@itentialopensource/adapter-aws_ec2

## Using this Adapter The `adapter.js` file contains the calls the adapter makes available to the rest of the Itential Platform. The API detailed for these calls should be available through JSDOC. The following is a brief summary of the calls. ### Generic Adapter Calls These are adapter methods that Itential Platform or you might use. There are some other methods not shown here that might be used for internal adapter functionality. <table border="1" class="bordered-table"> <tr> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Method Signature</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Description</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Workflow?</span></th> </tr> <tr> <td style="padding:15px">connect()</td> <td style="padding:15px">This call is run when the Adapter is first loaded by the Itential Platform. It validates the properties have been provided correctly.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">healthCheck(callback)</td> <td style="padding:15px">This call ensures that the adapter can communicate with Adapter for Amazon Web Services EC2. The actual call that is used is defined in the adapter properties and .system entities action.json file.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">refreshProperties(properties)</td> <td style="padding:15px">This call provides the adapter the ability to accept property changes without having to restart the adapter.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">encryptProperty(property, technique, callback)</td> <td style="padding:15px">This call will take the provided property and technique, and return the property encrypted with the technique. This allows the property to be used in the adapterProps section for the credential password so that the password does not have to be in clear text. The adapter will decrypt the property as needed for communications with Adapter for Amazon Web Services EC2.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">iapUpdateAdapterConfiguration(configFile, changes, entity, type, action, callback)</td> <td style="padding:15px">This call provides the ability to update the adapter configuration from Itential Platform - includes actions, schema, mockdata and other configurations.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapSuspendAdapter(mode, callback)</td> <td style="padding:15px">This call provides the ability to suspend the adapter and either have requests rejected or put into a queue to be processed after the adapter is resumed.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapUnsuspendAdapter(callback)</td> <td style="padding:15px">This call provides the ability to resume a suspended adapter. Any requests in queue will be processed before new requests.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapGetAdapterQueue(callback)</td> <td style="padding:15px">This call will return the requests that are waiting in the queue if throttling is enabled.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapFindAdapterPath(apiPath, callback)</td> <td style="padding:15px">This call provides the ability to see if a particular API path is supported by the adapter.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapTroubleshootAdapter(props, adapter, callback)</td> <td style="padding:15px">This call can be used to check on the performance of the adapter - it checks connectivity, healthcheck and basic get calls.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapRunAdapterHealthcheck(adapter, callback)</td> <td style="padding:15px">This call will return the results of a healthcheck.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapRunAdapterConnectivity(callback)</td> <td style="padding:15px">This call will return the results of a connectivity check.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapRunAdapterBasicGet(maxCalls, callback)</td> <td style="padding:15px">This call will return the results of running basic get API calls. By default 5 get calls without parameters will be run. You can ask for more or less by setting maxCalls.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapMoveAdapterEntitiesToDB(callback)</td> <td style="padding:15px">This call will push the adapter configuration from the entities directory into the Adapter or Itential Platform Database.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapDeactivateTasks(tasks, callback)</td> <td style="padding:15px">This call provides the ability to remove tasks from the adapter.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapActivateTasks(tasks, callback)</td> <td style="padding:15px">This call provides the ability to add deactivated tasks back into the adapter.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapExpandedGenericAdapterRequest(metadata, uriPath, restMethod, pathVars, queryData, requestBody, addlHeaders, callback)</td> <td style="padding:15px">This is an expanded Generic Call. The metadata object allows us to provide many new capabilities within the generic request.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">genericAdapterRequest(uriPath, restMethod, queryData, requestBody, addlHeaders, callback)</td> <td style="padding:15px">This call allows you to provide the path to have the adapter call. It is an easy way to incorporate paths that have not been built into the adapter yet.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">genericAdapterRequestNoBasePath(uriPath, restMethod, queryData, requestBody, addlHeaders, callback)</td> <td style="padding:15px">This call is the same as the genericAdapterRequest only it does not add a base_path or version to the call.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapRunAdapterLint(callback)</td> <td style="padding:15px">Runs lint on the addapter and provides the information back.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapRunAdapterTests(callback)</td> <td style="padding:15px">Runs baseunit and unit tests on the adapter and provides the information back.