From fe647e0a2d41305ef8a85ce9dcfb623db9035375 Mon Sep 17 00:00:00 2001 From: Jason Del Ponte Date: Tue, 15 Dec 2015 15:25:36 -0800 Subject: [PATCH] service/ec2: Add support for encrypted EBS volumes Amazon Elastic Compute Cloud Now launch EC2 instances with EBS encrypted boot volumes --- models/apis/ec2/2015-10-01/api-2.json | 23 +++- models/apis/ec2/2015-10-01/docs-2.json | 70 +++++------ service/ec2/api.go | 161 +++++++++++++++---------- service/ec2/examples_test.go | 6 +- 4 files changed, 151 insertions(+), 109 deletions(-) diff --git a/models/apis/ec2/2015-10-01/api-2.json b/models/apis/ec2/2015-10-01/api-2.json index b1c2f35f97c..fb01f3157e7 100644 --- a/models/apis/ec2/2015-10-01/api-2.json +++ b/models/apis/ec2/2015-10-01/api-2.json @@ -2880,7 +2880,15 @@ "SourceImageId":{"shape":"String"}, "Name":{"shape":"String"}, "Description":{"shape":"String"}, - "ClientToken":{"shape":"String"} + "ClientToken":{"shape":"String"}, + "Encrypted":{ + "shape":"Boolean", + "locationName":"encrypted" + }, + "KmsKeyId":{ + "shape":"String", + "locationName":"kmsKeyId" + } } }, "CopyImageResult":{ @@ -5515,7 +5523,10 @@ }, "DescribeVpcAttributeRequest":{ "type":"structure", - "required":["VpcId"], + "required":[ + "VpcId", + "Attribute" + ], "members":{ "DryRun":{ "shape":"Boolean", @@ -11733,13 +11744,13 @@ "type":"structure", "required":["Error"], "members":{ - "Error":{ - "shape":"UnsuccessfulItemError", - "locationName":"error" - }, "ResourceId":{ "shape":"String", "locationName":"resourceId" + }, + "Error":{ + "shape":"UnsuccessfulItemError", + "locationName":"error" } } }, diff --git a/models/apis/ec2/2015-10-01/docs-2.json b/models/apis/ec2/2015-10-01/docs-2.json index 44de8f567c6..55613824ce7 100644 --- a/models/apis/ec2/2015-10-01/docs-2.json +++ b/models/apis/ec2/2015-10-01/docs-2.json @@ -14,7 +14,7 @@ "AttachNetworkInterface": "

Attaches a network interface to an instance.

", "AttachVolume": "

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.

For a list of supported device names, see Attaching an EBS Volume to an Instance. Any device names that aren't reserved for instance store volumes can be used for EBS volumes. For more information, see Amazon EC2 Instance Store in the Amazon Elastic Compute Cloud User Guide.

If a volume has an AWS Marketplace product code:

For an overview of the AWS Marketplace, see Introducing AWS Marketplace.

For more information about EBS volumes, see Attaching Amazon EBS Volumes in the Amazon Elastic Compute Cloud User Guide.

", "AttachVpnGateway": "

Attaches a virtual private gateway to a VPC. For more information, see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

", - "AuthorizeSecurityGroupEgress": "

Adds one or more egress rules to a security group for use with a VPC. Specifically, this action permits instances to send traffic to one or more destination CIDR IP address ranges, or to one or more destination security groups for the same VPC.

You can have up to 50 rules per security group (covering both ingress and egress rules).

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. This action doesn't apply to security groups for use in EC2-Classic. For more information, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.

Each rule consists of the protocol (for example, TCP), plus either a CIDR range or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

", + "AuthorizeSecurityGroupEgress": "

[EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC. Specifically, this action permits instances to send traffic to one or more destination CIDR IP address ranges, or to one or more destination security groups for the same VPC. This action doesn't apply to security groups for use in EC2-Classic. For more information, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.

You can have up to 50 rules per security group (covering both ingress and egress rules).

Each rule consists of the protocol (for example, TCP), plus either a CIDR range or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

", "AuthorizeSecurityGroupIngress": "

Adds one or more ingress rules to a security group.

EC2-Classic: You can have up to 100 rules per group.

EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules).

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

[EC2-Classic] This action gives one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the source groups) permission to access a security group for your account. A source group can be for your own AWS account, or another.

[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or gives one or more other security groups (called the source groups) permission to access a security group for your VPC. The security groups must all be for the same VPC.

", "BundleInstance": "

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

For more information, see Creating an Instance Store-Backed Windows AMI.

", "CancelBundleTask": "

Cancels a bundling operation for an instance store-backed Windows instance.

", @@ -38,7 +38,7 @@ "CreateNetworkAclEntry": "

Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.

We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.

After you add an entry, you can't modify it; you must either replace it, or create an entry and delete the old one.

For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

", "CreateNetworkInterface": "

Creates a network interface in the specified subnet.

For more information about network interfaces, see Elastic Network Interfaces in the Amazon Elastic Compute Cloud User Guide.

", "CreatePlacementGroup": "

Creates a placement group that you launch cluster instances into. You must give the group a name that's unique within the scope of your account.

For more information about placement groups and cluster instances, see Cluster Instances in the Amazon Elastic Compute Cloud User Guide.

", - "CreateReservedInstancesListing": "

Creates a listing for Amazon EC2 Reserved instances to be sold in the Reserved Instance Marketplace. You can submit one Reserved instance listing at a time. To get a list of your Reserved instances, you can use the DescribeReservedInstances operation.

The Reserved Instance Marketplace matches sellers who want to resell Reserved instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved instances bought and sold through the Reserved Instance Marketplace work like any other Reserved instances.

To sell your Reserved instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Reserved Instances, and specify the upfront price to receive for them. Your Reserved instance listings then become available for purchase. To view the details of your Reserved instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide.

", + "CreateReservedInstancesListing": "

Creates a listing for Amazon EC2 Reserved instances to be sold in the Reserved Instance Marketplace. You can submit one Reserved instance listing at a time. To get a list of your Reserved instances, you can use the DescribeReservedInstances operation.

The Reserved Instance Marketplace matches sellers who want to resell Reserved instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved instances bought and sold through the Reserved Instance Marketplace work like any other Reserved instances.

To sell your Reserved instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Reserved instances, and specify the upfront price to receive for them. Your Reserved instance listings then become available for purchase. To view the details of your Reserved instance listing, you can use the DescribeReservedInstancesListings operation.

For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide.

", "CreateRoute": "

Creates a route in a route table within a VPC.

You must specify one of the following targets: Internet gateway or virtual private gateway, NAT instance, VPC peering connection, or network interface.

When determining how to route traffic, we use the route with the most specific match. For example, let's say the traffic is destined for 192.0.2.3, and the route table includes the following two routes:

Both routes apply to the traffic destined for 192.0.2.3. However, the second route in the list covers a smaller number of IP addresses and is therefore more specific, so we use that route to determine where to target the traffic.

For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.

", "CreateRouteTable": "

Creates a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.

For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.

", "CreateSecurityGroup": "

Creates a security group.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.

EC2-Classic: You can have up to 500 security groups.

EC2-VPC: You can create up to 100 security groups per VPC.

When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can't have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name.

You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don't specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other.

You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress.

", @@ -87,7 +87,7 @@ "DescribeDhcpOptions": "

Describes one or more of your DHCP options sets.

For more information about DHCP options sets, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide.

", "DescribeExportTasks": "

Describes one or more of your export tasks.

", "DescribeFlowLogs": "

Describes one or more flow logs. To view the information in your flow logs (the log streams for the network interfaces), you must use the CloudWatch Logs console or the CloudWatch Logs API.

", - "DescribeHosts": "

Describes one or more of your Dedicated hosts.

The results describe only the Dedicated hosts in the region you're currently using. All listed instances consume capacity on your Dedicated host. Dedicated hosts that have recently been released will be listed with the status \"released\".

", + "DescribeHosts": "

Describes one or more of your Dedicated hosts.

The results describe only the Dedicated hosts in the region you're currently using. All listed instances consume capacity on your Dedicated host. Dedicated hosts that have recently been released will be listed with the state released.

", "DescribeIdFormat": "

Important: This command is reserved for future use, and is currently not available for you to use.

Describes the ID format settings for your resources, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.

The following resource types support longer IDs: instance | reservation.

These settings apply to the IAM user who makes the request; they do not apply to the entire AWS account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. These settings are applied on a per-region basis.

", "DescribeImageAttribute": "

Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.

", "DescribeImages": "

Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. Images available to you include public images, private images that you own, and private images owned by other AWS accounts but for which you have explicit launch permissions.

Deregistered images are included in the returned results for an unspecified interval after deregistration.

", @@ -107,8 +107,8 @@ "DescribeRegions": "

Describes one or more regions that are currently available to you.

For a list of the regions supported by Amazon EC2, see Regions and Endpoints.

", "DescribeReservedInstances": "

Describes one or more of the Reserved instances that you purchased.

For more information about Reserved instances, see Reserved Instances in the Amazon Elastic Compute Cloud User Guide.

", "DescribeReservedInstancesListings": "

Describes your account's Reserved instance listings in the Reserved Instance Marketplace.

The Reserved Instance Marketplace matches sellers who want to resell Reserved instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.

As a seller, you choose to list some or all of your Reserved instances, and you specify the upfront price to receive for them. Your Reserved instances are then listed in the Reserved Instance Marketplace and are available for purchase.

As a buyer, you specify the configuration of the Reserved instance to purchase, and the Marketplace matches what you're searching for with what's available. The Marketplace first sells the lowest priced Reserved instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.

For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide.

", - "DescribeReservedInstancesModifications": "

Describes the modifications made to your Reserved instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide.

", - "DescribeReservedInstancesOfferings": "

Describes Reserved instance offerings that are available for purchase. With Reserved instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide.

", + "DescribeReservedInstancesModifications": "

Describes the modifications made to your Reserved instances. If no parameter is specified, information about all your Reserved instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.

For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide.

", + "DescribeReservedInstancesOfferings": "

Describes Reserved instance offerings that are available for purchase. With Reserved instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.

If you have listed your own Reserved instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved instances.

For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide.

", "DescribeRouteTables": "

Describes one or more of your route tables.

Each subnet in your VPC must be associated with a route table. If a subnet is not explicitly associated with any route table, it is implicitly associated with the main route table. This command does not return the subnet ID for implicit associations.

For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.

", "DescribeSecurityGroups": "

Describes one or more of your security groups.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.

", "DescribeSnapshotAttribute": "

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS Snapshots in the Amazon Elastic Compute Cloud User Guide.

", @@ -157,7 +157,7 @@ "ModifyInstanceAttribute": "

Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.

To modify some attributes, the instance must be stopped. For more information, see Modifying Attributes of a Stopped Instance in the Amazon Elastic Compute Cloud User Guide.

", "ModifyInstancePlacement": "

Set the instance affinity value for a specific stopped instance and modify the instance tenancy setting.

Instance affinity is disabled by default. When instance affinity is host and it is not associated with a specific Dedicated host, the next time it is launched it will automatically be associated with the host it lands on. This relationship will persist if the instance is stopped/started, or rebooted.

You can modify the host ID associated with a stopped instance. If a stopped instance has a new host ID association, the instance will target that host when restarted.

You can modify the tenancy of a stopped instance with a tenancy of host or dedicated.

Affinity, hostID, and tenancy are not required parameters, but at least one of them must be specified in the request. Affinity and tenancy can be modified in the same request, but tenancy can only be modified on instances that are stopped.

", "ModifyNetworkInterfaceAttribute": "

Modifies the specified network interface attribute. You can specify only one attribute at a time.

", - "ModifyReservedInstances": "

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide.

", + "ModifyReservedInstances": "

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved instances. The Reserved instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User Guide.

", "ModifySnapshotAttribute": "

Adds or removes permission settings for the specified snapshot. You may add or remove specified AWS account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single API call. If you need to both add and remove account IDs for a snapshot, you must use multiple API calls.

For more information on modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic Compute Cloud User Guide.

Snapshots with AWS Marketplace product codes cannot be made public.

", "ModifySpotFleetRequest": "

Modifies the specified Spot fleet request.

While the Spot fleet request is being modified, it is in the modifying state.

To scale up your Spot fleet, increase its target capacity. The Spot fleet launches the additional Spot instances according to the allocation strategy for the Spot fleet request. If the allocation strategy is lowestPrice, the Spot fleet launches instances using the Spot pool with the lowest price. If the allocation strategy is diversified, the Spot fleet distributes the instances across the Spot pools.

To scale down your Spot fleet, decrease its target capacity. First, the Spot fleet cancels any open bids that exceed the new target capacity. You can request that the Spot fleet terminate Spot instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot fleet terminates the instances with the highest price per unit. If the allocation strategy is diversified, the Spot fleet terminates instances across the Spot pools. Alternatively, you can request that the Spot fleet keep the fleet at its current size, but not replace any Spot instances that are interrupted or that you terminate manually.

", "ModifySubnetAttribute": "

Modifies a subnet attribute.

", @@ -171,7 +171,7 @@ "RegisterImage": "

Registers an AMI. When you're creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Creating Your Own AMIs in the Amazon Elastic Compute Cloud User Guide.

For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don't have to register the AMI yourself.

You can also use RegisterImage to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. For more information, see Launching an Instance from a Snapshot in the Amazon Elastic Compute Cloud User Guide.

Some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the EC2 billingProduct code associated with an AMI to verify subscription status for package updates. Creating an AMI from an EBS snapshot does not maintain this billing code, and subsequent instances launched from such an AMI will not be able to connect to package update infrastructure.

Similarly, although you can create a Windows AMI from a snapshot, you can't successfully launch an instance from the AMI.

To create Windows AMIs or to create AMIs for Linux operating systems that must retain AMI billing codes to work properly, see CreateImage.

If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.

You can't register an image where a secondary (non-root) snapshot has AWS Marketplace product codes.

", "RejectVpcPeeringConnection": "

Rejects a VPC peering connection request. The VPC peering connection must be in the pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstanding VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC peering connection request that you initiated, use DeleteVpcPeeringConnection.

", "ReleaseAddress": "

Releases the specified Elastic IP address.

