ModifyNetworkInterfaceAttribute - Amazon Elastic Compute Cloud


Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.

Request Parameters

The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.


Information about the interface attachment. If modifying the 'delete on termination' attribute, you must specify the ID of the interface attachment.

Type: NetworkInterfaceAttachmentChanges object

Required: No


A description for the network interface.

Type: AttributeValue object

Required: No


Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No


The ID of the network interface.

Type: String

Required: Yes


Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it's just the default security group in the VPC. You must specify the ID of the security group, not the name.

Type: Array of strings

Required: No


Indicates whether source/destination checking is enabled. A value of true means checking is enabled, and false means checking is disabled. This value must be false for a NAT instance to perform NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide.

Type: AttributeBooleanValue object

Required: No

Response Elements

The following elements are returned by the service.


The ID of the request.

Type: String


Is true if the request succeeds, and an error otherwise.

Type: Boolean


For information about the errors that are common to all actions, see Common Client Errors.



This example sets source/destination checking to false for the specified network interface.

Sample Request &NetworkInterfaceId=eni-ffda3197 &SourceDestCheck.Value=false &AUTHPARAMS

Sample Response

<ModifyNetworkInterfaceAttributeResponse xmlns=""> <requestId>657a4623-5620-4232-b03b-427e852d71cf</requestId> <return>true</return> </ModifyNetworkInterfaceAttributeResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: