Amazon Elastic Compute Cloud
API Reference (API Version 2014-10-01)
Did this page help you?  Yes | No |  Tell us about it...
« Previous
View the PDF for this guide.Go to the AWS Discussion Forum for this product.

Error Codes

Amazon EC2 has two types of error codes:

  • Client errors. These errors are usually caused by something the client did, such as use an action or resource on behalf of a user that doesn't have permission to use the action or resource, or specify an identifier that is not valid. These errors are accompanied by a 400-series HTTP response code.

  • Server errors. These errors are usually caused by a server-side issue. These errors are accompanied by a 500-series HTTP response code.

Common Client Errors

This section lists the common client errors that all actions can return.

Error CodeDescription
AuthFailureThe provided credentials could not be validated. You may not be authorized to carry out the request; for example, associating an Elastic IP address that is not yours, or trying to use an AMI for which you do not have permissions. Ensure that your account is authorized to use the Amazon EC2 service, that your credit card details are correct, and that you are using the correct access keys.
BlockedYour account is currently blocked. Contact aws-verification@amazon.com if you have questions.
DryRunOperationThe user has the required permissions, so the request would have succeeded, but the DryRun parameter was used.
IdempotentParameterMismatchThe request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical.
IncompleteSignatureThe request signature does not conform to AWS standards.
InvalidActionThe action or operation requested is invalid. Verify that the action is typed correctly.
InvalidClientTokenIdThe X.509 certificate or AWS access key ID provided does not exist in our records.
InvalidParameterA parameter specified in a request is not valid, is unsupported, or cannot be used. The returned message provides an explanation of the error value. For example, if you are launching an instance, you can't specify a security group and subnet that are in different VPCs.
InvalidParameterCombinationIndicates an incorrect combination of parameters, or a missing parameter. For example, trying to terminate an instance without specifying the instance ID.
InvalidParameterValueA value specified in a parameter is not valid, is unsupported, or cannot be used. Ensure that you specify a resource by using its full ID. The returned message provides an explanation of the error value.
InvalidQueryParameterThe AWS query string is malformed or does not adhere to AWS standards.
MalformedQueryStringThe query string contains a syntax error.
MissingActionThe request is missing an action or a required parameter.
MissingAuthenticationTokenThe request must contain either a valid (registered) AWS access key ID or X.509 certificate.
MissingParameterThe request is missing a required parameter. Ensure that you have supplied all the required parameters for the request; for example, the resource ID.
OptInRequiredYou are not authorized to use the requested service. Ensure that you have subscribed to the service you are trying to use. If you are new to AWS, your account might take some time to be activated while your credit card details are being verified.
PendingVerificationYour account is pending verification. Until the verification process is complete, you may not be able to carry out requests with this account. If you have questions, contact AWS Support.
RequestExpiredThe request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp on the request is more than 15 minutes in the future.
RequestLimitExceededThe maximum request rate permitted by the Amazon EC2 APIs has been exceeded for your account. For best results, use an increasing or variable sleep interval between requests. For more information, see Query API Request Rate.
ThrottlingThe request was denied due to request throttling.
UnauthorizedOperationYou are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys. For more information, see Controlling Access. If the returned message is encoded, you can decode it using the DecodeAuthorizationMessage action. For more information, see DecodeAuthorizationMessage in the AWS Security Token Service API Reference.
UnknownParameterAn unknown or unrecognized parameter was supplied. Requests that could cause this error include supplying a misspelled parameter or a parameter that is not supported for the specified API version.
UnsupportedProtocolSOAP has been deprecated and is not supported for the API version you're using. For more information, see SOAP Requests.
ValidationErrorThe input fails to satisfy the constraints specified by an AWS service.

Client Errors For Specific Actions

This section lists client errors that are specific to certain Amazon EC2 API actions.

Error CodeDescription
ActiveVpcPeeringConnectionPerVpcLimitExceededYou've reached the limit on the number of active VPC peering connections you can have for the specified VPC.
AddressLimitExceeded You've reached the limit on the number of Elastic IP addresses that you can allocate.