After releasing an Elastic IP address, it is released to the IP address pool and might be unavailable to you. Be sure to update your DNS records and any servers or devices that communicate with the address. If you attempt to release an Elastic IP address that you already released, you'll get an AuthFailure error if the address is already allocated to another AWS account.

[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it's associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress.

[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you try to release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse).

", - "ReleaseHosts": "

When you no longer want to use a Dedicated host it can be released. On-Demand billing is stopped and the host goes into \"released\" state. The host ID of Dedicated hosts that have been released can no longer be specified in another request, e.g., ModifyHosts. You must stop or terminate all instances on a host before it can be released.

When Dedicated hosts are released, it make take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated hosts. Try waiting a few minutes, and then try again.

Released hosts will still appear in a DescribeHosts response.

", + "ReleaseHosts": "

When you no longer want to use a Dedicated host it can be released. On-Demand billing is stopped and the host goes into released state. The host ID of Dedicated hosts that have been released can no longer be specified in another request, e.g., ModifyHosts. You must stop or terminate all instances on a host before it can be released.

When Dedicated hosts are released, it make take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated hosts. Try waiting a few minutes, and then try again.

Released hosts will still appear in a DescribeHosts response.

", "ReplaceNetworkAclAssociation": "

Changes which network ACL a subnet is associated with. By default when you create a subnet, it's automatically associated with the default network ACL. For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

", "ReplaceNetworkAclEntry": "

Replaces an entry (rule) in a network ACL. For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

", "ReplaceRoute": "

Replaces an existing route within a route table in a VPC. You must provide only one of the following: Internet gateway or virtual private gateway, NAT instance, VPC peering connection, or network interface.

For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.

", @@ -184,7 +184,7 @@ "ResetNetworkInterfaceAttribute": "

Resets a network interface attribute. You can specify only one attribute at a time.

", "ResetSnapshotAttribute": "

Resets permission settings for the specified snapshot.

For more information on modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic Compute Cloud User Guide.

", "RestoreAddressToClassic": "

Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface.

", - "RevokeSecurityGroupEgress": "

Removes one or more egress rules from a security group for EC2-VPC. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be revoked.

Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", + "RevokeSecurityGroupEgress": "

[EC2-VPC only] Removes one or more egress rules from a security group for EC2-VPC. This action doesn't apply to security groups for use in EC2-Classic. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be revoked.

Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", "RevokeSecurityGroupIngress": "

Removes one or more ingress rules from a security group. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be removed.

Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", "RunInstances": "

Launches the specified number of instances using an AMI for which you have permissions.

When you launch an instance, it enters the pending state. After the instance is ready for you, it enters the running state. To check the state of your instance, call DescribeInstances.

If you don't specify a security group when launching an instance, Amazon EC2 uses the default security group. For more information, see Security Groups in the Amazon Elastic Compute Cloud User Guide.

[EC2-VPC only accounts] If you don't specify a subnet in the request, we choose a default subnet from your default VPC for you.

[EC2-Classic accounts] If you're launching into EC2-Classic and you don't specify an Availability Zone, we choose one for you.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key Pairs in the Amazon Elastic Compute Cloud User Guide.

You can provide optional user data when launching an instance. For more information, see Instance Metadata in the Amazon Elastic Compute Cloud User Guide.

If any of the AMIs have a product code attached for which the user has not subscribed, RunInstances fails.

T2 instance types can only be launched into a VPC. If you do not have a default VPC, or if you do not specify a subnet ID in the request, RunInstances fails.

For more information about troubleshooting, see What To Do If An Instance Immediately Terminates, and Troubleshooting Connecting to Your Instance in the Amazon Elastic Compute Cloud User Guide.

", "StartInstances": "

Starts an Amazon EBS-backed AMI that you've previously stopped.

Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for hourly instance usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Each time you transition an instance from stopped to started, Amazon EC2 charges a full instance hour, even if transitions happen multiple times within a single hour.

Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.

Performing this operation on an instance that uses an instance store as its root device returns an error.

For more information, see Stopping Instances in the Amazon Elastic Compute Cloud User Guide.

", @@ -299,7 +299,7 @@ "AllocationState": { "base": null, "refs": { - "Host$State": "

The Dedicated host's state. Can be \"available\", \"under assessment, or \"released\".

" + "Host$State": "

The Dedicated host's state.

" } }, "AllocationStrategy": { @@ -491,7 +491,7 @@ } }, "AvailableCapacity": { - "base": null, + "base": "

The capacity information for instances launched onto the Dedicated host.

", "refs": { "Host$AvailableCapacity": "

The number of new instances that can be launched onto the Dedicated host.

" } @@ -578,6 +578,7 @@ "ConfirmProductInstanceRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ConfirmProductInstanceResult$Return": "

The return value of the request. Returns true if the specified product code is owned by the requester and associated with the specified instance.

", "CopyImageRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "CopyImageRequest$Encrypted": "

Specifies whether the destination snapshots of the copied image should be encrypted. The default CMK for EBS is used unless a non-default AWS Key Management Service (AWS KMS) CMK is specified with KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.

", "CopySnapshotRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "CopySnapshotRequest$Encrypted": "

Specifies whether the destination snapshot should be encrypted. There is no way to create an unencrypted snapshot copy from an encrypted snapshot; however, you can encrypt a copy of an unencrypted snapshot with this flag. The default CMK for EBS is used unless a non-default AWS Key Management Service (AWS KMS) CMK is specified with KmsKeyId. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.

", "CreateCustomerGatewayRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -721,7 +722,7 @@ "ModifyIdFormatRequest$UseLongIds": "

Indicate whether the resource should use longer IDs (17-character IDs).

", "ModifyImageAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", - "ModifyInstancePlacementResult$Return": "

Is true if the request succeeds, and an error otherwise.

", + "ModifyInstancePlacementResult$Return": "

Is true if the request succeeds, and an error otherwise.

", "ModifyNetworkInterfaceAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifySnapshotAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifySpotFleetRequestResponse$Return": "

Is true if the request succeeds, and an error otherwise.

", @@ -738,7 +739,7 @@ "NetworkInterfaceAttachment$DeleteOnTermination": "

Indicates whether the network interface is deleted when the instance is terminated.

", "NetworkInterfaceAttachmentChanges$DeleteOnTermination": "

Indicates whether the network interface is deleted when the instance is terminated.

", "NetworkInterfacePrivateIpAddress$Primary": "

Indicates whether this IP address is the primary private IP address of the network interface.

", - "PriceSchedule$Active": "

The current price schedule, as determined by the term remaining for the Reserved Instance in the listing.

A specific price schedule is always in effect, but only one price schedule can be active at any time. Take, for example, a Reserved Instance listing that has five months remaining in its term. When you specify price schedules for five months and two months, this means that schedule 1, covering the first three months of the remaining term, will be active during months 5, 4, and 3. Then schedule 2, covering the last two months of the term, will be active for months 2 and 1.

", + "PriceSchedule$Active": "

The current price schedule, as determined by the term remaining for the Reserved instance in the listing.

A specific price schedule is always in effect, but only one price schedule can be active at any time. Take, for example, a Reserved instance listing that has five months remaining in its term. When you specify price schedules for five months and two months, this means that schedule 1, covering the first three months of the remaining term, will be active during months 5, 4, and 3. Then schedule 2, covering the last two months of the term, will be active for months 2 and 1.

