# Amazon EC2 instances Instances An Amazon EC2 instance is a virtual server in the AWS cloud environment. You have full control over your instance, from the time that you first start it (referred to as launching an instance) until you delete it (referred to as terminating an instance). You can choose from a variety of operating systems when you launch your instance. You can connect to your instance and customize it to meet your needs. For example, you can configure the operating system, install operating system updates, and install applications on your instance. Amazon EC2 provides a wide range of instance types. You can choose an instance type that provides the compute resources, memory, storage, and network performance that you need to run your applications. With Amazon EC2, you pay only for what you use. Billing for your instance starts when you launch your instance and it transitions to the running state. Billing stops when you stop your instance and resumes when you start your instance. When you terminate your instance, billing stops when it transitions to the shutting down state. Amazon EC2 provides features that you can use to optimize the performance and the cost of your instances. For example, you can use Amazon EC2 Fleet or Amazon EC2 Auto Scaling to scale your capacity up or down as your instance utilization changes. You can reduce the costs for your instances using Spot Instances or Savings Plans. A *managed instance* is managed by a service provider, such as Amazon EKS Auto Mode. You can’t directly modify the settings of a managed instance. Managed instances are identified by a **true** value in the **Managed** field. For more information, see [Amazon EC2 managed instances](amazon-ec2-managed-instances.md). **Topics** + [ # Amazon EC2 instance types ](instance-types.md) + [ # Amazon EC2 managed instances ](amazon-ec2-managed-instances.md) + [ # Use nested virtualization to run hypervisors in Amazon EC2 instances ](amazon-ec2-nested-virtualization.md) + [ # Amazon EC2 billing and purchasing options ](instance-purchasing-options.md) + [ # Store instance launch parameters in Amazon EC2 launch templates ](ec2-launch-templates.md) + [ # Launch an Amazon EC2 instance ](LaunchingAndUsingInstances.md) + [ # Connect to your EC2 instance ](connect.md) + [ # Amazon EC2 instance state changes ](ec2-instance-lifecycle.md) + [ # Automatic instance recovery ](ec2-instance-recover.md) + [ # Use instance metadata to manage your EC2 instance ](ec2-instance-metadata.md) + [ # Detect whether a host is an EC2 instance ](identify_ec2_instances.md) + [ # Instance identity documents for Amazon EC2 instances ](instance-identity-documents.md) + [ # STIG compliance for your EC2 instance ](ec2-configure-stig.md) + [ # Precision clock and time synchronization on your EC2 instance ](set-time.md) + [ # EC2 Capacity Manager ](capacity-manager.md) + [ # Manage device drivers for your EC2 instance ](manage-device-drivers.md) + [ # Configure your Amazon EC2 Windows instance ](ec2-windows-instances.md) + [ # Upgrade an EC2 Windows instance to a newer version of Windows Server ](serverupgrade.md) + [ # Tutorial: Connect an Amazon EC2 instance to an Amazon RDS database ](tutorial-connect-ec2-instance-to-rds-database.md) # Amazon EC2 instance types Instance types When you launch an instance, the *instance type* that you specify determines the hardware of the host computer used for your instance. Each instance type offers different compute, memory, and storage capabilities, and is grouped in an instance family based on these capabilities. Select an instance type based on the requirements of the application or software that you plan to run on your instance. For more information about features and use cases, see [Amazon EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/). Amazon EC2 dedicates some resources of the host computer, such as CPU, memory, and