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/$nacl-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:network-interface/*
  • arn:aws:ec2:$region:$account:network-interface$eni-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:reserved-instance/*
  • arn:aws:ec2:$region:$account:reserved-instance/$reservation-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region::snapshot/*
  • arn:aws:ec2:$region::snapshot/$snapshot-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:spot-instance-request/*
  • arn:aws:ec2:$region:$account:spot-instance-request/$spot-instance-request-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:subnet/*
  • arn:aws:ec2:$region:$account:subnet/$subnet-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:vpn-connection/*
  • arn:aws:ec2:$region:$account:vpn-connection/$vpn-connection-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2$region:$account:vpn-gateway/*
  • arn:aws:ec2$region:$account:vpn-gateway/$vpn-gateway-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified EBS volume.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
Deletes a VPC peering connection.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
  • arn:aws:ec2:$region:$account:vpc-peering-connection/$vpc-peering-connection-id
  • ec2:AccepterVpc
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RequesterVpc
  • Global Conditions
Unlinks (detaches) a linked EC2-Classic instance from a VPC.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Unlinks (detaches) a linked EC2-Classic instance from a VPC.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Detaches an EBS volume from an instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Detaches an EBS volume from an instance.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
Disables ClassicLink for a VPC.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Disassociates an IAM instance profile from a running or stopped instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Enables a VPC for ClassicLink.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Requests a reboot of one or more instances.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Rejects a VPC peering connection request.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
  • arn:aws:ec2:$region:$account:vpc-peering-connection/$vpc-peering-connection-id
  • ec2:AccepterVpc
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RequesterVpc
  • Global Conditions
Replaces an IAM instance profile for the specified running instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
[EC2-VPC only] Removes one or more egress rules from a security group for EC2-VPC.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Removes one or more ingress rules from a security group.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region::image/*
  • arn:aws:ec2:$region::image/$image-id
  • ec2:ImageType
  • ec2:Owner
  • ec2:Public
  • ec2:Region
  • ec2:RootDeviceType
  • ec2:ResourceTag/$tag-key
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:instance/*
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:key-pair/*
  • arn:aws:ec2:$region:$account:key-pair/$key-pair-name
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:network-interface/*
  • arn:aws:ec2:$region:$account:network-interface/$eni-id
  • ec2:AvailabilityZone
  • ec2:Region
  • ec2:Subnet
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:placement-group/*
  • arn:aws:ec2:$region:$account:placement-group/$placement-group-name
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region::snapshot/*
  • arn:aws:ec2:$region::snapshot/$snapshot-id
  • ec2:Owner
  • ec2:ParentVolume
  • ec2:Region
  • ec2:SnapshotTime
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeSize
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:subnet/*
  • arn:aws:ec2:$region:$account:subnet/$subnet-id
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:volume/*
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
Starts an Amazon EBS-backed AMI that you've previously stopped.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Stops an Amazon EBS-backed instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Shuts down one or more instances.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Acquires an Elastic IP address.
  • *
Allocates a Dedicated host to your account.
  • *
Assigns one or more secondary private IP addresses to the specified network interface.
  • *
Associates an Elastic IP address with an instance or a network interface.
  • *
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
  • *
Associates a subnet with a route table.
  • *
Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC.
  • *
Attaches a network interface to an instance.
  • *
Attaches a virtual private gateway to a VPC.
  • *
Bundles an Amazon instance store-backed Windows instance.
  • *
Cancels a bundling operation for an instance store-backed Windows instance.
  • *
Cancels an active conversion task.
  • *
Cancels an active export task.
  • *
Cancels an in-process import virtual machine or import snapshot task.
  • *
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
  • *
Cancels the specified Spot fleet requests.
  • *
Cancels one or more Spot instance requests.
  • *
Determines whether a product code is associated with an instance.
  • *
Initiates the copy of an AMI from the specified source region to the current region.
  • *
Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3.
  • *
Provides information to AWS about your VPN customer gateway device.
  • *
Creates a set of DHCP options for your VPC.
  • *
Creates one or more flow logs to capture IP traffic for a specific network interface, subnet, or VPC.
  • *
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.
  • *
Exports a running or stopped instance to an S3 bucket.
  • *
Creates an Internet gateway for use with a VPC.
  • *
Creates a 2048-bit RSA key pair with the specified name.
  • *
Creates a NAT gateway in the specified subnet.
  • *
Creates a network ACL in a VPC.
  • *
Creates an entry (a rule) in a network ACL with the specified rule number.
  • *
Creates a network interface in the specified subnet..
  • *
Creates a placement group that you launch cluster instances into.
  • *
Creates a listing for Amazon EC2 Reserved Instances to be sold in the Reserved Instance Marketplace.
  • *
Creates a route in a route table within a VPC.
  • *
Creates a route table for the specified VPC.
  • *
Creates a security group.
  • *
Creates a snapshot of an EBS volume and stores it in Amazon S3.
  • *
Creates a data feed for Spot instances, enabling you to view Spot instance usage logs.
  • *
CreateSubnet
  • *
Creates a VPC with the specified CIDR block.
  • *
Creates a VPC endpoint for a specified AWS service.
  • *
Creates a VPN connection between an existing virtual private gateway and a VPN customer gateway
  • *
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
  • *
Creates a virtual private gateway.
  • *
Deletes one or more flow logs.
  • *
Deletes the specified key pair, by removing the public key from Amazon EC2.
  • *
Deletes the specified NAT gateway.
  • *
Deletes the specified network interface.
  • *
Deletes the specified placement group.
  • *
Deletes the specified snapshot.
  • *
Deletes the data feed for Spot instances.
  • *
Deletes the specified subnet.
  • *
Deletes the specified VPC.
  • *
Deletes one or more specified VPC endpoints.
  • *
Deletes the specified VPN connection.
  • *
Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
  • *
Deletes the specified virtual private gateway.
  • *
Deregisters the specified AMI.
  • *
Describes attributes of your AWS account.
  • *
Describes one or more of your Elastic IP addresses.
  • *
Describes one or more of the Availability Zones that are available to you.
  • *
Describes one or more of your bundling tasks.
  • *
Describes one or more of your linked EC2-Classic instances.
  • *
Describes one or more of your linked EC2-Classic instances..
  • *
Describes one or more of your VPN customer gateways.
  • *
Describes one or more of your VPN customer gateways.
  • *
Describes one or more of your export tasks.
  • *
Describes one or more of your Dedicated hosts.
  • *
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user.
  • *
Describes the ID format settings for your resources on a per-region basis, for example, to view which resource types are enabled for longer IDs.
  • *
Describes the specified attribute of the specified AMI.
  • *
Describes one or more of the images (AMIs, AKIs, and ARIs) available to you.
  • *
Displays details about an import virtual machine or import snapshot tasks that are already created.
  • *
Describes your import snapshot tasks.
  • *
Describes the specified attribute of the specified instance.
  • *
Describes one or more of your instances.
  • *
Describes the status of one or more instances.
  • *
Describes one or more of your Internet gateways.
  • *
Describes one or more flow logs.
  • *
Describes one or more of your key pairs.
  • *
Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform.
  • *
Describes one or more of the your NAT gateways.
  • *
Describes one or more of your network ACLs.
  • *
Describes a network interface attribute.
  • *
Describes one or more of your network interfaces.
  • *
Describes one or more of your placement groups.
  • *
Describes available AWS services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.
  • *
Describes one or more regions that are currently available to you.
  • *
Describes one or more of the Reserved Instances that you purchased.
  • *
Describes your account's Reserved Instance listings in the Reserved Instance Marketplace.
  • *
Describes the modifications made to your Reserved Instances.
  • *
Describes Reserved Instance offerings that are available for purchase.
  • *
Describes one or more of your route tables.
  • *
Finds available schedules that meet the specified criteria.
  • *
Describes one or more of your Scheduled Instances.
  • *
[EC2-VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.
  • *
Describes one or more of your security groups.
  • *
[EC2-VPC only] Describes the stale security group rules for security groups in a specified VPC.
  • *
Describes the specified attribute of the specified snapshot.
  • *
Describes one or more of the EBS snapshots available to you.
  • *
Describes the data feed for Spot instances.
  • *
Describes the running instances for the specified Spot fleet.
  • *
Describes the events for the specified Spot fleet request during the specified time.
  • *
Describes your Spot fleet requests.
  • *
Describes the Spot instance requests that belong to your account.
  • *
Describes the Spot price history.
  • *
Describes one or more of your subnets.
  • *
Describes one or more of the tags for your EC2 resources.
  • *
Describes the specified attribute of the specified volume.
  • *
Describes the specified EBS volumes.
  • *
Describes the status of the specified volumes.
  • *
Describes the specified attribute of the specified VPC.
  • *
Describes the ClassicLink status of one or more VPCs.
  • *
Describes the ClassicLink DNS support status of one or more VPCs.
  • *
Describes one or more of your VPC endpoints.
  • *
Describes all supported AWS services that can be specified when creating a VPC endpoint.
  • *
Describes one or more of your VPC peering connections.
  • *
Describes one or more of your VPCs.
  • *
Describes one or more of your VPN connections.
  • *
Describes one or more of your virtual private gateways.
  • *
Detaches an Internet gateway from a VPC, disabling connectivity between the Internet and the VPC.
  • *
Detaches a network interface from an instance.
  • *
Detaches a virtual private gateway from a VPC.
  • *
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
  • *
Disables ClassicLink DNS support for a VPC.
  • *
Disassociates an Elastic IP address from the instance or network interface it's associated with.
  • *
Disassociates a subnet from a route table.
  • *
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
  • *
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
  • *
Enables a VPC to support DNS hostname resolution for ClassicLink.
  • *
Gets the console output for the specified instance.
  • *
Retrieves the encrypted administrator password for an instance running Windows.
  • *
Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).
  • *
Creates an import instance task using metadata from the specified disk image.
  • *
Imports the public key from an RSA key pair that you created with a third-party tool.
  • *
Imports a disk into an EBS snapshot.
  • *
Creates an import volume task using metadata from the specified disk image.
  • *
Modify the auto-placement setting of a Dedicated host.
  • *
Modifies the ID format of a resource for the specified IAM user, IAM role, or root user.
  • *
Modifies the ID format for the specified resource on a per-region basis.
  • *
Modifies the specified attribute of the specified AMI.
  • *
Modifies the specified attribute of the specified instance.
  • *
Set the instance affinity value for a specific stopped instance and modify the instance tenancy setting.
  • *
Modifies the specified network interface attribute.
  • *
Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances.
  • *
Adds or removes permission settings for the specified snapshot.
  • *
Modifies the specified Spot fleet request.
  • *
Modifies a subnet attribute.
  • *
Modifies a volume attribute.
  • *
Modifies the specified attribute of the specified VPC.
  • *
Modifies attributes of a specified VPC endpoint.
  • *
Modifies the VPC peering connection options on one side of a VPC peering connection.
  • *
Enables monitoring for a running instance.
  • *
Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform.
  • *
Purchases a Reserved Instance for use with your account.
  • *
Purchases one or more Scheduled Instances with the specified schedule.
  • *
Registers an AMI.
  • *
Releases the specified Elastic IP address.
  • *
When you no longer want to use a Dedicated host it can be released.
  • *
Changes which network ACL a subnet is associated with.
  • *
Replaces an entry (rule) in a network ACL.
  • *
Replaces an existing route within a route table in a VPC.
  • *
Changes the route table associated with a given subnet in a VPC.
  • *
Submits feedback about the status of an instance.
  • *
Creates a Spot fleet request.
  • *
Creates a Spot instance request.
  • *
Resets an attribute of an AMI to its default value.
  • *
Resets an attribute of an instance to its default value.
  • *
Resets a network interface attribute.
  • *
Resets permission settings for the specified snapshot.
  • *
Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform.
  • *
Launches the specified Scheduled Instances.
  • *
Unassigns one or more secondary private IP addresses from a network interface.
  • *
Disables monitoring for a running instance.
  • *