Amazon Elastic Compute Cloud

Amazon Web Services in Action

A comprehensive introduction to computing, storing, and networking in the AWS cloud. You'll find clear, relevant coverage of all the essential AWS services you to know, emphasizing best practices for security, high availability and scalability.

Learn more

Action Description Resources Conditions
Accept a VPC peering connection request.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Accept a VPC peering connection request.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
  • arn:aws:ec2:$region:$account:vpc-peering-connection/$vpc-peering-connection-id
  • ec2:AccepterVpc
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RequesterVpc
  • Global Conditions
Associates an IAM instance profile with a running or stopped instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
[EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Adds one or more ingress rules to a security group.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:dhcp-options/*
  • arn:aws:ec2:$region:$account:dhcp-options/$dhcp-options-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region::image/*
  • arn:aws:ec2:$region::image/$image-id
  • ec2:CreateAction
  • ec2:ImageType
  • ec2:Owner
  • ec2:Public
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:internet-gateway/*
  • arn:aws:ec2:$region:$account:internet-gateway/$igw-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/$nacl-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:network-interface/*
  • arn:aws:ec2:$region:$account:network-interface/$eni-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:Region
  • ec2:Subnet
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:reserved-instance/*
  • arn:aws:ec2:$region:$account:reserved-instance/$reservation-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:InstanceType
  • ec2:ReservedInstancesOfferingType
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Tenancy
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region::snapshot/*
  • arn:aws:ec2:$region::snapshot/$snapshot-id
  • ec2:CreateAction
  • ec2:Owner
  • ec2:ParentVolume
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:SnapshotTime
  • ec2:VolumeSize
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:spot-instance-request/*
  • arn:aws:ec2:$region:$account:spot-instance-request/$spot-instance-request-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:subnet/*
  • arn:aws:ec2:$region:$account:subnet/$subnet-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:CreateAction
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:Tenancy
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:vpn-connection/*
  • arn:aws:ec2:$region:$account:vpn-connection/$vpn-connection-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Adds or overwrites one or more tags for the specified Amazon EC2 resource or resources.
  • arn:aws:ec2:$region:$account:vpn-gateway/*
  • arn:aws:ec2:$region:$account:vpn-gateway/$vpn-gateway-id
  • ec2:CreateAction
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Creates an EBS volume that can be attached to an instance in the same Availability Zone.
  • arn:aws:ec2:region:account:volume/*
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Requests a VPC peering connection between two VPCs.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Requests a VPC peering connection between two VPCs.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
Deletes the specified customer gateway.
  • arn:aws:ec2:$region:$account:customer-gateway/*
  • arn:aws:ec2:$region:$account:customer-gateway/$cgw-id
Deletes the specified set of DHCP options.
  • arn:aws:ec2:$region:$account:dhcp-options/*
  • arn:aws:ec2:$region:$account:dhcp-options/$dhcp-options-id
Deletes the specified Internet gateway.
  • arn:aws:ec2:$region:$account:internet-gateway/*
  • arn:aws:ec2:$region:$account:internet-gateway/igw-id
Deletes the specified network ACL.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/nacl-id
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/$nacl-id
Deletes the specified route from the specified route table.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
Deletes the specified route table.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
Deletes a security group.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:dhcp-options/*
  • arn:aws:ec2:$region:$account:dhcp-options/$dhcp-options-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region::image/*
  • arn:aws:ec2:$region::image/$image-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:internet-gateway/*
  • arn:aws:ec2:$region:$account:internet-gateway/$igw-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:network-acl/*
  • arn:aws:ec2:$region:$account:network-acl/$nacl-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:network-interface/*
  • arn:aws:ec2:$region:$account:network-interface$eni-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:reserved-instance/*
  • arn:aws:ec2:$region:$account:reserved-instance/$reservation-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:route-table/*
  • arn:aws:ec2:$region:$account:route-table/$route-table-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region::snapshot/*
  • arn:aws:ec2:$region::snapshot/$snapshot-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:spot-instance-request/*
  • arn:aws:ec2:$region:$account:spot-instance-request/$spot-instance-request-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:subnet/*
  • arn:aws:ec2:$region:$account:subnet/$subnet-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2:$region:$account:vpn-connection/*
  • arn:aws:ec2:$region:$account:vpn-connection/$vpn-connection-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified set of tags from the specified set of resources.
