AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.
Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.
Note: Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the ModifyNetworkInterfaceAttribute action.
To modify some attributes, the instance must be stopped. For more information, see Modify a stopped instance in the Amazon EC2 User Guide .
See also: AWS API Documentation
modify-instance-attribute
[--source-dest-check | --no-source-dest-check]
[--disable-api-stop | --no-disable-api-stop]
[--dry-run | --no-dry-run]
--instance-id <value>
[--attribute <value>]
[--value <value>]
[--block-device-mappings <value>]
[--disable-api-termination | --no-disable-api-termination]
[--instance-type <value>]
[--kernel <value>]
[--ramdisk <value>]
[--user-data <value>]
[--instance-initiated-shutdown-behavior <value>]
[--groups <value>]
[--ebs-optimized | --no-ebs-optimized]
[--sriov-net-support <value>]
[--ena-support | --no-ena-support]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
--source-dest-check
| --no-source-dest-check
(structure)
Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is
true
, source/destination checks are enabled; otherwise, they are disabled. The default value istrue
. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.Value -> (boolean)
The attribute value. The valid values aretrue
orfalse
.
--disable-api-stop
| --no-disable-api-stop
(structure)
Indicates whether an instance is enabled for stop protection. For more information, see Enable stop protection for your instance .
Value -> (boolean)
The attribute value. The valid values aretrue
orfalse
.
--dry-run
| --no-dry-run
(boolean)
Checks whether you have the required permissions for the operation, without actually making the request, and provides an error response. If you have the required permissions, the error response isDryRunOperation
. Otherwise, it isUnauthorizedOperation
.
--instance-id
(string)
The ID of the instance.
--attribute
(string)
The name of the attribute to modify.
Warning
You can modify the following attributes only:disableApiTermination
|instanceType
|kernel
|ramdisk
|instanceInitiatedShutdownBehavior
|blockDeviceMapping
|userData
|sourceDestCheck
|groupSet
|ebsOptimized
|sriovNetSupport
|enaSupport
|nvmeSupport
|disableApiStop
|enclaveOptions
Possible values:
instanceType
kernel
ramdisk
userData
disableApiTermination
instanceInitiatedShutdownBehavior
rootDeviceName
blockDeviceMapping
productCodes
sourceDestCheck
groupSet
ebsOptimized
sriovNetSupport
enaSupport
enclaveOptions
disableApiStop
--value
(string)
A new value for the attribute. Use only with thekernel
,ramdisk
,userData
,disableApiTermination
, orinstanceInitiatedShutdownBehavior
attribute.
--block-device-mappings
(list)
Modifies the
DeleteOnTermination
attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified forDeleteOnTermination
, the default istrue
and the volume is deleted when the instance is terminated. You can't modify theDeleteOnTermination
attribute for volumes that are attached to Fargate tasks.To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see Update the block device mapping when launching an instance in the Amazon EC2 User Guide .
(structure)
Describes a block device mapping entry.
DeviceName -> (string)
The device name (for example,/dev/sdh
orxvdh
).Ebs -> (structure)
Parameters used to automatically set up EBS volumes when the instance is launched.
VolumeId -> (string)
The ID of the EBS volume.DeleteOnTermination -> (boolean)
Indicates whether the volume is deleted on instance termination.VirtualName -> (string)
The virtual device name.NoDevice -> (string)
suppress the specified device included in the block device mapping.
Shorthand Syntax:
DeviceName=string,Ebs={VolumeId=string,DeleteOnTermination=boolean},VirtualName=string,NoDevice=string ...
JSON Syntax:
[
{
"DeviceName": "string",
"Ebs": {
"VolumeId": "string",
"DeleteOnTermination": true|false
},
"VirtualName": "string",
"NoDevice": "string"
}
...
]
--disable-api-termination
| --no-disable-api-termination
(structure)
If the value is
true
, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.Value -> (boolean)
The attribute value. The valid values aretrue
orfalse
.
--instance-type
(structure)
Changes the instance type to the specified value. For more information, see Instance types in the Amazon EC2 User Guide . If the instance type is not valid, the error returned is
InvalidInstanceAttributeValue
.Value -> (string)
The attribute value. The value is case-sensitive.