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapGetAdapterInventory(callback)</td> <td style="padding:15px">This call provides some inventory related information about the adapter.</td> <td style="padding:15px">Yes</td> </tr> </table> <br> ### Adapter Cache Calls These are adapter methods that are used for adapter caching. If configured, the adapter will cache based on the interval provided. However, you can force a population of the cache manually as well. <table border="1" class="bordered-table"> <tr> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Method Signature</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Description</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Workflow?</span></th> </tr> <tr> <td style="padding:15px">iapPopulateEntityCache(entityTypes, callback)</td> <td style="padding:15px">This call populates the adapter cache.</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">iapRetrieveEntitiesCache(entityType, options, callback)</td> <td style="padding:15px">This call retrieves the specific items from the adapter cache.</td> <td style="padding:15px">Yes</td> </tr> </table> <br> ### Adapter Broker Calls These are adapter methods that are used to integrate to Itential Platform Brokers. This adapter currently supports the following broker calls. <table border="1" class="bordered-table"> <tr> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Method Signature</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Description</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Workflow?</span></th> </tr> <tr> <td style="padding:15px">hasEntities(entityType, entityList, callback)</td> <td style="padding:15px">This call is utilized by the Itential Platform Device Broker to determine if the adapter has a specific entity and item of the entity.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">getDevice(deviceName, callback)</td> <td style="padding:15px">This call returns the details of the requested device.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">getDevicesFiltered(options, callback)</td> <td style="padding:15px">This call returns the list of devices that match the criteria provided in the options filter.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">isAlive(deviceName, callback)</td> <td style="padding:15px">This call returns whether the device status is active</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">getConfig(deviceName, format, callback)</td> <td style="padding:15px">This call returns the configuration for the selected device.</td> <td style="padding:15px">No</td> </tr> <tr> <td style="padding:15px">iapGetDeviceCount(callback)</td> <td style="padding:15px">This call returns the count of devices.</td> <td style="padding:15px">No</td> </tr> </table> <br> ### Specific Adapter Calls Specific adapter calls are built based on the API of the Awsec2. The Adapter Builder creates the proper method comments for generating JS-DOC for the adapter. This is the best way to get information on the calls. Note that each call with the `STSRole` suffix contains an input `stsParams`. This will contain information needed to authenticate by switching roles using the AWS STS Service. In addition to this information, you can optionally pass an alternate region than the one specified in the service instance configuration with the key `region`. <table border="1" class="bordered-table"> <tr> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Method Signature</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Description</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Path</span></th> <th bgcolor="lightgrey" style="padding:15px"><span style="font-size:12.0pt">Workflow?</span></th> </tr> <tr> <td style="padding:15px">acceptReservedInstancesExchangeQuoteSTSRole(dryRun, reservedInstanceId, targetConfiguration, stsParams, roleName, callback)</td> <td style="padding:15px">Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">acceptTransitGatewayVpcAttachmentSTSRole(transitGatewayAttachmentId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Accepts a request to attach a VPC to a transit gateway. The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">acceptVpcEndpointConnectionsSTSRole(dryRun, serviceId, vpcEndpointId, stsParams, roleName, callback)</td> <td style="padding:15px">Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">acceptVpcPeeringConnectionSTSRole(dryRun, vpcPeeringConnectionId, stsParams, roleName, callback)</td> <td style="padding:15px">Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests. For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">advertiseByoipCidrSTSRole(cidr, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Advertises an IPv4 address range that is provisioned for use with your AWS resources through bring your own IP addresses (BYOIP). You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time. We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from AWS. To minimize down time, you can configure your AWS resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneo...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">allocateAddressSTSRole(domain = 'vpc', address, publicIpv4Pool, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Allocates an Elastic IP address to your AWS account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different AWS account. You can allocate an Elastic IP address from an address pool owned by AWS or from an address pool created from a public IPv4 address range that you have brought to AWS for use with your AWS resources using bring you...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">allocateHostsSTSRole(autoPlacement = 'on', availabilityZone, clientToken, instanceType, quantity, tagSpecification, stsParams, roleName, callback)</td> <td style="padding:15px">Allocates a Dedicated Host to your account. At a minimum, specify the instance size type, Availability Zone, and quantity of hosts to allocate.