", "PrivateIpAddressSpecification$Primary": "

Indicates whether the private IP address is the primary private IP address. Only one IP address can be designated as primary.

", "PurchaseReservedInstancesOfferingRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RebootInstancesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -2332,7 +2333,7 @@ "DescribeImportImageTasksRequest$Filters": "

One or more filters.

", "DescribeImportSnapshotTasksRequest$Filters": "

One or more filters.

", "DescribeInstanceStatusRequest$Filters": "

One or more filters.

", - "DescribeInstancesRequest$Filters": "

One or more filters.

", + "DescribeInstancesRequest$Filters": "

One or more filters.

", "DescribeInternetGatewaysRequest$Filters": "

One or more filters.

", "DescribeKeyPairsRequest$Filters": "

One or more filters.

", "DescribeMovingAddressesRequest$Filters": "

One or more filters.

", @@ -2343,8 +2344,8 @@ "DescribeRegionsRequest$Filters": "

One or more filters.

", "DescribeReservedInstancesListingsRequest$Filters": "

One or more filters.

", "DescribeReservedInstancesModificationsRequest$Filters": "

One or more filters.

", - "DescribeReservedInstancesOfferingsRequest$Filters": "

One or more filters.

", - "DescribeReservedInstancesRequest$Filters": "

One or more filters.

", + "DescribeReservedInstancesOfferingsRequest$Filters": "

One or more filters.

", + "DescribeReservedInstancesRequest$Filters": "

One or more filters.

", "DescribeRouteTablesRequest$Filters": "

One or more filters.

", "DescribeSecurityGroupsRequest$Filters": "

One or more filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

", "DescribeSnapshotsRequest$Filters": "

One or more filters.

", @@ -2466,7 +2467,7 @@ } }, "Host": { - "base": null, + "base": "

Describes the properties of the Dedicated host.

", "refs": { "HostList$member": null } @@ -2752,7 +2753,7 @@ } }, "InstanceCapacity": { - "base": null, + "base": "

Information about the instance type that the Dedicated host supports.

", "refs": { "AvailableInstanceCapacityList$member": null } @@ -2942,7 +2943,7 @@ "InstanceType": { "base": null, "refs": { - "DescribeReservedInstancesOfferingsRequest$InstanceType": "

The instance type on which the Reserved instance can be used. For more information, see Instance Types in the Amazon Elastic Compute Cloud User Guide.

", + "DescribeReservedInstancesOfferingsRequest$InstanceType": "

The instance type that the reservation will cover (for example, m1.small). For more information, see Instance Types in the Amazon Elastic Compute Cloud User Guide.

", "ImportInstanceLaunchSpecification$InstanceType": "

The instance type. For more information about the instance types that you can import, see Before You Get Started in the Amazon Elastic Compute Cloud User Guide.

", "Instance$InstanceType": "

The instance type.

", "InstanceTypeList$member": null, @@ -2968,8 +2969,8 @@ "AllocateHostsRequest$Quantity": "

The number of Dedicated hosts you want to allocate to your account with these parameters.

", "AssignPrivateIpAddressesRequest$SecondaryPrivateIpAddressCount": "

The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses.

", "AttachNetworkInterfaceRequest$DeviceIndex": "

The index of the device for the network interface attachment.

", - "AuthorizeSecurityGroupEgressRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.

", - "AuthorizeSecurityGroupEgressRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.

", + "AuthorizeSecurityGroupEgressRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

", + "AuthorizeSecurityGroupEgressRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

", "AuthorizeSecurityGroupIngressRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.

", "AuthorizeSecurityGroupIngressRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.

", "AvailableCapacity$AvailableVCpus": "

The number of vCPUs available on the Dedicated host.

", @@ -3023,15 +3024,15 @@ "NetworkInterfaceAttachment$DeviceIndex": "

The device index of the network interface attachment on the instance.

", "PortRange$From": "

The first port in the range.

", "PortRange$To": "

The last port in the range.

", - "PricingDetail$Count": "

The number of instances available for the price.

", + "PricingDetail$Count": "

The number of reservations available for the price.

", "PurchaseReservedInstancesOfferingRequest$InstanceCount": "

The number of Reserved instances to purchase.

", "ReplaceNetworkAclEntryRequest$RuleNumber": "

The rule number of the entry to replace.

", "RequestSpotInstancesRequest$InstanceCount": "

The maximum number of Spot instances to launch.

Default: 1

", "RequestSpotInstancesRequest$BlockDurationMinutes": "

The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).

The duration period starts as soon as your Spot instance receives its instance ID. At the end of the duration period, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.

Note that you can't specify an Availability Zone group or a launch group if you specify a duration.

", - "ReservedInstances$InstanceCount": "

The number of Reserved instances purchased.

", + "ReservedInstances$InstanceCount": "

The number of reservations purchased.

", "ReservedInstancesConfiguration$InstanceCount": "

The number of modified Reserved instances.

", - "RevokeSecurityGroupEgressRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.

", - "RevokeSecurityGroupEgressRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.

", + "RevokeSecurityGroupEgressRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

", + "RevokeSecurityGroupEgressRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

", "RevokeSecurityGroupIngressRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.

", "RevokeSecurityGroupIngressRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.

", "RunInstancesRequest$MinCount": "

The minimum number of instances to launch. If you specify a minimum that is more instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches no instances.

Constraints: Between 1 and the maximum number you're allowed for the specified instance type. For more information about the default limits, and how to request an increase, see How many instances can I run in Amazon EC2 in the Amazon EC2 General FAQ.

", @@ -4426,8 +4427,8 @@ "AuthorizeSecurityGroupEgressRequest$GroupId": "

The ID of the security group.

", "AuthorizeSecurityGroupEgressRequest$SourceSecurityGroupName": "

The name of a destination security group. To authorize outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

", "AuthorizeSecurityGroupEgressRequest$SourceSecurityGroupOwnerId": "

The AWS account number for a destination security group. To authorize outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

", - "AuthorizeSecurityGroupEgressRequest$IpProtocol": "

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). Use -1 to specify all.

", - "AuthorizeSecurityGroupEgressRequest$CidrIp": "

The CIDR IP address range. You can't specify this parameter when specifying a source security group.

", + "AuthorizeSecurityGroupEgressRequest$IpProtocol": "

The IP protocol name or number. We recommend that you specify the protocol in a set of IP permissions instead.

", + "AuthorizeSecurityGroupEgressRequest$CidrIp": "

The CIDR IP address range. We recommend that you specify the CIDR range in a set of IP permissions instead.

", "AuthorizeSecurityGroupIngressRequest$GroupName": "

[EC2-Classic, default VPC] The name of the security group.

", "AuthorizeSecurityGroupIngressRequest$GroupId": "

The ID of the security group. Required for a nondefault VPC.

", "AuthorizeSecurityGroupIngressRequest$SourceSecurityGroupName": "

[EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC.

", @@ -4476,6 +4477,7 @@ "CopyImageRequest$Name": "

The name of the new AMI in the destination region.

", "CopyImageRequest$Description": "

A description for the new AMI in the destination region.