  • arn:aws:ec2$region:$account:vpn-gateway/*
  • arn:aws:ec2$region:$account:vpn-gateway/$vpn-gateway-id
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • aws:RequestTag/$tag-key
  • aws:TagKeys
  • Global Conditions
Deletes the specified EBS volume.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
Deletes a VPC peering connection.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
  • arn:aws:ec2:$region:$account:vpc-peering-connection/$vpc-peering-connection-id
  • ec2:AccepterVpc
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RequesterVpc
  • Global Conditions
Unlinks (detaches) a linked EC2-Classic instance from a VPC.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Unlinks (detaches) a linked EC2-Classic instance from a VPC.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Detaches an EBS volume from an instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Detaches an EBS volume from an instance.
  • arn:aws:ec2:$region:$account:volume/*
  • arn:aws:ec2:$region:$account:volume/$volume-id
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
Disables ClassicLink for a VPC.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Disassociates an IAM instance profile from a running or stopped instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Enables a VPC for ClassicLink.
  • arn:aws:ec2:$region:$account:vpc/*
  • arn:aws:ec2:$region:$account:vpc/$vpc-id
Retrieve a JPG-format screenshot of a running instance to help with troubleshooting.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Requests a reboot of one or more instances.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Rejects a VPC peering connection request.
  • arn:aws:ec2:$region:$account:vpc-peering-connection/*
  • arn:aws:ec2:$region:$account:vpc-peering-connection/$vpc-peering-connection-id
  • ec2:AccepterVpc
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RequesterVpc
  • Global Conditions
Replaces an IAM instance profile for the specified running instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
[EC2-VPC only] Removes one or more egress rules from a security group for EC2-VPC.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Removes one or more ingress rules from a security group.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region::image/*
  • arn:aws:ec2:$region::image/$image-id
  • ec2:ImageType
  • ec2:Owner
  • ec2:Public
  • ec2:Region
  • ec2:RootDeviceType
  • ec2:ResourceTag/$tag-key
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:instance/*
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:key-pair/*
  • arn:aws:ec2:$region:$account:key-pair/$key-pair-name
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:network-interface/*
  • arn:aws:ec2:$region:$account:network-interface/$eni-id
  • ec2:AvailabilityZone
  • ec2:Region
  • ec2:Subnet
  • ec2:ResourceTag/$tag-key
  • ec2:Vpc
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:placement-group/*
  • arn:aws:ec2:$region:$account:placement-group/$placement-group-name
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:security-group/*
  • arn:aws:ec2:$region:$account:security-group/$security-group-id
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region::snapshot/*
  • arn:aws:ec2:$region::snapshot/$snapshot-id
  • ec2:Owner
  • ec2:ParentVolume
  • ec2:Region
  • ec2:SnapshotTime
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeSize
  • Global Conditions
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:subnet/*
  • arn:aws:ec2:$region:$account:subnet/$subnet-id
Launches the specified number of instances using an AMI for which you have permissions.
  • arn:aws:ec2:$region:$account:volume/*
  • ec2:AvailabilityZone
  • ec2:Encrypted
  • ec2:ParentSnapshot
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:VolumeIops
  • ec2:VolumeSize
  • ec2:VolumeType
  • Global Conditions
Starts an Amazon EBS-backed AMI that you've previously stopped.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Stops an Amazon EBS-backed instance.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Shuts down one or more instances.
  • arn:aws:ec2:$region:$account:instance/*
  • arn:aws:ec2:$region:$account:instance/$instance-id
  • ec2:AvailabilityZone
  • ec2:EbsOptimized
  • ec2:InstanceProfile
  • ec2:InstanceType
  • ec2:PlacementGroup
  • ec2:Region
  • ec2:ResourceTag/$tag-key
  • ec2:RootDeviceType
  • ec2:Tenancy
  • Global Conditions
Acquires an Elastic IP address.
  • *
Allocates a Dedicated host to your account.
  • *
Assigns one or more secondary private IP addresses to the specified network interface.
  • *
Associates an Elastic IP address with an instance or a network interface.
  • *
Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
  • *
Associates a subnet with a route table.
  • *
Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC.
  • *
Attaches a network interface to an instance.
  • *
Attaches a virtual private gateway to a VPC.
  • *
Bundles an Amazon instance store-backed Windows instance.
  • *
Cancels a bundling operation for an instance store-backed Windows instance.
  • *
Cancels an active conversion task.
  • *
Cancels an active export task.
  • *
Cancels an in-process import virtual machine or import snapshot task.