For more information, see Elastic IP Address Limit. If you need additional Elastic IP addresses, complete the Amazon EC2 Elastic IP Address Request Form. If you need additional Elastic IP addresses for your VPCs, complete the Amazon VPC Limits form.

AttachmentLimitExceeded You've reached the limit on the number of Amazon EBS volumes that can be attached to a single instance.
BundlingInProgress The specified instance already has a bundling task in progress.
CannotDeleteYou cannot delete the 'default' security group in your VPC, but you can change its rules. For more information, see Amazon EC2 Security Groups.
ConcurrentSnapshotLimitExceededYou've reached the limit on the number of concurrent snapshots you can create on the specified volume. Wait until the 'pending' requests have completed, and check that you do not have snapshots that are in a incomplete state, such as 'error', which count against your concurrent snapshot limit.
ConcurrentTagAccessYou can't run simultaneous commands to modify a tag for a specific resource. Allow sufficient wait time for the previous request to complete, then retry your request. For more information, see Error Retries and Exponential Backoff in AWS.
CustomerGatewayLimitExceeded You've reached the limit on the number of customer gateways you can create for the region. For more information, see Amazon VPC Limits. To request an increase on your customer gateway limit, complete the Amazon VPC Limits form.
DependencyViolation The specified object has dependent resources. A number of resources in a VPC may have dependent resources, which prevent you from deleting or detaching them. Remove the dependencies first, then retry your request. For example, this error occurs if you try to delete a security group in a VPC that is in use by another security group.
DiskImageSizeTooLarge The disk image exceeds the allowed limit (for instance or volume import).
EncryptedVolumesNotSupported Encrypted Amazon EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide for Linux Instances.
FilterLimitExceeded The request uses too many filters or too many filter values.
Gateway.NotAttached An Internet gateway is not attached to a VPC. If you are trying to detach an Internet gateway, ensure that you specify the correct VPC. If you are trying to associate an Elastic IP address with a network interface or an instance, ensure that an Internet gateway is attached to the relevant VPC.
IncorrectInstanceState The instance is in an incorrect state, so the requested action can't be completed. For example, some instance attributes, such as user data, can only be modified if the instance is in a 'stopped' state.

If you are associating an Elastic IP address with a network interface, ensure that the instance that the interface is attached to is not in the 'pending' state.