instance storage, to a particular instance. Amazon EC2 shares other resources of the host computer, such as the network and the disk subsystem, among instances. If each instance on a host computer tries to use as much of one of these shared resources as possible, each receives an equal share of that resource. However, when a resource is underused, an instance can consume a higher share of that resource while it's available. Each instance type provides higher or lower minimum performance from a shared resource. For example, instance types with high I/O performance have a larger allocation of shared resources. Allocating a larger share of shared resources also reduces the variance of I/O performance. For most applications, moderate I/O performance is more than enough. However, for applications that require greater or more consistent I/O performance, consider an instance type with higher I/O performance. **Topics** + [ ## Available instance types ](#AvailableInstanceTypes) + [ ## Hardware specifications ](#instance-hardware-specs) + [ ## Hypervisor type ](#instance-hypervisor-type) + [ ## AMI virtualization types ](#instance-virtualization-type) + [ ## Processors ](#instance-types-processors) + [ # Find an Amazon EC2 instance type ](instance-discovery.md) + [ # Get recommendations from EC2 instance type finder ](get-ec2-instance-type-recommendations.md) + [ # Get EC2 instance recommendations from Compute Optimizer ](ec2-instance-recommendations.md) + [ # Amazon EC2 instance type changes ](ec2-instance-resize.md) + [ # Burstable performance instances ](burstable-performance-instances.md) + [ # Performance acceleration with GPU instances ](configure-gpu-instances.md) + [ # Amazon EC2 Mac instances ](ec2-mac-instances.md) + [ # Amazon EBS-optimized instance types ](ebs-optimized.md) + [ # CPU options for Amazon EC2 instances ](instance-optimize-cpu.md) + [ # AMD SEV-SNP for Amazon EC2 instances ](sev-snp.md) + [ # Processor state control for Amazon EC2 Linux instances ](processor_state_control.md) ## Available instance types Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. Each instance type includes one or more instance sizes, allowing you to scale your resources to the requirements of your target workload. **Instance type naming conventions** Names are based on instance family, generation, processor family, capabilities, and size. For more information, see [Naming conventions](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html) in the *Amazon EC2 Instance Types Guide*. **Find an instance type** To determine which instance types meet your requirements, such as supported Regions, compute resources, or storage resources, see [Find an Amazon EC2 instance type](instance-discovery.md) and [Amazon EC2 instance type specifications](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-type-specifications.html) in the *Amazon EC2 Instance Types Guide*. ## Hardware specifications For detailed instance type specifications, see [Specifications](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-type-specifications.html) in the *Amazon EC2 Instance Types Guide*. For pricing information, see [Amazon EC2 On-Demand Pricing](https://aws.amazon.com/ec2/pricing/on-demand/). To determine which instance type best meets your needs, we recommend that you launch an instance and use your own benchmark application. Because you pay by the instance second, it's convenient and inexpensive to test multiple instance types before making a decision. If your needs change, even after you make a decision, you can change the instance type later. For more information, see [Amazon EC2 instance type changes](ec2-instance-resize.md). ## Hypervisor type Amazon EC2 supports the following hypervisors: Xen and Nitro. **Nitro-based instances** + **General purpose:** M5 \$1 M5a \$1 M5ad \$1 M5d \$1 M5dn \$1 M5n \$1 M5zn \$1 M6a \$1 M6g \$1 M6gd \$1 M6i \$1 M6id \$1 M6idn \$1 M6in \$1 M7a \$1 M7g \$1 M7gd \$1 M7i \$1 M7i-flex \$1 M8a \$1 M8azn \$1 M8g \$1 M8gb \$1 M8gd \$1 M8gn \$1 M8i \$1 M8id \$1 M8i-flex \$1 T3 \$1 T3a \$1 T4g + **Compute optimized:** C5 \$1 C5a \$1 C5ad \$1 C5d \$1 C5n \$1 C6a \$1 C6g \$1 C6gd \$1 C6gn \$1 C6i \$1 C6id \$1 C6in \$1 C7a \$1 C7g \$1 C7gd \$1 C7gn \$1 C7i \$1 C7i-flex \$1 C8a \$1 C8g \$1 C8gb \$1 C8gd \$1 C8gn \$1 C8i \$1 C8id \$1 C8i-flex + **Memory optimized:** R5 \$1 R5a \$1 R5ad \$1 R5b \$1 R5d \$1 R5dn \$1 R5n \$1 R6a \$1 R6g \$1 R6gd \$1 R6i \$1 R6id \$1 R6idn \$1 R6in \$1 R7a \$1 R7g \$1 R7gd \$1 R7i \$1 R7iz \$1 R8a \$1 R8g \$1 R8gb \$1 R8gd \$1 R8gn \$1 R8i \$1 R8id \$1 R8i-flex \$1 U-3tb1 \$1 U-6tb1 \$1 U-9tb1 \$1 U-12tb1 \$1 U-18tb1 \$1 U-24tb1 \$1 U7i-6tb \$1 U7i-8tb \$1 U7i-12tb \$1 U7in-16tb \$1 U7in-24tb \$1 U7in-32tb \$1 U7inh-32tb \$1 X2gd \$1 X2idn \$1 X2iedn \$1 X2iezn \$1 X8g \$1 X8aedz \$1 X8i \$1 z1d + **Storage optimized:** D3 \$1 D3en \$1 I3en \$1 I4g \$1 I4i \$1 I7i \$1 I7ie \$1 I8g \$1 I8ge \$1 Im4gn \$1 Is4gen + **Accelerated computing:** DL1 \$1 DL2q \$1 F2 \$1 G4ad \$1 G4dn \$1 G5 \$1 G5g \$1 G6 \$1 G6e \$1 G6f \$1 Gr6 \$1 Gr6f \$1 G7e \$1 Inf1 \$1 Inf2 \$1 P4d \$1 P4de \$1 P5 \$1 P5e \$1 P5en \$1 P6-B200 \$1 P6-B300 \$1 P6e-GB200 \$1 Trn1 \$1 Trn1n \$1 Trn2 \$1 Trn2u \$1 VT1 + **High-performance computing:** Hpc6a \$1 Hpc6id \$1 Hpc7a \$1 Hpc7g \$1 Hpc8a + **Previous generation:** A1 \$1 P3dn For more information about the supported versions of Nitro hypervisor, see [Network feature support](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html#nitro-version-network-features) in the *Amazon EC2 Instance Types Guide*. **Xen-based instances** + **General purpose**: M1 \$1 M2 \$1 M3 \$1 M4 \$1 T1 \$1 T2 + **Compute optimized**: C1 \$1 C3 \$1 C4 + **Memory optimized**: R3 \$1 R4 \$1 X1 \$1 X1e + **Storage optimized**: D2 \$1 H1 \$1 I2 \$1 I3 + **Accelerated computing**: F1 \$1 G3 \$1 P2 \$1 P3 ## AMI virtualization types The virtualization type of your instance is determined by the AMI that you use to launch it. Current generation instance types support hardware virtual machine (HVM) only. Some previous generation instance types support paravirtual (PV) and some AWS Regions support PV instances. For more information, see [Virtualization types](ComponentsAMIs.md#virtualization_types). For best performance, we recommend that you use an HVM AMI. In addition, HVM AMIs are required to take advantage of enhanced networking. HVM virtualization uses hardware-assist technology provided by the AWS platform. With HVM virtualization, the guest VM runs as if it were on a native hardware platform, except that it still uses PV network and storage drivers for improved performance. ## Processors EC2 instances support a variety of processors. **Topics** + [ ### Intel processors ](#instance-hardware-processors) + [ ### AMD processors ](#amd-epyc-instances) + [ ### AWS Graviton processors ](#aws-graviton-instances) + [ ### AWS Trainium ](#aws-trainium-instances) + [ ### AWS Inferentia ](#aws-inferentia-instances) ### Intel processors Amazon EC2 instances that run on Intel processors might include the following processor features. Not all instances that run on Intel processors support all of these processor features. For information about which features are available for each instance type, see [Amazon EC2 Instance types](https://aws.amazon.com/ec2/instance-types/). + **Intel AES New Instructions (AES-NI)** — Intel AES-NI encryption instruction set improves upon the original Advanced Encryption Standard (AES) algorithm to provide faster data protection and greater security. All current generation EC2 instances support this processor feature. + **Intel Advanced Vector Extensions (Intel AVX, Intel AVX2, and Intel AVX-512)** — Intel AVX and Intel AVX2 are 256-bit, and Intel AVX-512 is a 512-bit instruction set extension designed for applications that are Floating