", "CopyImageRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon Elastic Compute Cloud User Guide.

", + "CopyImageRequest$KmsKeyId": "

The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when encrypting the snapshots of an image during a copy operation. This parameter is only required if you want to use a non-default CMK; if this parameter is not specified, the default CMK for EBS is used. The ARN contains the arn:aws:kms namespace, followed by the region of the CMK, the AWS account ID of the CMK owner, the key namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. The specified CMK must exist in the region that the snapshot is being copied to. If a KmsKeyId is specified, the Encrypted flag must also be set.

", "CopyImageResult$ImageId": "

The ID of the new AMI.

", "CopySnapshotRequest$SourceRegion": "

The ID of the region that contains the snapshot to be copied.

", "CopySnapshotRequest$SourceSnapshotId": "

The ID of the EBS snapshot to copy.

", @@ -4682,7 +4684,7 @@ "FlowLog$ResourceId": "

The ID of the resource on which the flow log was created.

", "FlowLog$LogGroupName": "

The name of the flow log group.

", "FlowLog$DeliverLogsStatus": "

The status of the logs delivery (SUCCESS | FAILED).

", - "FlowLog$DeliverLogsErrorMessage": "

Information about the error that occurred. Rate limited indicates that CloudWatch logs throttling has been applied for one or more network interfaces. Access error indicates that the IAM role associated with the flow log does not have sufficient permissions to publish to CloudWatch Logs. Unknown error indicates an internal error.

", + "FlowLog$DeliverLogsErrorMessage": "

Information about the error that occurred. Rate limited indicates that CloudWatch logs throttling has been applied for one or more network interfaces, or that you've reached the limit on the number of CloudWatch Logs log groups that you can create. Access error indicates that the IAM role associated with the flow log does not have sufficient permissions to publish to CloudWatch Logs. Unknown error indicates an internal error.

", "FlowLog$DeliverLogsPermissionArn": "

The ARN of the IAM role that posts logs to CloudWatch Logs.

", "GetConsoleOutputRequest$InstanceId": "

The ID of the instance.

", "GetConsoleOutputResult$InstanceId": "

The ID of the instance.

", @@ -4695,7 +4697,7 @@ "GroupIdentifier$GroupId": "

The ID of the security group.

", "GroupNameStringList$member": null, "Host$HostId": "

The ID of the Dedicated host.

", - "Host$HostReservationId": "

The reservation ID of the Dedicated host. This returns a \"null\" response if the Dedicated host doesn't have an associated reservation.

", + "Host$HostReservationId": "

The reservation ID of the Dedicated host. This returns a null response if the Dedicated host doesn't have an associated reservation.

", "Host$ClientToken": "

Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon Elastic Compute Cloud User Guide.

", "Host$AvailabilityZone": "

The Availability Zone of the Dedicated host.

", "HostInstance$InstanceId": "

the IDs of instances that are running on the Dedicated host.

", @@ -4825,7 +4827,7 @@ "InstanceStatusEvent$Description": "

A description of the event.

After a scheduled event is completed, it can still be described for up to a week. If the event has been completed, this description starts with the following text: [Completed].

", "InternetGateway$InternetGatewayId": "

The ID of the Internet gateway.

", "InternetGatewayAttachment$VpcId": "

The ID of the VPC.

", - "IpPermission$IpProtocol": "

The protocol.

When you call DescribeSecurityGroups, the protocol value returned is the number. Exception: For TCP, UDP, and ICMP, the value returned is the name (for example, tcp, udp, or icmp). For a list of protocol numbers, see Protocol Numbers. (VPC only) When you call AuthorizeSecurityGroupIngress, you can use -1 to specify all.

", + "IpPermission$IpProtocol": "

The IP protocol name (for tcp, udp, and icmp) or number (see Protocol Numbers).

[EC2-VPC only] When you authorize or revoke security group rules, you can use -1 to specify all.

", "IpRange$CidrIp": "

The CIDR range. You can either specify a CIDR range or a source security group, not both.

", "KeyNameStringList$member": null, "KeyPair$KeyName": "

The name of the key pair.

", @@ -4990,8 +4992,8 @@ "RevokeSecurityGroupEgressRequest$GroupId": "

The ID of the security group.

", "RevokeSecurityGroupEgressRequest$SourceSecurityGroupName": "

The name of a destination security group. To revoke outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

", "RevokeSecurityGroupEgressRequest$SourceSecurityGroupOwnerId": "

The AWS account number for a destination security group. To revoke outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

", - "RevokeSecurityGroupEgressRequest$IpProtocol": "

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). Use -1 to specify all.

", - "RevokeSecurityGroupEgressRequest$CidrIp": "

The CIDR IP address range. You can't specify this parameter when specifying a source security group.

", + "RevokeSecurityGroupEgressRequest$IpProtocol": "

The IP protocol name or number. We recommend that you specify the protocol in a set of IP permissions instead.

", + "RevokeSecurityGroupEgressRequest$CidrIp": "

The CIDR IP address range. We recommend that you specify the CIDR range in a set of IP permissions instead.

", "RevokeSecurityGroupIngressRequest$GroupName": "

[EC2-Classic, default VPC] The name of the security group.

", "RevokeSecurityGroupIngressRequest$GroupId": "

The ID of the security group. Required for a security group in a nondefault VPC.

", "RevokeSecurityGroupIngressRequest$SourceSecurityGroupName": "

[EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC.

", @@ -5067,7 +5069,7 @@ "SpotFleetLaunchSpecification$AddressingType": "

Deprecated.

", "SpotFleetLaunchSpecification$KernelId": "

The ID of the kernel.

", "SpotFleetLaunchSpecification$RamdiskId": "

The ID of the RAM disk.

", - "SpotFleetLaunchSpecification$SubnetId": "

The ID of the subnet in which to launch the instances.

", + "SpotFleetLaunchSpecification$SubnetId": "

The ID of the subnet in which to launch the instances. To specify multiple subnets, separate them using commas; for example, \"subnet-a61dafcf, subnet-65ea5f08\".

", "SpotFleetLaunchSpecification$SpotPrice": "

The bid price per unit hour for the specified instance type. If this value is not specified, the default is the Spot bid price specified for the fleet. To determine the bid price per unit hour, divide the Spot bid price by the value of WeightedCapacity.

", "SpotFleetRequestConfig$SpotFleetRequestId": "

The ID of the Spot fleet request.

", "SpotFleetRequestConfigData$ClientToken": "

A unique, case-sensitive identifier you provide to ensure idempotency of your listings. This helps avoid duplicate listings. For more information, see Ensuring Idempotency.

", @@ -5085,7 +5087,7 @@ "SpotInstanceStateFault$Message": "

The message for the Spot instance state change.

", "SpotInstanceStatus$Code": "

The status code. For a list of status codes, see Spot Bid Status Codes in the Amazon Elastic Compute Cloud User Guide.

", "SpotInstanceStatus$Message": "

The description for the status code.

", - "SpotPlacement$AvailabilityZone": "

The Availability Zone.

", + "SpotPlacement$AvailabilityZone": "

The Availability Zones. To specify multiple Availability Zones, separate them using commas; for example, \"us-west-2a, us-west-2b\".

", "SpotPlacement$GroupName": "

The name of the placement group (for cluster instances).