IncorrectState The resource is in an incorrect state for the request. This error can occur if you are trying to attach a volume that is still being created. Ensure that the volume is in the 'available' state. If you are creating a snapshot, ensure that the previous request to create a snapshot on the same volume has completed. If you are deleting a virtual private gateway, ensure that it's detached from the VPC.
InstanceLimitExceeded You've reached the limit on the number of instances you can run concurrently. The limit depends on the instance type. For more information, see How many instances can I run in Amazon EC2. If you need additional instances, complete the Amazon EC2 Instance Request Form.
InsufficientFreeAddressesInSubnetThe specified subnet does not contain enough free IP addresses to fulfill your request. Use the DescribeSubnets request to view how many IP addresses are available (unused) in your subnet. IP addresses associated with stopped instances are considered unavailable.
InsufficientReservedInstancesCapacityThere is insufficient capacity for the requested Reserved Instances.
InternetGatewayLimitExceeded You've reached the limit on the number of Internet gateways that you can create. For more information, see Amazon VPC Limits. To request an increase on the Internet gateway limit, complete the Amazon VPC Limits form.
InvalidAddress.NotFoundThe specified Elastic IP address that you are describing cannot be found. Ensure that you specify the region in which the IP address is located, if it's not in the default region.
InvalidAddressID.NotFoundThe specified allocation ID for the Elastic IP address you are trying to release cannot be found. Ensure that you specify the region in which the IP address is located, if it's not in the default region.
InvalidAllocationID.NotFoundThe specified allocation ID you are trying to describe or associate does not exist. Ensure that you specify the region in which the IP address is located, if it's not in the default region.
InvalidAMIAttributeItemValue The value of an item added to, or removed from, an image attribute is not valid. If you are specifying a userId, check that it is in the form of an AWS account ID, without hyphens.
InvalidAMIID.Malformed The specified AMI ID is not valid. Ensure that you provide the full AMI ID, in the form ami-xxxxxx.
InvalidAMIID.NotFound The specified AMI does not exist. Check the AMI ID, and ensure that you specify the region in which the AMI is located, if it's not in the default region. This error may also occur if you specified an incorrect kernel ID when launching an instance.
InvalidAMIID.Unavailable The specified AMI has been deregistered and is no longer available, or is not in a state from which you can launch an instance.
InvalidAMIName.DuplicateThe specified AMI name is already in use by another AMI. If you have recently deregistered an AMI with the same name, allow enough time for the change to propagate through the system, and retry your request.
InvalidAMIName.MalformedAMI names must be between 3 and 128 characters long, and may contain letters, numbers, and only the following characters: ( ) . - / _
InvalidAssociationID.NotFound The specified association ID (for an Elastic IP address, a route table, or network ACL) does not exist. Ensure that you specify the region in which the association ID is located, if it's not in the default region.
InvalidAttachment.NotFound Indicates an attempt to detach a volume from an instance to which it is not attached.
InvalidAttachmentID.NotFoundThe specified network interface attachment does not exist.
InvalidBlockDeviceMappingA block device mapping parameter is not valid. The returned message indicates the incorrect value.
InvalidBundleID.NotFoundThe specified bundle task ID cannot be found. Ensure that you specify the region in which the bundle task is located, if it's not in the default region.
InvalidConversionTaskId The specified conversion task ID (for instance or volume import) is not valid.
InvalidCustomerGateway.DuplicateIpAddress There is a conflict among the specified gateway IP addresses.
InvalidCustomerGatewayId.MalformedThe specified customer gateway ID is malformed, or cannot be found. Specify the ID in the form cgw-xxxxxxxx, and ensure that you specify the region in which the customer gateway is located, if it's not in the default region.
InvalidCustomerGatewayID.NotFound The specified customer gateway ID cannot be found. Ensure that you specify the region in which the customer gateway is located, if it's not in the default region.
InvalidDevice.InUse The device to which you are trying to attach (for example, /dev/sdh) is already in use on the instance.
InvalidDhcpOptionID.NotFound The specified DHCP options set does not exist. Ensure that you specify the region in which the DHCP options set is located, if it's not in the default region.
InvalidDhcpOptionsID.NotFound The specified DHCP options set does not exist. Ensure that you specify the region in which the DHCP options set is located, if it's not in the default region.
InvalidDhcpOptionsId.MalformedThe specified DHCP options set ID is not valid. Ensure that you provide the full DHCP options set ID in the request, in the form dopt-xxxxxx.
InvalidExportTaskID.NotFoundThe specified export task ID cannot be found.
InvalidFilter The specified filter is not valid.
InvalidFormat The specified disk format (for the instance or volume import) is not valid.
InvalidGatewayID.NotFound The specified gateway does not exist.
InvalidGroup.Duplicate You cannot create a security group with the same name as an existing security group in the same VPC, or the same region (EC2-Classic).
InvalidGroupId.Malformed The specified security group ID is not valid. Ensure that you provide the full security group ID in the request, in the form sg-xxxxxxx.
InvalidGroup.InUse The specified security group can't be deleted because it's in use by another security group. You can remove dependencies by modifying or deleting rules in the affected security groups.
InvalidGroup.NotFound The specified security group does not exist. Ensure that you provide the full security group ID in the request, in the form sg-xxxxxxx.

This error may occur because the ID of a recently created security group has not propagated through the system. For more information, see Eventual Consistency.

You cannot specify a security group that is in a different region or VPC to the request. For example, if you are creating a network interface, you cannot specify a security group that is associated with a different VPC to the subnet you've specified in your request.

InvalidGroup.Reserved The name 'default' is reserved, and cannot be used to create a new security group. You also cannot delete the default EC2-Classic security group, but you can change its rules. For more information, see Amazon EC2 Security Groups.
InvalidIDThe specified ID for the resource you are trying to tag is not valid. Ensure that you provide the full resource ID; for example, ami-2bb65342 for an AMI.

If you're using the command line tools on a Windows system, you might need to use quotation marks for the key-value pair; for example, "Name=TestTag".

