Ec2Functions
Functions
Resource Type definition for AWS::EC2::CapacityReservation
Resource Type definition for AWS::EC2::CapacityReservationFleet
An example resource schema demonstrating some basic constructs and validation rules.
Specifies a customer gateway.
Resource Type definition for AWS::EC2::DHCPOptions
Resource Type definition for AWS::EC2::EC2Fleet
Resource Type definition for AWS::EC2::EgressOnlyInternetGateway
Specifies an Elastic IP (EIP) address and can, optionally, associate it with an Amazon EC2 instance. You can allocate an Elastic IP address from an address pool owned by AWS or from an address pool created from a public IPv4 address range that you have brought to AWS for use with your AWS resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon EC2 User Guide. For more information, see Elastic IP Addresses in the Amazon EC2 User Guide.
Associates an Elastic IP address with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account. For more information about working with Elastic IP addresses, see Elastic IP address concepts and rules. You must specify `AllocationId` and either `InstanceId`, `NetworkInterfaceId`, or `PrivateIpAddress`.
Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This association is based on Amazon Resource Names and it enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave.
Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC.
Associates a gateway with a route table. The gateway and route table must be in the same VPC. This association causes the incoming traffic to the gateway to be routed according to the routes in the route table.
Resource Type definition for AWS::EC2::Host
Resource Type definition for AWS::EC2::Instance
Resource Type definition for AWS::EC2::InstanceConnectEndpoint
Allocates an internet gateway for use with a VPC. After creating the Internet gateway, you then attach it to a VPC.
Resource Schema of AWS::EC2::IPAM Type
Resource Schema of AWS::EC2::IPAMAllocation Type
Resource Schema of AWS::EC2::IPAMPool Type
Resource Schema of AWS::EC2::IPAMPoolCidr Type
Resource Schema of AWS::EC2::IPAMResourceDiscovery Type
Resource Schema of AWS::EC2::IPAMResourceDiscoveryAssociation Type
Resource Schema of AWS::EC2::IPAMScope Type
Specifies a key pair for use with an EC2long instance as follows:
Specifies the properties for creating a launch template. The minimum required properties for specifying a launch template are as follows:
Describes a route for a local gateway route table.
Describes a route table for a local gateway.
Describes a local gateway route table virtual interface group association for a local gateway.
Describes an association between a local gateway route table and a VPC.
Specifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address. With a NAT gateway, instances in a private subnet can connect to the internet, other AWS services, or an on-premises network using the IP address of the NAT gateway. For more information, see NAT gateways in the Amazon VPC User Guide. If you add a default route (`AWS::EC2::Route` resource) that points to a NAT gateway, specify the NAT gateway ID for the route's `NatGatewayId` property. When you associate an Elastic IP address or secondary Elastic IP address with a public NAT gateway, the network border group of the Elastic IP address must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. Otherwise, the NAT gateway fails to launch. You can see the network border group for the AZ by viewing the details of the subnet. Similarly, you can view the network border group for the Elastic IP address by viewing its details. For more information, see Allocate an Elastic IP address in the Amazon VPC User Guide.
Specifies a network ACL for your VPC.
Resource schema for AWS::EC2::NetworkInsightsAccessScope
Resource schema for AWS::EC2::NetworkInsightsAccessScopeAnalysis
Resource schema for AWS::EC2::NetworkInsightsAnalysis
Resource schema for AWS::EC2::NetworkInsightsPath
The AWS::EC2::NetworkInterface resource creates network interface
Attaches an elastic network interface (ENI) to an Amazon EC2 instance. You can use this resource type to attach additional network interfaces to an instance without interruption.
Resource Type definition for AWS::EC2::PlacementGroup
Resource schema of AWS::EC2::PrefixList Type
Specifies a route in a route table. For more information, see Routes in the Amazon VPC User Guide. You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target. If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a DependsOn Attribute in the `AWS::EC2::Route` resource to explicitly declare a dependency on the `AWS::EC2::TransitGatewayAttachment` resource.