  • *
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
  • *
Cancels the specified Spot fleet requests.
  • *
Cancels one or more Spot instance requests.
  • *
Determines whether a product code is associated with an instance.
  • *
Initiates the copy of an AMI from the specified source region to the current region.
  • *
Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3.
  • *
Provides information to AWS about your VPN customer gateway device.
  • *
Creates a set of DHCP options for your VPC.
  • *
Creates one or more flow logs to capture IP traffic for a specific network interface, subnet, or VPC.
  • *
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.
  • *
Exports a running or stopped instance to an S3 bucket.
  • *
Creates an Internet gateway for use with a VPC.
  • *
Creates a 2048-bit RSA key pair with the specified name.
  • *
Creates a NAT gateway in the specified subnet.
  • *
Creates a network ACL in a VPC.
  • *
Creates an entry (a rule) in a network ACL with the specified rule number.
  • *
Creates a network interface in the specified subnet..
  • *
Creates a placement group that you launch cluster instances into.
  • *
Creates a listing for Amazon EC2 Reserved Instances to be sold in the Reserved Instance Marketplace.
  • *
Creates a route in a route table within a VPC.
  • *
Creates a route table for the specified VPC.
  • *
Creates a security group.
  • *
Creates a snapshot of an EBS volume and stores it in Amazon S3.
  • *
Creates a data feed for Spot instances, enabling you to view Spot instance usage logs.
  • *
CreateSubnet
  • *
Creates a VPC with the specified CIDR block.
  • *
Creates a VPC endpoint for a specified AWS service.
  • *
Creates a VPN connection between an existing virtual private gateway and a VPN customer gateway
  • *
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
  • *
Creates a virtual private gateway.
  • *
Deletes one or more flow logs.
  • *
Deletes the specified key pair, by removing the public key from Amazon EC2.
  • *
Deletes the specified NAT gateway.
  • *
Deletes the specified network interface.
  • *
Deletes the specified placement group.
  • *
Deletes the specified snapshot.
  • *
Deletes the data feed for Spot instances.
  • *
Deletes the specified subnet.
  • *
Deletes the specified VPC.
  • *
Deletes one or more specified VPC endpoints.
  • *
Deletes the specified VPN connection.
  • *
Deletes the specified static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway.
  • *
Deletes the specified virtual private gateway.
  • *
Deregisters the specified AMI.
  • *
Describes attributes of your AWS account.
  • *
Describes one or more of your Elastic IP addresses.
  • *
Describes one or more of the Availability Zones that are available to you.
  • *
Describes one or more of your bundling tasks.
  • *
Describes one or more of your linked EC2-Classic instances.
  • *
Describes one or more of your linked EC2-Classic instances..
  • *
Describes one or more of your VPN customer gateways.
  • *
Describes one or more of your VPN customer gateways.
  • *
Describes one or more of your export tasks.
  • *
Describes one or more of your Dedicated hosts.
  • *
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user.
  • *
Describes the ID format settings for your resources on a per-region basis, for example, to view which resource types are enabled for longer IDs.
  • *
Describes the specified attribute of the specified AMI.
  • *
Describes one or more of the images (AMIs, AKIs, and ARIs) available to you.
  • *
Displays details about an import virtual machine or import snapshot tasks that are already created.
  • *
Describes your import snapshot tasks.
  • *
Describes the specified attribute of the specified instance.
  • *
Describes one or more of your instances.
  • *
Describes the status of one or more instances.
  • *
Describes one or more of your Internet gateways.
  • *
Describes one or more flow logs.
  • *
Describes one or more of your key pairs.
  • *
Describes your Elastic IP addresses that are being moved to the EC2-VPC platform, or that are being restored to the EC2-Classic platform.
  • *
Describes one or more of the your NAT gateways.
  • *
Describes one or more of your network ACLs.
  • *
Describes a network interface attribute.
  • *
Describes one or more of your network interfaces.
  • *
Describes one or more of your placement groups.
  • *
Describes available AWS services in a prefix list format, which includes the prefix list name and prefix list ID of the service and the IP address range for the service.
  • *
Describes one or more regions that are currently available to you.
  • *
Describes one or more of the Reserved Instances that you purchased.
  • *
Describes your account's Reserved Instance listings in the Reserved Instance Marketplace.
  • *
Describes the modifications made to your Reserved Instances.
  • *
Describes Reserved Instance offerings that are available for purchase.