--kernel
(structure)
Changes the instance's kernel to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB .
Value -> (string)
The attribute value. The value is case-sensitive.
--ramdisk
(structure)
Changes the instance's RAM disk to the specified value. We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB .
Value -> (string)
The attribute value. The value is case-sensitive.
--user-data
(structure)
Changes the instance's user data to the specified value. User data must be base64-encoded. Depending on the tool or SDK that you're using, the base64-encoding might be performed for you. For more information, see Work with instance user data .
Value -> (blob)
Shorthand Syntax:
Value=blob
JSON Syntax:
{
"Value": blob
}
--instance-initiated-shutdown-behavior
(structure)
Specifies whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).
Value -> (string)
The attribute value. The value is case-sensitive.
--groups
(list)
Replaces the security groups of the instance with the specified security groups. You must specify the ID of at least one security group, even if it's just the default security group for the VPC.
(string)
Syntax:
"string" "string" ...
--ebs-optimized
| --no-ebs-optimized
(structure)
Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.
Value -> (boolean)
The attribute value. The valid values aretrue
orfalse
.
--sriov-net-support
(structure)
Set to
simple
to enable enhanced networking with the Intel 82599 Virtual Function interface for the instance.There is no way to disable enhanced networking with the Intel 82599 Virtual Function interface at this time.
This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.
Value -> (string)
The attribute value. The value is case-sensitive.
--ena-support
| --no-ena-support
(structure)
Set to
true
to enable enhanced networking with ENA for the instance.This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.
Value -> (boolean)
The attribute value. The valid values aretrue
orfalse
.
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command's default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal's quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
Example 1: To modify the instance type
The following modify-instance-attribute
example modifies the instance type of the specified instance. The instance must be in the stopped
state.
aws ec2 modify-instance-attribute \
--instance-id i-1234567890abcdef0 \
--instance-type "{\"Value\": \"m1.small\"}"
This command produces no output.
Example 2: To enable enhanced networking on an instance
The following modify-instance-attribute
example enables enhanced networking for the specified instance. The instance must be in the stopped
state.
aws ec2 modify-instance-attribute \
--instance-id i-1234567890abcdef0 \
--sriov-net-support simple
This command produces no output.
Example 3: To modify the sourceDestCheck attribute
The following modify-instance-attribute
example sets the sourceDestCheck
attribute of the specified instance to true
. The instance must be in a VPC.
aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --source-dest-check "{\"Value\": true}"
This command produces no output.
Example 4: To modify the deleteOnTermination attribute of the root volume
The following modify-instance-attribute
example sets the deleteOnTermination
attribute for the root volume of the specified Amazon EBS-backed instance to false
. By default, this attribute is true
for the root volume.
Command:
aws ec2 modify-instance-attribute \
--instance-id i-1234567890abcdef0 \
--block-device-mappings "[{\"DeviceName\": \"/dev/sda1\",\"Ebs\":{\"DeleteOnTermination\":false}}]"
This command produces no output.
Example 5: To modify the user data attached to an instance
The following modify-instance-attribute
example adds the contents of the file UserData.txt
as the UserData for the specified instance.
Contents of original file UserData.txt
:
#!/bin/bash
yum update -y
service httpd start
chkconfig httpd on
The contents of the file must be base64 encoded. The first command converts the text file to base64 and saves it as a new file.
Linux/macOS version of the command:
base64 UserData.txt > UserData.base64.txt
This command produces no output.
Windows version of the command:
certutil -encode UserData.txt tmp.b64 && findstr /v /c:- tmp.b64 > UserData.base64.txt
Output:
Input Length = 67
Output Length = 152
CertUtil: -encode command completed successfully.
Now you can reference that file in the CLI command that follows:
aws ec2 modify-instance-attribute \
--instance-id=i-09b5a14dbca622e76 \
--attribute userData --value file://UserData.base64.txt
This command produces no output.
For more information, see User Data and the AWS CLI in the EC2 User Guide.
None