InvalidInputAn input parameter in the request is invalid; for example, if you specified an incorrect Reserved Instance listing ID in the request.
InvalidInstanceAttributeValueThe specified instance attribute value is not valid. This error is most commonly encountered when trying to set the InstanceType/--instance-type attribute to an unrecognized value.
InvalidInstanceIDThis error commonly occurs when trying to associate an IP address with an instance that is not in the 'running' state. This error can also occur when trying to perform an operation on an instance that has multiple network interfaces.

A network interface can have individual attributes; therefore, you may need to specify the network interface ID as part of the request, or use a different request. For example, each network interface in an instance can have a source/destination check flag. If you want to modify this attribute, you need to modify the network interface attribute, and not the instance attribute.

If you want to create a route in a route table, you need to provide a specific network interface ID as part of the request.

InvalidInstanceID.Malformed The specified instance ID is not valid. Ensure that you provide the full instance ID in the request, in the form i-xxxxxx.
InvalidInstanceID.NotFound The specified instance does not exist. Ensure that you have indicated the region in which the instance is located, if it's not in the default region. This error may occur because the ID of a recently created instance has not propagated through the system. For more information, see Eventual Consistency.
InvalidInstanceTypeThe specified instance does not support bundling. You can only bundle instance store-backed Windows instances.
InvalidInterface.IpAddressLimitExceededThe number of private IP addresses for a specified network interface exceeds the limit for the type of instance you are trying to launch. For more information about the maximum number of private IP addresses per ENI, see Private IP addresses per ENI.
InvalidInternetGatewayID.NotFound The specified Internet gateway does not exist. Ensure that you specify the region in which the Internet gateway is located, if it's not in the default region.
InvalidIPAddress.InUse The specified IP address is already in use. If you are trying to release an address, you must first disassociate it from the instance.
InvalidKey.FormatThe key pair is not specified in a valid OpenSSH public key format.
InvalidKeyPair.Duplicate The key pair name already exists in that region. If you are creating or importing a key pair, ensure that you use a unique name.
InvalidKeyPair.Format The format of the public key you are attempting to import is not valid.
InvalidKeyPair.NotFound The specified key pair name does not exist. Ensure that you specify the region in which the key pair is located, if it's not in the default region.
InvalidManifest The specified AMI has an unparsable manifest, or you may not have access to the location of the manifest file in Amazon S3.
InvalidNetworkAclEntry.NotFound The specified network ACL entry does not exist.
InvalidNetworkAclID.NotFound The specified network ACL does not exist. Ensure that you specify the region in which the network ACL is located, if it's not in the default region.
InvalidNetworkInterfaceAttachmentID.MalformedThe ID for the network interface attachment is not valid. Ensure that you use the attachment ID rather than the network interface ID, in the form eni-attach-xxxxxx.
InvalidNetworkInterface.InUseThe specified interface is currently in use and cannot be deleted. Ensure that you have detached the network interface first.
InvalidNetworkInterfaceId.MalformedThe specified network interface ID is invalid. Ensure that you specify the network interface ID in the form eni-xxxxxxxx.
InvalidNetworkInterfaceID.NotFoundThe specified network interface does not exist. Ensure that you have provided the full ID for the network interface, in the form eni-xxxxxx. Ensure that you specify the region in which the network interface is located, if it's not in the default region.
InvalidOption.ConflictA VPN connection between the virtual private gateway and the customer gateway already exists.
InvalidPermission.Duplicate The specified inbound or outbound rule already exists for that security group.
InvalidPermission.Malformed The specified security group rule is malformed. If you are specifying an IP address range, ensure that you use CIDR notation; for example, 203.0.113.0/24.
InvalidPermission.NotFoundThe specified rule does not exist in this security group.