", "SpotPrice$SpotPrice": "

The maximum price (bid) that you are willing to pay for a Spot instance.

", "SpotPrice$AvailabilityZone": "

The Availability Zone.

", @@ -5253,7 +5255,7 @@ "base": null, "refs": { "CreateVpcRequest$InstanceTenancy": "

The supported tenancy options for instances launched into the VPC. A value of default means that instances can be launched with any tenancy; a value of dedicated means all instances launched into the VPC are launched as dedicated tenancy instances regardless of the tenancy assigned to the instance at launch. Dedicated tenancy instances run on single-tenant hardware.

Important: The host value cannot be used with this parameter. Use the default or dedicated values only.

Default: default

", - "DescribeReservedInstancesOfferingsRequest$InstanceTenancy": "

The tenancy of the Reserved instance offering. A Reserved instance with dedicated tenancy is applied to instances that run on single-tenant hardware and can only be launched within a VPC.

Default: default

", + "DescribeReservedInstancesOfferingsRequest$InstanceTenancy": "

The tenancy of the instances covered by the reservation. A Reserved instance with a tenancy of dedicated is applied to instances that run in a VPC on single-tenant hardware (i.e., Dedicated instances).

Default: default

", "Placement$Tenancy": "

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the ImportInstance command.

", "ReservedInstances$InstanceTenancy": "

The tenancy of the reserved instance.

", "ReservedInstancesOffering$InstanceTenancy": "

The tenancy of the reserved instance.

