Enable stop protection for your EC2 instances - Amazon Elastic Compute Cloud

Enable stop protection for your EC2 instances

To prevent an instance from being accidentally stopped, you can enable stop protection for the instance. Stop protection also protects your instance from accidental termination.

The DisableApiStop attribute of the Amazon EC2 ModifyInstanceAttribute API controls whether the instance can be stopped by using the Amazon EC2 console, the AWS CLI, or the Amazon EC2 API. You can set the value of this attribute when you launch the instance, while the instance is running, or while the instance is stopped.

Considerations
  • Enabling stop protection does not prevent you from accidentally stopping an instance by initiating a shutdown from the instance using an operating system command such as shutdown or poweroff.

  • Enabling stop protection does not prevent AWS from stopping the instance when there is a scheduled event to stop the instance.

  • Enabling stop protection does not prevent Amazon EC2 Auto Scaling from terminating an instance when the instance is unhealthy or during scale-in events. You can control whether an Auto Scaling group can terminate a particular instance when scaling in by using instance scale-in protection.

  • Stop protection not only prevents your instance from being accidentally stopped, but also from accidental termination when using the console, AWS CLI, or API. However, it does not automatically set the DisableApiTermination attribute. Note that when the DisableApiStop attribute is set to false, the DisableApiTermination attribute setting determines whether the instance can be terminated using the console, AWS CLI, or API. For more information see Terminate Amazon EC2 instances.

  • You can't enable stop protection for instance store-backed instances.

  • You can't enable stop protection for Spot Instances.

  • The Amazon EC2 API follows an eventual consistency model when you enable or disable stop protection. This means that the result of running commands to set the stop protection attribute might not be immediately visible to all subsequent commands you run. For more information, see Eventual consistency in the Amazon EC2 Developer Guide.

Enable stop protection for an instance at launch

You can enable stop protection for an instance when launching the instance using one of the following methods.

Console
To enable stop protection for an instance at launch
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. On the dashboard, choose Launch instance.

  3. Configure your instance in the new launch instance wizard.

  4. In the wizard, enable stop protection by choosing Enable for Stop protection under Advanced details.

AWS CLI
To enable stop protection for an instance at launch

Use the run-instances AWS CLI command to launch the instance, and specify the disable-api-stop parameter.

aws ec2 run-instances \ --image-id ami-a1b2c3d4e5example \ --instance-type t3.micro \ --key-name MyKeyPair \ --disable-api-stop \ ...

Enable stop protection for a running or stopped instance

You can enable stop protection for an instance while the instance is running or stopped using one of the following methods.

Console
To enable stop protection for a running or stopped instance
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the left navigation pane, choose Instances.

  3. Select the instance, and then choose Actions>Instance settings>Change stop protection.

  4. Select the Enable check box, and then choose Save.

AWS CLI
To enable stop protection for a running or stopped instance

Use the modify-instance-attribute AWS CLI command and specify the disable-api-stop parameter.

aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --disable-api-stop

Disable stop protection for a running or stopped instance

You can disable stop protection for a running or stopped instance using one of the following methods.

Console
To disable stop protection for a running or stopped instance
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the left navigation pane, choose Instances.

  3. Select the instance, and then choose Actions, Instance settings, Change stop protection.

  4. Clear the Enable check box, and then choose Save.

AWS CLI
To disable stop protection for a running or stopped instance

Use the modify-instance-attribute AWS CLI command and specify the no-disable-api-stop parameter.

aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --no-disable-api-stop