InvalidPlacementGroup.DuplicateThe specified placement group already exists in that region.
InvalidPlacementGroup.InUseThe specified placement group is in use. If you are trying to delete a placement group, ensure that its instances have been terminated.
InvalidPlacementGroup.UnknownThe specified placement group cannot be found. Ensure that you specify the region in which the placement group is located, if it's not in the default region.
InvalidRequestThe request is invalid. The returned message provides details about the nature of the error.
InvalidReservationID.Malformed The specified reservation ID is not valid.
InvalidReservationID.NotFound The specified reservation does not exist.
InvalidReservedInstancesId The specified Reserved Instance does not exist.
InvalidReservedInstancesOfferingId The specified Reserved Instances offering does not exist.
InvalidRoute.Malformed The specified route is not valid. If you are deleting a route in a VPN connection, ensure that you've entered the value for the CIDR block correctly.
InvalidRoute.NotFound The specified route does not exist in the specified route table. Ensure that you indicate the exact CIDR range for the route in the request. This error can also occur if you've specified a route table ID in the request that does not exist.
InvalidRouteTableId.MalformedThe specified route table ID is malformed. Ensure that you specify the route table ID in the form rtb-xxxxxxxx.
InvalidRouteTableID.NotFound The specified route table does not exist. Ensure that you specify the route table ID in the form rtb-xxxxxxxx, and that you specify the region in which the route table is located, if it's not in the default region.
InvalidSecurityGroupID.NotFoundThe specified security group does not exist. If you are creating a network interface, ensure that you specify a VPC security group, and not an EC2-Classic security group. Ensure that you specify the full security group ID, in the form sg-xxxxxx.
InvalidSecurity.RequestHasExpired The difference between the request timestamp and the AWS server time is greater than 5 minutes. Ensure that your system clock is accurate and configured to use the correct time zone.
InvalidSnapshotID.Malformed The snapshot ID is not valid.
InvalidSnapshot.InUse The snapshot that you are trying to delete is in use by one or more AMIs.
InvalidSnapshot.NotFound The specified snapshot does not exist. Ensure that you specify the region in which the snapshot is located, if it's not in the default region.
InvalidSpotDatafeed.NotFoundYou have no data feed for Spot Instances.
InvalidSpotInstanceRequestID.MalformedThe specified Spot Instance request ID is not valid. Ensure that you specify the Spot Instance request ID in the form sir-xxxxxxxx.
InvalidSpotInstanceRequestID.NotFoundThe specified Spot Instance request ID does not exist. Ensure that you specify the region in which the Spot Instance request is located, if it's not in the default region.
InvalidStateThe specified resource is not in the correct state for the request; for example, if you are trying to enable monitoring on a recently terminated instance, or if you are trying to create a snapshot when a previous identical request has not yet completed.
InvalidStateTransitionThe specified VPC peering connection is not in the correct state for the request. For example, you may be trying to accept a VPC peering request that has failed, or that was rejected.
InvalidSubnet.ConflictThe specified CIDR block conflicts with that of another subnet in your VPC.
InvalidSubnetID.NotFound The specified subnet does not exist. Ensure that you have indicated the region in which the subnet is located, if it's not in the default region.
InvalidUserID.Malformed The specified user or owner is not valid. If you are performing a DescribeImages request, you must specify a valid value for the owner or executableBy parameters, such as an AWS account ID. If you are performing a DescribeSnapshots request, you must specify a valid value for the owner or restorableBy parameters.
InvalidVolumeID.Duplicate The Amazon EBS volume already exists.
InvalidVolumeID.Malformed The specified volume ID is not valid. Check the letter-number combination carefully; this error occurs if you have specified more than eights digits after the 'vol-' prefix.
InvalidVolumeID.ZoneMismatch The specified volume and instance are in different Availability Zones.
InvalidVolume.NotFound The specified volume does not exist. Ensure that you have indicated the region in which the volume is located, if it's not in the default region. Ensure that you are using the correct access credentials.