", diff --git a/service/ec2/api.go b/service/ec2/api.go index e3979ae3057..cdc5e68ae6e 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -446,20 +446,18 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE return } -// Adds one or more egress rules to a security group for use with a VPC. Specifically, -// this action permits instances to send traffic to one or more destination -// CIDR IP address ranges, or to one or more destination security groups for -// the same VPC. +// [EC2-VPC only] Adds one or more egress rules to a security group for use +// with a VPC. Specifically, this action permits instances to send traffic to +// one or more destination CIDR IP address ranges, or to one or more destination +// security groups for the same VPC. This action doesn't apply to security groups +// for use in EC2-Classic. For more information, see Security Groups for Your +// VPC (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) +// in the Amazon Virtual Private Cloud User Guide. // // You can have up to 50 rules per security group (covering both ingress and // egress rules). // -// A security group is for use with instances either in the EC2-Classic platform -// or in a specific VPC. This action doesn't apply to security groups for use -// in EC2-Classic. For more information, see Security Groups for Your VPC (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) -// in the Amazon Virtual Private Cloud User Guide. -// -// Each rule consists of the protocol (for example, TCP), plus either a CIDR +// Each rule consists of the protocol (for example, TCP), plus either a CIDR // range or a source group. For the TCP and UDP protocols, you must also specify // the destination port or port range. For the ICMP protocol, you must also // specify the ICMP type and code. You can use -1 for the type or code to mean @@ -1325,7 +1323,7 @@ func (c *EC2) CreateReservedInstancesListingRequest(input *CreateReservedInstanc // To sell your Reserved instances, you must first register as a seller in // the Reserved Instance Marketplace. After completing the registration process, // you can create a Reserved Instance Marketplace listing of some or all of -// your Reserved Instances, and specify the upfront price to receive for them. +// your Reserved instances, and specify the upfront price to receive for them. // Your Reserved instance listings then become available for purchase. To view // the details of your Reserved instance listing, you can use the DescribeReservedInstancesListings // operation. @@ -2955,7 +2953,7 @@ func (c *EC2) DescribeHostsRequest(input *DescribeHostsInput) (req *request.Requ // // The results describe only the Dedicated hosts in the region you're currently // using. All listed instances consume capacity on your Dedicated host. Dedicated -// hosts that have recently been released will be listed with the status "released". +// hosts that have recently been released will be listed with the state released. func (c *EC2) DescribeHosts(input *DescribeHostsInput) (*DescribeHostsOutput, error) { req, out := c.DescribeHostsRequest(input) err := req.Send() @@ -3626,7 +3624,7 @@ func (c *EC2) DescribeReservedInstancesModificationsRequest(input *DescribeReser } // Describes the modifications made to your Reserved instances. If no parameter -// is specified, information about all your Reserved Instances modification +// is specified, information about all your Reserved instances modification // requests is returned. If a modification ID is specified, only information // about the specific modification is returned. // @@ -3678,6 +3676,10 @@ func (c *EC2) DescribeReservedInstancesOfferingsRequest(input *DescribeReservedI // errors, and you pay a lower usage rate than the rate charged for On-Demand // instances for the actual time used. // +// If you have listed your own Reserved instances for sale in the Reserved +// Instance Marketplace, they will be excluded from these results. This is to +// ensure that you do not purchase your own Reserved instances. +// // For more information, see Reserved Instance Marketplace (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) // in the Amazon Elastic Compute Cloud User Guide. func (c *EC2) DescribeReservedInstancesOfferings(input *DescribeReservedInstancesOfferingsInput) (*DescribeReservedInstancesOfferingsOutput, error) { @@ -5368,8 +5370,8 @@ func (c *EC2) ModifyReservedInstancesRequest(input *ModifyReservedInstancesInput } // Modifies the Availability Zone, instance count, instance type, or network -// platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved -// Instances to be modified must be identical, except for Availability Zone, +// platform (EC2-Classic or EC2-VPC) of your Reserved instances. The Reserved +// instances to be modified must be identical, except for Availability Zone, // network platform, and instance type. // // For more information, see Modifying Reserved Instances (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) @@ -5871,7 +5873,7 @@ func (c *EC2) ReleaseHostsRequest(input *ReleaseHostsInput) (req *request.Reques } // When you no longer want to use a Dedicated host it can be released. On-Demand -// billing is stopped and the host goes into "released" state. The host ID of +// billing is stopped and the host goes into released state. The host ID of // Dedicated hosts that have been released can no longer be specified in another // request, e.g., ModifyHosts. You must stop or terminate all instances on a // host before it can be released. @@ -6295,9 +6297,10 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI return } -// Removes one or more egress rules from a security group for EC2-VPC. The values -// that you specify in the revoke request (for example, ports) must match the -// existing rule's values for the rule to be revoked. +// [EC2-VPC only] Removes one or more egress rules from a security group for +// EC2-VPC. This action doesn't apply to security groups for use in EC2-Classic. +// The values that you specify in the revoke request (for example, ports) must +// match the existing rule's values for the rule to be revoked. // // Each rule consists of the protocol and the CIDR range or source security // group. For the TCP and UDP protocols, you must also specify the destination @@ -7313,8 +7316,8 @@ func (s AttributeValue) GoString() string { type AuthorizeSecurityGroupEgressInput struct { _ struct{} `type:"structure"` - // The CIDR IP address range. You can't specify this parameter when specifying - // a source security group. + // The CIDR IP address range. We recommend that you specify the CIDR range in + // a set of IP permissions instead. CidrIp *string `locationName:"cidrIp" type:"string"` // Checks whether you have the required permissions for the action, without @@ -7324,7 +7327,7 @@ type AuthorizeSecurityGroupEgressInput struct { DryRun *bool `locationName:"dryRun" type:"boolean"` // The start of port range for the TCP and UDP protocols, or an ICMP type number. - // For the ICMP type number, use -1 to specify all ICMP types. + // We recommend that you specify the port range in a set of IP permissions instead. FromPort *int64 `locationName:"fromPort" type:"integer"` // The ID of the security group. @@ -7334,8 +7337,8 @@ type AuthorizeSecurityGroupEgressInput struct { // a CIDR IP address range. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` - // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). - // Use -1 to specify all. + // The IP protocol name or number. We recommend that you specify the protocol + // in a set of IP permissions instead. IpProtocol *string `locationName:"ipProtocol" type:"string"` // The name of a destination security group. To authorize outbound access to @@ -7348,8 +7351,8 @@ type AuthorizeSecurityGroupEgressInput struct { // IP permissions instead. SourceSecurityGroupOwnerId *string `locationName:"sourceSecurityGroupOwnerId" type:"string"` - // The end of port range for the TCP and UDP protocols, or an ICMP code number. - // For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type. + // The end of port range for the TCP and UDP protocols, or an ICMP type number. + // We recommend that you specify the port range in a set of IP permissions instead. ToPort *int64 `locationName:"toPort" type:"integer"` } @@ -7498,6 +7501,7 @@ func (s AvailabilityZoneMessage) GoString() string { return s.String() } +// The capacity information for instances launched onto the Dedicated host. type AvailableCapacity struct { _ struct{} `type:"structure"` @@ -8213,6 +8217,23 @@ type CopyImageInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // Specifies whether the destination snapshots of the copied image should be + // encrypted. The default CMK for EBS is used unless a non-default AWS Key Management + // Service (AWS KMS) CMK is specified with KmsKeyId. For more information, see + // Amazon EBS Encryption (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) + // in the Amazon Elastic Compute Cloud User Guide. + Encrypted *bool `locationName:"encrypted" type:"boolean"` + + // The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when + // encrypting the snapshots of an image during a copy operation. This parameter + // is only required if you want to use a non-default CMK; if this parameter + // is not specified, the default CMK for EBS is used. The ARN contains the arn:aws:kms + // namespace, followed by the region of the CMK, the AWS account ID of the CMK + // owner, the key namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // The specified CMK must exist in the region that the snapshot is being copied + // to. If a KmsKeyId is specified, the Encrypted flag must also be set. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + // The name of the new AMI in the destination region. Name *string `type:"string" required:"true"` @@ -11781,6 +11802,9 @@ type DescribeInstancesInput struct { // One or more filters. // + // affinity - The affinity setting for an instance running on a Dedicated + // host (default | host). + // // architecture - The instance architecture (i386 | x86_64). // // availability-zone - The Availability Zone of the instance. @@ -11810,6 +11834,9 @@ type DescribeInstancesInput struct { // group-name - The name of the security group for the instance. EC2-Classic // only. // + // host-Id - The ID of the Dedicated host on which the instance is running, + // if applicable. + // // hypervisor - The hypervisor type of the instance (ovm | xen). // // iam-instance-profile.arn - The instance profile associated with the instance. @@ -11915,7 +11942,7 @@ type DescribeInstancesInput struct { // tag-value - The value of a tag assigned to the resource. This filter is // independent of the tag-key filter. // - // tenancy - The tenancy of an instance (dedicated | default). + // tenancy - The tenancy of an instance (dedicated | default | host). // // virtualization-type - The virtualization type of the instance (paravirtual // | hvm). @@ -12698,13 +12725,12 @@ type DescribeReservedInstancesInput struct { // fixed-price - The purchase price of the Reserved instance (for example, // 9800.0). // - // instance-type - The instance type on which the Reserved instance can be - // used. + // instance-type - The instance type that is covered by the reservation. // // product-description - The Reserved instance product platform description. // Instances that include (Amazon VPC) in the product platform description will // only be displayed to EC2-Classic account holders and are for use