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">applySecurityGroupsToClientVpnTargetNetworkSTSRole(clientVpnEndpointId, vpcId, securityGroupId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">assignIpv6AddressesSTSRole(ipv6AddressCount, ipv6Addresses, networkInterfaceId, stsParams, roleName, callback)</td> <td style="padding:15px">Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute C...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">assignPrivateIpAddressesSTSRole(allowReassignment, networkInterfaceId, privateIpAddress, secondaryPrivateIpAddressCount, stsParams, roleName, callback)</td> <td style="padding:15px">Assigns one or more secondary private IP addresses to the specified network interface. You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide . For more information...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateAddressSTSRole(allocationId, instanceId, publicIp, allowReassociation, dryRun, networkInterfaceId, privateIpAddress, stsParams, roleName, callback)</td> <td style="padding:15px">Associates an Elastic IP address with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account. An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide . [EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance a...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateClientVpnTargetNetworkSTSRole(clientVpnEndpointId, subnetId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateDhcpOptionsSTSRole(dhcpOptionsId, vpcId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC. After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operat...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateIamInstanceProfileSTSRole(iamInstanceProfileArn, iamInstanceProfileName, instanceId, stsParams, roleName, callback)</td> <td style="padding:15px">Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateRouteTableSTSRole(dryRun, routeTableId, subnetId, stsParams, roleName, callback)</td> <td style="padding:15px">Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table from the subnet later. A route table can be associated with multiple subnets. For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateSubnetCidrBlockSTSRole(ipv6CidrBlock, subnetId, stsParams, roleName, callback)</td> <td style="padding:15px">Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateTransitGatewayRouteTableSTSRole(transitGatewayRouteTableId, transitGatewayAttachmentId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">associateVpcCidrBlockSTSRole(amazonProvidedIpv6CidrBlock, cidrBlock, vpcId, stsParams, roleName, callback)</td> <td style="padding:15px">Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, or you can associate an Amazon-provided IPv6 CIDR block. The IPv6 CIDR block size is fixed at /56. For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and Subnet Sizing in the Amazon Virtual Private Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">attachClassicLinkVpcSTSRole(dryRun, securityGroupId, instanceId, vpcId, stsParams, roleName, callback)</td> <td style="padding:15px">Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the running state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it. After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security group...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">attachInternetGatewaySTSRole(dryRun, internetGatewayId, vpcId, stsParams, roleName, callback)</td> <td style="padding:15px">Attaches an internet gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">attachNetworkInterfaceSTSRole(deviceIndex, dryRun, instanceId, networkInterfaceId, stsParams, roleName, callback)</td> <td style="padding:15px">Attaches a network interface to an instance.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">attachVolumeSTSRole(device, instanceId, volumeId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name. Encrypted EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide . For a list of supported device names, see Attaching an EBS Volume to an Instance . Any device names that aren't reserved for instance store volumes can be used for EBS volumes. For mo...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">attachVpnGatewaySTSRole(vpcId, vpnGatewayId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time. For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">authorizeClientVpnIngressSTSRole(clientVpnEndpointId, targetNetworkCidr, accessGroupId, authorizeAllGroups, description, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">authorizeSecurityGroupEgressSTSRole(dryRun, groupId, ipPermissions, cidrIp, fromPort, ipProtocol, toPort, sourceSecurityGroupName, sourceSecurityGroupOwnerId, stsParams, roleName, callback)</td> <td style="padding:15px">[VPC only] Adds the specified egress rules to a security group for use with a VPC. An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 fo...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">authorizeSecurityGroupIngressSTSRole(cidrIp, fromPort, groupId, groupName, ipPermissions, ipProtocol, sourceSecurityGroupName, sourceSecurityGroupOwnerId, toPort, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Adds the specified ingress rules to a security group. An inbound rule permits instances to receive traffic from the specified destination IPv4 or IPv6 CIDR address ranges, or from the specified destination security groups. You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. Rule changes are prop...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">bundleInstanceSTSRole(instanceId, storageS3, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Bundles an Amazon instance store-backed Windows instance. During bundling, only the root device volume (C:\) is bundled. Data on other instance store volumes is not preserved. This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelBundleTaskSTSRole(bundleId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels a bundling operation for an instance store-backed Windows instance.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelCapacityReservationSTSRole(capacityReservationId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled . Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelConversionTaskSTSRole(conversionTaskId, dryRun, reasonMessage, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception. For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelExportTaskSTSRole(exportTaskId, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelImportTaskSTSRole(cancelReason, dryRun, importTaskId, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels an in-process import virtual machine or import snapshot task.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelReservedInstancesListingSTSRole(reservedInstancesListingId, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace. For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelSpotFleetRequestsSTSRole(dryRun, spotFleetRequestId, terminateInstances, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels the specified Spot Fleet requests. After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">cancelSpotInstanceRequestsSTSRole(dryRun, spotInstanceRequestId, stsParams, roleName, callback)</td> <td style="padding:15px">Cancels one or more Spot Instance requests. Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">confirmProductInstanceSTSRole(instanceId, productCode, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">copyFpgaImageSTSRole(dryRun, sourceFpgaImageId, description, name, sourceRegion, clientToken, stsParams, roleName, callback)</td> <td style="padding:15px">Copies the specified Amazon FPGA Image (AFI) to the current Region.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">copyImageSTSRole(clientToken, description, encrypted, kmsKeyId, name, sourceImageId, sourceRegion, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Initiates the copy of an AMI from the specified source Region to the current Region. You specify the destination Region by using its endpoint when making the request. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot. For more information about the prerequisites and limits when copying an AMI, ...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">copySnapshotSTSRole(description, destinationRegion, encrypted, kmsKeyId, presignedUrl, sourceRegion, sourceSnapshotId, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy the snapshot within the same Region or from one Region to another. You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs). The snapshot is copied to the regional endpoint that you send the HTTP request to. Copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless the Encrypted flag is specified during the snapshot copy operati...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createCapacityReservationSTSRole(clientToken, instanceType, instancePlatform = 'Linux/UNIX', availabilityZone, tenancy = 'default', instanceCount, ebsOptimized, ephemeralStorage, endDate, endDateType = 'unlimited', instanceMatchCriteria = 'open', tagSpecifications, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a new Capacity Reservation with the specified attributes. Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see ...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createClientVpnEndpointSTSRole(clientCidrBlock, serverCertificateArn, authentication, connectionLogOptionsEnabled, connectionLogOptionsCloudwatchLogGroup, connectionLogOptionsCloudwatchLogStream, dnsServers, transportProtocol = 'tcp', description, dryRun, clientToken, tagSpecification, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createClientVpnRouteSTSRole(clientVpnEndpointId, destinationCidrBlock, targetVpcSubnetId, description, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traﬃc to speciﬁc resources or networks.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createCustomerGatewaySTSRole(bgpAsn, ipAddress, type = 'ipsec.1', dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Provides information to AWS about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the AWS side of the VPN connection is the virtual private gateway.) You must provide the Internet-routable IP address of the customer gateway's external interface. The IP address must be static and may be behind a device performing network address translation (NAT). For devices that use Border Gateway Protocol (BGP), you can also provide t...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createDefaultSubnetSTSRole(availabilityZone, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a Default Subnet in the Amazon Virtual Private Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createDefaultVpcSTSRole(dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and Default Subnets in the Amazon Virtual Private Cloud User Guide . You cannot specify the components of the default VPC yourself. If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region. If your account supports EC2-Classic, you cannot use t...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createDhcpOptionsSTSRole(dhcpConfiguration, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132 . domain-name-servers - The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying m...