InvalidVolume.ZoneMismatchThe specified volume is not in the same Availability Zone as the specified instance. You can only attach an Amazon EBS volume to an instance if they are in the same Availability Zone.
InvalidVpcID.NotFound The specified VPC does not exist. Use the full VPC ID in the request, in the form vpc-xxxxxxxx. Ensure that you have indicated the region in which the VPC is located, if it's not in the default region.
InvalidVpcPeeringConnectionId.MalformedThe specified VPC peering connection ID is malformed. Ensure that you provide the ID in the form pcx-xxxxxxxx.
InvalidVpcPeeringConnectionID.NotFoundThe specified VPC peering connection ID does not exist. Ensure that you have indicated the region in which the VPC peering connection is located, if it's not in the default region.
InvalidVpcRangeThe specified CIDR block range is not valid. The block range must be between a /28 netmask and /16 netmask. For more information, see Your VPC and Subnets.
InvalidVpcStateThe specified VPC already has a virtual private gateway attached to it.
InvalidVpnConnectionIDThe specified VPN connection ID cannot be found. Ensure that you have indicated the region in which the VPN connection ID is located, if it's not in the default region.
InvalidVpnConnectionID.NotFound The specified VPN connection ID does not exist. Ensure that you have indicated the region in which the VPN connection ID is located, if it's not in the default region.
InvalidVpnGatewayAttachment.NotFoundAn attachment between the specified virtual private gateway and specified VPC does not exist. This error can also occur if you've specified an incorrect VPC ID in the request.
InvalidVpnGatewayID.NotFound The specified virtual private gateway does not exist. Ensure that you have indicated the region in which the virtual private gateway is located, if it's not in the default region.
InvalidZone.NotFound The specified Availability Zone does not exist, or is not available for you to use. Use the DescribeAvailabilityZones request to list the Availability Zones that are currently available to you. Ensure that you have indicated the region for the Availability Zone in the request, if it's not in the default region. Specify the full name of the Availability Zone: for example, us-east-1a.
LegacySecurityGroup You must delete the 2009-07-15-default security group before you can attach an Internet gateway.
MaxIOPSLimitExceededYou've reached the limit on your IOPS usage for that region. If you need to increase your volume limit, complete the Amazon EC2 EBS Volume Limit Form.
MaxSpotInstanceCountExceededYou've reached the limit on the number of Spot Instances that you can launch. The limit depends on the instance type. For more information, see How many instances can I run in Amazon EC2. If you need additional instances, complete the Amazon EC2 Instance Request Form.
NetworkAclEntryAlreadyExists The specified rule number already exists in this network ACL.
NetworkAclEntryLimitExceeded You've reached the limit on the number of rules that you can add to the network ACL. For more information, see Amazon VPC Limits.
NetworkAclLimitExceeded You've reached the limit on the number of network ACLs that you can create for the specified VPC. For more information, see Amazon VPC Limits. To request an increase on your network ACL limit, complete the Amazon VPC Limits form.
NonEBSInstance The specified instance does not support Amazon EBS. Restart the instance and try again, to ensure that the code is run on an instance with updated code.
NotExportableThe specified instance cannot be exported. You can only export instances that were previously imported into Amazon EC2. For more information, see Exporting EC2 Instances
OperationNotPermittedThe specified operation is not allowed. This error can occur for a number of reasons; for example, you might be trying to terminate an instance that has termination protection enabled, or trying to detach the primary network interface (eth0) from an instance.
OutstandingVpcPeeringConnectionLimitExceededYou've reached the limit on the number of VPC peering connection requests that you can create for the specified VPC.
PendingSnapshotLimitExceeded You've reached the limit on the number of Amazon EBS snapshots that you can have in the pending state.
PrivateIpAddressLimitExceededYou've reached the limit on the number of private IP addresses that you can assign to the specified network interface for that type of instance. For more information about the maximum number of private IP addresses per ENI, see Private IP addresses per ENI.
RequestResourceCountExceeded