with Amazon - // VPC. (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE Linux (Amazon + // VPC (Linux/UNIX | Linux/UNIX (Amazon VPC) | SUSE Linux | SUSE Linux (Amazon // VPC) | Red Hat Enterprise Linux | Red Hat Enterprise Linux (Amazon VPC) | // Windows | Windows (Amazon VPC) | Windows with SQL Server Standard | Windows // with SQL Server Standard (Amazon VPC) | Windows with SQL Server Web | Windows @@ -12906,12 +12932,11 @@ type DescribeReservedInstancesOfferingsInput struct { // fixed-price - The purchase price of the Reserved instance (for example, // 9800.0). // - // instance-type - The instance type on which the Reserved instance can be - // used. + // instance-type - The instance type that is covered by the reservation. // // marketplace - Set to true to show only Reserved Instance Marketplace offerings. // When this filter is not used, which is the default behavior, all offerings - // from AWS and Reserved Instance Marketplace are listed. + // from both AWS and the Reserved Instance Marketplace are listed. // // product-description - The Reserved instance product platform description. // Instances that include (Amazon VPC) in the product platform description will @@ -12923,7 +12948,7 @@ type DescribeReservedInstancesOfferingsInput struct { // with SQL Server Web (Amazon VPC) | Windows with SQL Server Enterprise | Windows // with SQL Server Enterprise (Amazon VPC)) // - // reserved-instances-offering-id - The Reserved instances offering ID. + // reserved-instances-offering-id - The Reserved instances' offering ID. // // usage-price - The usage price of the Reserved instance, per hour (for // example, 0.84). @@ -12932,15 +12957,15 @@ type DescribeReservedInstancesOfferingsInput struct { // Include Reserved Instance Marketplace offerings in the response. IncludeMarketplace *bool `type:"boolean"` - // The tenancy of the Reserved instance offering. A Reserved instance with dedicated - // tenancy is applied to instances that run on single-tenant hardware and can - // only be launched within a VPC. + // The tenancy of the instances covered by the reservation. A Reserved instance + // with a tenancy of dedicated is applied to instances that run in a VPC on + // single-tenant hardware (i.e., Dedicated instances). // // Default: default InstanceTenancy *string `locationName:"instanceTenancy" type:"string" enum:"Tenancy"` - // The instance type on which the Reserved instance can be used. For more information, - // see Instance Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // The instance type that the reservation will cover (for example, m1.small). + // For more information, see Instance Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon Elastic Compute Cloud User Guide. InstanceType *string `type:"string" enum:"InstanceType"` @@ -14238,7 +14263,7 @@ type DescribeVpcAttributeInput struct { _ struct{} `type:"structure"` // The VPC attribute. - Attribute *string `type:"string" enum:"VpcAttributeName"` + Attribute *string `type:"string" required:"true" enum:"VpcAttributeName"` // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have @@ -15685,10 +15710,11 @@ type FlowLog struct { CreationTime *time.Time `locationName:"creationTime" type:"timestamp" timestampFormat:"iso8601"` // Information about the error that occurred. Rate limited indicates that CloudWatch - // logs throttling has been applied for one or more network interfaces. Access - // error indicates that the IAM role associated with the flow log does not have - // sufficient permissions to publish to CloudWatch Logs. Unknown error indicates - // an internal error. + // logs throttling has been applied for one or more network interfaces, or that + // you've reached the limit on the number of CloudWatch Logs log groups that + // you can create. Access error indicates that the IAM role associated with + // the flow log does not have sufficient permissions to publish to CloudWatch + // Logs. Unknown error indicates an internal error. DeliverLogsErrorMessage *string `locationName:"deliverLogsErrorMessage" type:"string"` // The ARN of the IAM role that posts logs to CloudWatch Logs. @@ -15867,6 +15893,7 @@ func (s HistoryRecord) GoString() string { return s.String() } +// Describes the properties of the Dedicated host. type Host struct { _ struct{} `type:"structure"` @@ -15890,14 +15917,14 @@ type Host struct { // The hardware specifications of the Dedicated host. HostProperties *HostProperties `locationName:"hostProperties" type:"structure"` - // The reservation ID of the Dedicated host. This returns a "null" response - // if the Dedicated host doesn't have an associated reservation. + // The reservation ID of the Dedicated host. This returns a null response if + // the Dedicated host doesn't have an associated reservation. HostReservationId *string `locationName:"hostReservationId" type:"string"` // The IDs and instance type that are currently running on the Dedicated host. Instances []*HostInstance `locationName:"instances" locationNameList:"item" type:"list"` - // The Dedicated host's state. Can be "available", "under assessment, or "released". + // The Dedicated host's state. State *string `locationName:"state" type:"string" enum:"AllocationState"` } @@ -16895,6 +16922,7 @@ func (s InstanceBlockDeviceMappingSpecification) GoString() string { return s.String() } +// Information about the instance type that the Dedicated host supports. type InstanceCapacity struct { _ struct{} `type:"structure"` @@ -17406,14 +17434,11 @@ type IpPermission struct { // A value of -1 indicates all ICMP types. FromPort *int64 `locationName:"fromPort" type:"integer"` - // The protocol. + // The IP protocol name (for tcp, udp, and icmp) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). // - // When you call DescribeSecurityGroups, the protocol value returned is the - // number. Exception: For TCP, UDP, and ICMP, the value returned is the name - // (for example, tcp, udp, or icmp). For a list of protocol numbers, see Protocol - // Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). - // (VPC only) When you call AuthorizeSecurityGroupIngress, you can use -1 to - // specify all. + // [EC2-VPC only] When you authorize or revoke security group rules, you can + // use -1 to specify all. IpProtocol *string `locationName:"ipProtocol" type:"string"` // One or more IP ranges. @@ -18810,10 +18835,10 @@ type PriceSchedule struct { _ struct{} `type:"structure"` // The current price schedule, as determined by the term remaining for the Reserved - // Instance in the listing. + // instance in the listing. // // A specific price schedule is always in effect, but only one price schedule - // can be active at any time. Take, for example, a Reserved Instance listing + // can be active at any time. Take, for example, a Reserved instance listing // that has five months remaining in its term. When you specify price schedules // for five months and two months, this means that schedule 1, covering the // first three months of the remaining term, will be active during months 5, @@ -18873,7 +18898,7 @@ func (s PriceScheduleSpecification) GoString() string { type PricingDetail struct { _ struct{} `type:"structure"` - // The number of instances available for the price. + // The number of reservations available for the price. Count *int64 `locationName:"count" type:"integer"` // The price per instance. @@ -19853,7 +19878,7 @@ type ReservedInstances struct { // The purchase price of the Reserved instance. FixedPrice *float64 `locationName:"fixedPrice" type:"float"` - // The number of Reserved instances purchased. + // The number of reservations purchased. InstanceCount *int64 `locationName:"instanceCount" type:"integer"` // The tenancy of the reserved instance. @@ -20322,8 +20347,8 @@ func (s RestoreAddressToClassicOutput) GoString() string { type RevokeSecurityGroupEgressInput struct { _ struct{} `type:"structure"` - // The CIDR IP address range. You can't specify this parameter when specifying - // a source security group. + // The CIDR IP address range. We recommend that you specify the CIDR range in + // a set of IP permissions instead. CidrIp *string `locationName:"cidrIp" type:"string"` // Checks whether you have the required permissions for the action, without @@ -20333,7 +20358,7 @@ type RevokeSecurityGroupEgressInput struct { DryRun *bool `locationName:"dryRun" type:"boolean"` // The start of port range for the TCP and UDP protocols, or an ICMP type number. - // For the ICMP type number, use -1 to specify all ICMP types. + // We recommend that you specify the port range in a set of IP permissions instead. FromPort *int64 `locationName:"fromPort" type:"integer"` // The ID of the security group. @@ -20343,8 +20368,8 @@ type RevokeSecurityGroupEgressInput struct { // a CIDR IP address range. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` - // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). - // Use -1 to specify all. + // The IP protocol name or number. We recommend that you specify the protocol + // in a set of IP permissions instead. IpProtocol *string `locationName:"ipProtocol" type:"string"` // The name of a destination security group. To revoke outbound access to a @@ -20357,8 +20382,8 @@ type RevokeSecurityGroupEgressInput struct { // IP permissions instead. SourceSecurityGroupOwnerId *string `locationName:"sourceSecurityGroupOwnerId" type:"string"` - // The end of port range for the TCP and UDP protocols, or an ICMP code number. - // For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type. + // The end of port range for the TCP and UDP protocols, or an ICMP type number. + // We recommend that you specify the port range in a set of IP permissions instead. ToPort *int64 `locationName:"toPort" type:"integer"` } @@ -21085,7 +21110,8 @@ type SpotFleetLaunchSpecification struct { // value of WeightedCapacity. SpotPrice *string `locationName:"spotPrice" type:"string"` - // The ID of the subnet in which to launch the instances. + // The ID of the subnet in which to launch the instances. To specify multiple + // subnets, separate them using commas; for example, "subnet-a61dafcf, subnet-65ea5f08". SubnetId *string `locationName:"subnetId" type:"string"` // The Base64-encoded MIME user data to make available to the instances. @@ -21350,7 +21376,8 @@ func (s SpotInstanceStatus) GoString() string { type SpotPlacement struct { _ struct{} `type:"structure"` - // The Availability Zone. + // The Availability Zones. To specify multiple Availability Zones, separate + // them using commas; for example, "us-west-2a, us-west-2b". AvailabilityZone *string `locationName:"availabilityZone" type:"string"` // The name of the placement group (for cluster instances). diff --git a/service/ec2/examples_test.go b/service/ec2/examples_test.go index c4e30bad09c..af467f4f57e 100644 --- a/service/ec2/examples_test.go +++ b/service/ec2/examples_test.go @@ -597,6 +597,8 @@ func ExampleEC2_CopyImage() { ClientToken: aws.String("String"), Description: aws.String("String"), DryRun: aws.Bool(true), + Encrypted: aws.Bool(true), + KmsKeyId: aws.String("String"), } resp, err := svc.CopyImage(params) @@ -3259,8 +3261,8 @@ func ExampleEC2_DescribeVpcAttribute() { svc := ec2.New(session.New()) params := &ec2.DescribeVpcAttributeInput{ - VpcId: aws.String("String"), // Required - Attribute: aws.String("VpcAttributeName"), + Attribute: aws.String("VpcAttributeName"), // Required + VpcId: aws.String("String"), // Required DryRun: aws.Bool(true), } resp, err := svc.DescribeVpcAttribute(params)