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createEgressOnlyInternetGatewaySTSRole(clientToken, dryRun, vpcId, stsParams, roleName, callback)</td> <td style="padding:15px">[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createFleetSTSRole(dryRun, clientToken, spotOptionsAllocationStrategy, spotOptionsInstanceInterruptionBehavior, spotOptionsInstancePoolsToUseCount, spotOptionsSingleInstanceType, spotOptionsSingleAvailabilityZone, spotOptionsMinTargetCapacity, onDemandOptionsAllocationStrategy, onDemandOptionsSingleInstanceType, onDemandOptionsSingleAvailabilityZone, onDemandOptionsMinTargetCapacity, excessCapacityTerminationPolicy = 'no-termination', launchTemplateConfigs, targetCapacitySpecificationTotalTargetCapacity, targetCapacitySpecificationOnDemandTargetCapacity, targetCapacitySpecificationSpotTargetCapacity, targetCapacitySpecificationDefaultTargetCapacityType, terminateInstancesWithExpiration, type = 'request', validFrom, validUntil, replaceUnhealthyInstances, tagSpecification, stsParams, roleName, callback)</td> <td style="padding:15px">Launches an EC2 Fleet. You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. For more information, see Launching an EC2 Fleet in the Amazon Elastic Compute Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createFlowLogsSTSRole(dryRun, clientToken, deliverLogsPermissionArn, logGroupName, resourceId, resourceType = 'VPC', trafficType = 'ACCEPT', logDestinationType = 'cloud-watch-logs', logDestination, stsParams, roleName, callback)</td> <td style="padding:15px">Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC. Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow Log Records in the Amazon Virtual Private Cloud User Guide . When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique l...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createFpgaImageSTSRole(dryRun, inputStorageLocationBucket, inputStorageLocationKey, logsStorageLocationBucket, logsStorageLocationKey, description, name, clientToken, stsParams, roleName, callback)</td> <td style="padding:15px">Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP). The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs. An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the AWS FPGA Hardware Development Kit .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createImageSTSRole(blockDeviceMapping, description, dryRun, instanceId, name, noReboot, stsParams, roleName, callback)</td> <td style="padding:15px">Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped. If you customized your instance with instance store volumes or EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes. For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Co...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createInstanceExportTaskSTSRole(description, exportToS3ContainerFormat, exportToS3DiskImageFormat, exportToS3S3Bucket, exportToS3S3Prefix, instanceId, targetEnvironment = 'citrix', stsParams, roleName, callback)</td> <td style="padding:15px">Exports a running or stopped instance to an S3 bucket. For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an Instance as a VM Using VM Import/Export in the VM Import/Export User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createInternetGatewaySTSRole(dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway . For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide .</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createKeyPairSTSRole(keyName, dryRun, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If a key with the specified name already exists, Amazon EC2 returns an error. You can have up to five thousand key pairs per Region. The key pair returned to you is available only in the Region in which you create it. If you prefer, you can create your own key pair using...(description truncated)</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createLaunchTemplateSTSRole(dryRun, clientToken, launchTemplateName, versionDescription, launchTemplateDataKernelId, launchTemplateDataEbsOptimized, launchTemplateDataIamInstanceProfile, launchTemplateDataBlockDeviceMappings, launchTemplateDataNetworkInterfaces, launchTemplateDataImageId, launchTemplateDataInstanceType, launchTemplateDataKeyName, launchTemplateDataMonitoring, launchTemplateDataPlacement, launchTemplateDataRamDiskId, launchTemplateDataDisableApiTermination, launchTemplateDataInstanceInitiatedShutdownBehavior, launchTemplateDataUserData, launchTemplateDataTagSpecifications, launchTemplateDataElasticGpuSpecifications, launchTemplateDataElasticInferenceAccelerators, launchTemplateDataSecurityGroupIds, launchTemplateDataSecurityGroups, launchTemplateDataInstanceMarketOptions, launchTemplateDataCreditSpecification, launchTemplateDataCpuOptions, launchTemplateDataCapacityReservationSpecification, launchTemplateDataLicenseSpecifications, launchTemplateDataHibernationOptions, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a launch template. A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances , you can specify a launch template instead of providing the launch parameters in the request.</td> <td style="padding:15px">{base_path}/{version}?{query}</td> <td style="padding:15px">Yes</td> </tr> <tr> <td style="padding:15px">createLaunchTemplateVersionSTSRole(dryRun, clientToken, launchTemplateId, launchTemplateName, sourceVersion, versionDescription, launchTemplateDataKernelId, launchTemplateDataEbsOptimized, launchTemplateDataIamInstanceProfile, launchTemplateDataBlockDeviceMappings, launchTemplateDataNetworkInterfaces, launchTemplateDataImageId, launchTemplateDataInstanceType, launchTemplateDataKeyName, launchTemplateDataMonitoring, launchTemplateDataPlacement, launchTemplateDataRamDiskId, launchTemplateDataDisableApiTermination, launchTemplateDataInstanceInitiatedShutdownBehavior, launchTemplateDataUserData, launchTemplateDataTagSpecifications, launchTemplateDataElasticGpuSpecifications, launchTemplateDataElasticInferenceAccelerators, launchTemplateDataSecurityGroupIds, launchTemplateDataSecurityGroups, launchTemplateDataInstanceMarketOptions, launchTemplateDataCreditSpecification, launchTemplateDataCpuOptions, launchTemplateDataCapacityReservationSpecification, launchTemplateDataLicenseSpecifications, launchTemplateDataHibernationOptions, stsParams, roleName, callback)</td> <td style="padding:15px">Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version. Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.</td> <td style="padding:15px">{base_path}/{