Details in your Spot request exceed the numbers allowed by the Spot service in one of the following ways, depending on the action that generated the error:

—If you get this error when you submitted a bid for Spot Instances, check the number of Spot Instances specified in your request. The number shouldn't exceed the 3,000 maximum allowed per request. Resend your Spot Instance request and specify a number less than 3,000. If your account's regional Spot request limit is greater than 3,000 instances, you can access these instances by submitting multiple smaller requests.

—If you get this error when you sent Describe Spot Instance requests, check the number of requests for Spot Instance data, the amount of data you requested, and how often you sent the request. The frequency with which you requested the data combined with the amount of data exceeds the levels allowed by the Spot service. Try again and submit fewer large Describe requests over longer intervals.

ReservedInstancesLimitExceededYour current quota does not allow you to purchase the required number of Reserved Instances.
Resource.AlreadyAssociated The specified resource is already in use. For example, in EC2-VPC, you cannot associate an Elastic IP address with an instance if it's already associated with another instance. You also cannot attach an Internet gateway to more than one VPC at a time.
ResourceCountExceeded You have exceeded the number of resources allowed for this request; for example, if you try to launch more instances than AWS allows in a single request. This limit is separate from your individual resource limit. For more information about your resource count limit, contact AWS Support.
ResourceLimitExceeded You have exceeded an Amazon EC2 resource limit. For example, you might have too many snapshot copies in progress.
RouteAlreadyExists A route for the specified CIDR block already exists in this route table.
RouteLimitExceeded You've reached the limit on the number of routes that you can add to a route table.
RouteTableLimitExceeded You've reached the limit on the number of route tables that you can create for the specified VPC. For more information about route table limits, see Amazon VPC Limits.
RulesPerSecurityGroupLimitExceeded You've reached the limit on the number of rules that you can add to a security group. The limit depends on whether you are using EC2-Classic or EC2-VPC. For more information, see Security Group Rules.
SecurityGroupLimitExceeded You've reached the limit on the number of security groups that you can create, or that you can assign to an instance. The limit depends on whether you are using EC2-Classic or EC2-VPC. For more information, see Creating Your Own Security Groups.
SecurityGroupsPerInstanceLimitExceeded You've reached the limit on the number of security groups that you can assign to an instance. The limit depends on whether you are using EC2-Classic or EC2-VPC. For more information, see Amazon EC2 Security Groups.
SecurityGroupsPerInterfaceLimitExceededYou've reached the limit on the number of security groups you can associate with the specified network interface. You are limited to five security groups per network interface.
SignatureDoesNotMatchThe request signature that Amazon has does not match the signature that you provided. Check your AWS access keys and signing method.
SnapshotLimitExceeded You've reached the limit on the number of Amazon EBS snapshots that you can create. To request an increase on your snapshot limit, complete the Amazon EC2 EBS Volume Limit Form.
SubnetLimitExceeded You've reached the limit on the number of subnets that you can create for the specified VPC. For more information about subnet limits, see Amazon VPC Limits. To request an increase on your subnet limit, complete the Amazon VPC Limits form.
TagLimitExceededYou've reached the limit on the number of tags that you can assign to the specified resource. For more information, see Tag Restrictions.
UnknownVolumeTypeThe specified volume type is unsupported. The supported volume types are gp2, io1, and standard.
UnsupportedThe specified request is unsupported. For example, you might be trying to launch an instance in an Availability Zone that currently has constraints on that instance type. The returned message provides details of the unsupported request.
UnsupportedOperation The specified request includes an unsupported operation. For example, you can't stop an instance that's instance store-backed. Or you might be trying to launch an instance type that is not supported by the specified AMI. The returned message provides details of the unsupported operation.
VolumeInUse The specified Amazon EBS volume is attached to an instance. Ensure that the specified volume is in an ‘available’ state.
VolumeLimitExceeded You've reached the limit on your Amazon EBS volume storage. To request an increase, complete the Amazon EC2 EBS Volume Limit Form.
VolumeTypeNotAvailableInZone

The specified Availability Zone does not support Provisioned IOPS (SSD) volumes. Try launching your instance in a different Availability Zone, or don't specify a zone in the request. If you're creating a volume, try specifying a different Availability Zone in the request.