  • *
Describes one or more of your route tables.
  • *
Finds available schedules that meet the specified criteria.
  • *
Describes one or more of your Scheduled Instances.
  • *
[EC2-VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.
  • *
Describes one or more of your security groups.
  • *
[EC2-VPC only] Describes the stale security group rules for security groups in a specified VPC.
  • *
Describes the specified attribute of the specified snapshot.
  • *
Describes one or more of the EBS snapshots available to you.
  • *
Describes the data feed for Spot instances.
  • *
Describes the running instances for the specified Spot fleet.
  • *
Describes the events for the specified Spot fleet request during the specified time.
  • *
Describes your Spot fleet requests.
  • *
Describes the Spot instance requests that belong to your account.
  • *
Describes the Spot price history.
  • *
Describes one or more of your subnets.
  • *
Describes one or more of the tags for your EC2 resources.
  • *
Describes the specified attribute of the specified volume.
  • *
Describes the specified EBS volumes.
  • *
Describes the status of the specified volumes.
  • *
Describes the specified attribute of the specified VPC.
  • *
Describes the ClassicLink status of one or more VPCs.
  • *
Describes the ClassicLink DNS support status of one or more VPCs.
  • *
Describes one or more of your VPC endpoints.
  • *
Describes all supported AWS services that can be specified when creating a VPC endpoint.
  • *
Describes one or more of your VPC peering connections.
  • *
Describes one or more of your VPCs.
  • *
Describes one or more of your VPN connections.
  • *
Describes one or more of your virtual private gateways.
  • *
Detaches an Internet gateway from a VPC, disabling connectivity between the Internet and the VPC.
  • *
Detaches a network interface from an instance.
  • *
Detaches a virtual private gateway from a VPC.
  • *
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
  • *
Disables ClassicLink DNS support for a VPC.
  • *
Disassociates an Elastic IP address from the instance or network interface it's associated with.
  • *
Disassociates a subnet from a route table.
  • *
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
  • *
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was potentially inconsistent.
  • *
Enables a VPC to support DNS hostname resolution for ClassicLink.
  • *
Gets the console output for the specified instance.
  • *
Retrieves the encrypted administrator password for an instance running Windows.
  • *
Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).
  • *
Creates an import instance task using metadata from the specified disk image.
  • *
Imports the public key from an RSA key pair that you created with a third-party tool.
  • *
Imports a disk into an EBS snapshot.
  • *
Creates an import volume task using metadata from the specified disk image.
  • *
Modify the auto-placement setting of a Dedicated host.
  • *
Modifies the ID format of a resource for the specified IAM user, IAM role, or root user.
  • *
Modifies the ID format for the specified resource on a per-region basis.
  • *
Modifies the specified attribute of the specified AMI.
  • *
Modifies the specified attribute of the specified instance.
  • *
Set the instance affinity value for a specific stopped instance and modify the instance tenancy setting.
  • *
Modifies the specified network interface attribute.
  • *
Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances.
  • *
Adds or removes permission settings for the specified snapshot.
  • *
Modifies the specified Spot fleet request.
  • *
Modifies a subnet attribute.
  • *
Modifies a volume attribute.
  • *
Modifies the specified attribute of the specified VPC.
  • *
Modifies attributes of a specified VPC endpoint.
  • *
Modifies the VPC peering connection options on one side of a VPC peering connection.
  • *
Enables monitoring for a running instance.
  • *
Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform.
  • *
Purchases a Reserved Instance for use with your account.
  • *
Purchases one or more Scheduled Instances with the specified schedule.
  • *
Registers an AMI.
  • *
Releases the specified Elastic IP address.
  • *
When you no longer want to use a Dedicated host it can be released.
  • *
Changes which network ACL a subnet is associated with.
  • *
Replaces an entry (rule) in a network ACL.
  • *
Replaces an existing route within a route table in a VPC.
  • *
Changes the route table associated with a given subnet in a VPC.
  • *
Submits feedback about the status of an instance.
  • *
Creates a Spot fleet request.
  • *
Creates a Spot instance request.
  • *
Resets an attribute of an AMI to its default value.
  • *
Resets an attribute of an instance to its default value.
  • *
Resets a network interface attribute.
  • *
Resets permission settings for the specified snapshot.
  • *
Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform.
  • *
Launches the specified Scheduled Instances.
  • *
Unassigns one or more secondary private IP addresses from a network interface.
  • *
Disables monitoring for a running instance.
  • *