Specifies a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. For more information, see Route tables in the Amazon VPC User Guide.
Resource Type definition for AWS::EC2::SecurityGroup
Adds the specified outbound (egress) rule to a security group. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see Security group rules. You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
Resource Type definition for AWS::EC2::SecurityGroupIngress
Resource Type definition for AWS::EC2::SnapshotBlockPublicAccess
Resource Type definition for AWS::EC2::SpotFleet
Specifies a subnet for the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block. For more information, see Subnets for your VPC in the Amazon VPC User Guide.
The AWS::EC2::SubnetCidrBlock resource creates association between subnet and IPv6 CIDR
Resource Type definition for AWS::EC2::SubnetNetworkAclAssociation
Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. A route table can be associated with multiple subnets. To create a route table, see AWS::EC2::RouteTable.
Resource Type definition for AWS::EC2::TransitGateway
Resource Type definition for AWS::EC2::TransitGatewayAttachment
The AWS::EC2::TransitGatewayConnect type
The AWS::EC2::TransitGatewayMulticastDomain type
The AWS::EC2::TransitGatewayMulticastDomainAssociation type
The AWS::EC2::TransitGatewayMulticastGroupMember registers and deregisters members and sources (network interfaces) with the transit gateway multicast group
The AWS::EC2::TransitGatewayMulticastGroupSource registers and deregisters members and sources (network interfaces) with the transit gateway multicast group
The AWS::EC2::TransitGatewayPeeringAttachment type
Resource Type definition for AWS::EC2::TransitGatewayRouteTable
Resource Type definition for AWS::EC2::TransitGatewayVpcAttachment
The AWS::EC2::VerifiedAccessEndpoint resource creates an AWS EC2 Verified Access Endpoint.
The AWS::EC2::VerifiedAccessGroup resource creates an AWS EC2 Verified Access Group.
The AWS::EC2::VerifiedAccessInstance resource creates an AWS EC2 Verified Access Instance.
The AWS::EC2::VerifiedAccessTrustProvider type describes a verified access trust provider
Specifies an Amazon Elastic Block Store (Amazon EBS) volume. When you use AWS CloudFormation to update an Amazon EBS volume that modifies Iops , Size , or VolumeType , there is a cooldown period before another operation can occur. This can cause your stack to report being in UPDATE_IN_PROGRESS or UPDATE_ROLLBACK_IN_PROGRESS for long periods of time. Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback. Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
Specifies a virtual private cloud (VPC). To add an IPv6 CIDR block to the VPC, see AWS::EC2::VPCCidrBlock. For more information, see Virtual private clouds (VPC) in the Amazon VPC User Guide.
Resource Type definition for AWS::EC2::VPCCidrBlock
Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the AWS PrivateLink User Guide . An endpoint of type Interface establishes connections between the subnets in your VPC and an AWS service , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. An endpoint of type gateway serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see Why can't I connect to an S3 bucket using a gateway VPC endpoint? An endpoint of type GatewayLoadBalancer provides private connectivity between your VPC and virtual appliances from a service provider.
Resource Type definition for AWS::EC2::VPCEndpointConnectionNotification
Resource Type definition for AWS::EC2::VPCEndpointService
Resource Type definition for AWS::EC2::VPCEndpointServicePermissions
Resource Type definition for AWS::EC2::VPCGatewayAttachment
Resource Type definition for AWS::EC2::VPCPeeringConnection
Specifies a VPN connection between a virtual private gateway and a VPN customer gateway or a transit gateway and a VPN customer gateway. To specify a VPN connection between a transit gateway and customer gateway, use the `TransitGatewayId` and `CustomerGatewayId` properties. To specify a VPN connection between a virtual private gateway and customer gateway, use the `VpnGatewayId` and `CustomerGatewayId` properties. For more information, see in the User Guide.
Specifies a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN connection. You can create a virtual private gateway before creating the VPC itself. For more information, see in the User Guide.