VPCIdNotSpecifiedYou have no default VPC in which to carry out the request. Specify a VPC ID or subnet ID, or in the case of security groups, specify the ID, and not the security group name. You can contact AWS Support to create a new default VPC.
VpcLimitExceeded You've reached the limit on the number of VPCs that you can create in the region. For more information about VPC limits, see Amazon VPC Limits. To request an increase on your VPC limit, complete the Amazon VPC Limits form.
VpcPeeringConnectionAlreadyExistsA VPC peering connection between the VPCs already exists.
VPCResourceNotSpecifiedThe specified resource can be used only in a VPC. If you are launching a T2 instance type, ensure that you have a VPC in your account, and then specify a subnet ID or network interface ID in the request.
VpnConnectionLimitExceeded You've reached the limit on the number of VPN connections that you can create. For more information about limits, see Amazon VPC Limits. To request an increase on your VPN connection limit, complete the Amazon VPC Limits form.
VpnGatewayAttachmentLimitExceeded You've reached the limit on the number of VPCs that can be attached to the specified virtual private gateway.
VpnGatewayLimitExceeded You've reached the limit on the number of virtual private gateways that you can create. For more information about limits, see Amazon VPC Limits. To request an increase on your virtual private gateway limit, complete the Amazon VPC Limits form.

Common Causes of Client Errors

There are a number of reasons that you might encounter an error while performing a request. Some errors can be prevented or easily solved by following these guidelines:

  • Specify the region: Some resources can't be shared between regions. If you are specifying a resource that's located in a region other than the default region (us-east-1), you need to specify its region in the request. If the resource cannot be found, you'll get the following kind of error: Client.InvalidResource.NotFound; for example, Client.InvalidInstanceID.NotFound.

  • Allow for eventual consistency: Some errors are caused because a previous request has not yet propagated thorough the system. For more information, see Eventual Consistency.

  • Use a sleep interval between request rates: Amazon EC2 API requests are throttled to help maintain the performance of the service. If your requests have been throttled, you'll get the following error: Client.RequestLimitExceeded. For more information, see Query API Request Rate.

  • Use the full ID of the resource: When specifying a resource, ensure that you use its full ID, and not its user-supplied name or description. For example, when specifying a security group in a request, use its ID in the form sg-xxxxxx.

  • Check your services: Ensure that you have signed up for all the services you are attempting to use. You can check which services you're signed up for by going to the My Account section of the AWS home page.

  • Check your permissions: Ensure that you have the required permissions to carry out the request. If you are not authorized, you'll get the following error: Client.UnauthorizedOperation. For more information, see Controlling Access in the Amazon EC2 User Guide for Linux Instances.

  • Check your VPC: Some resources cannot be shared between VPCs; for example, security groups.

  • Check your credentials: Ensure that you provide your access keys when you are making requests; that you have entered the credentials correctly; and, if you have more than one account, that you are using the correct credentials for a particular account. If the provided credentials are incorrect, you may get the following error: Client.AuthFailure.

Server Errors

This section lists all the server errors that can be returned.

Error CodeDescription
InsufficientAddressCapacity Not enough available addresses to satisfy your minimum request. Reduce the number of addresses you are requesting or wait for additional capacity to become available.
InsufficientInstanceCapacity There is not enough capacity to fulfill your instance request. Reduce the number of instances in your request, or wait for additional capacity to become available. The returned message might also give specific guidance about how to solve the problem.
InsufficientReservedInstanceCapacity Not enough available Reserved Instances to satisfy your minimum request. Reduce the number of Reserved Instances in your request or wait for additional capacity to become available.
InternalError An internal error has occurred. Retry your request, but if the problem persists, contact us with details by posting a message on the AWS forums.
InternalFailureThe request processing has failed because of an unknown error, exception or failure.
ServiceUnavailableThe request has failed due to a temporary failure of the server.
Unavailable The server is overloaded and can't handle the request.

Example Error Response

The following shows the structure of a request error response.

<Response>
    <Errors>
         <Error>
           <Code>Error code text</Code>
           <Message>Error message</Message>
         </Error>
    </Errors>
    <RequestID>request ID</RequestID>
</Response>

The following shows an example of an error response.

<Response>
    <Errors>
         <Error>
           <Code>InvalidInstanceID.NotFound</Code>
           <Message>The instance ID 'i-1a2b3c4d' does not exist</Message>
         </Error>
    </Errors>
    <RequestID>ea966190-f9aa-478e-9ede-example</RequestID>
</Response>

Eventual Consistency

The Amazon EC2 API follows an eventual consistency model, due to the distributed nature of the system supporting the API. This means that when you run an API command, the result may not be immediately visible to subsequent API commands, which can result in an error.

For more information about eventual consistency and how to manage it, see Eventual Consistency.