Point (FP) intensive. Intel AVX instructions improve performance for applications like image and audio/video processing, scientific simulations, financial analytics, and 3D modeling and analysis. These features are only available on instances launched with HVM AMIs. + **Intel Turbo Boost Technology** — Intel Turbo Boost Technology processors automatically run cores faster than the base operating frequency. + **Intel Deep Learning Boost (Intel DL Boost)** — Accelerates AI deep learning use cases. The 2nd Gen Intel Xeon Scalable processors extend Intel AVX-512 with a new Vector Neural Network Instruction (VNNI/INT8) that significantly increases deep learning inference performance over previous generation Intel Xeon Scalable processors (with FP32) for image recognition/segmentation, object detection, speech recognition, language translation, recommendation systems, reinforcement learning, and more. VNNI may not be compatible with all Linux distributions. The following instances support VNNI: `M5n`, `R5n`, `M5dn`, `M5zn`, `R5b`, `R5dn`, `D3`, `D3en`, and `C6i`. `C5` and `C5d` instances support VNNI for only `12xlarge`, `24xlarge`, and `metal` instances. Confusion can result from industry naming conventions for 64-bit CPUs. Chip manufacturer Advanced Micro Devices (AMD) introduced the first commercially successful 64-bit architecture based on the Intel x86 instruction set. Consequently, the architecture is widely referred to as AMD64 regardless of the chip manufacturer. Windows and several Linux distributions follow this practice. This explains why the internal system information on an instance running Ubuntu or Windows displays the CPU architecture as AMD64 even though the instances are running on Intel hardware. ### AMD processors Amazon EC2 instances that run on [AMD EPYC](https://aws.amazon.com/ec2/amd/) processors can help you optimize both cost and performance for your workloads. These instances might support the following processor features. Not all instances that run on AMD processors support all of these processor features. For information about which features are available for each instance type, see [Amazon EC2 Instance types](https://aws.amazon.com/ec2/instance-types/). + AMD Secure Memory Encryption (SME) + AMD Transparent Single Key Memory Encryption (TSME) + AMD Advanced Vector Extensions (AVX) + AMD Secure Encrypted Virtualization-Secure Nested Paging ([SEV-SNP](sev-snp.md)) + Vector Neural Network Instructions (VNNI) + BFloat16 ### AWS Graviton processors [AWS Graviton](https://aws.amazon.com/ec2/graviton/) is a family of processors designed to deliver the best price performance for your workloads running on Amazon EC2 instances. For more information, see [Getting started with Graviton](https://aws.amazon.com/ec2/graviton/getting-started/). ### AWS Trainium Instances powered by [AWS Trainium](https://aws.amazon.com/ai/machine-learning/trainium/) are purpose built for high-performance, cost-effective deep learning training. You can use these instances to train natural language processing, computer vision, and recommender models used across a broad set of applications, such as speech recognition, recommendation, fraud detection, and image and video classification. Use your existing workflows in popular ML frameworks, such as PyTorch and TensorFlow. ### AWS Inferentia Instances powered by [AWS Inferentia](https://aws.amazon.com/ai/machine-learning/inferentia/) are designed to accelerate machine learning. They provide high performance and low latency machine learning inference. These instances are optimized for deploying deep learning (DL) models for applications, such as natural language processing, object detection and classification, content personalization and filtering, and speech recognition. There are a variety of ways that you can get started: + Use SageMaker AI, a fully-managed service that is the easiest way to get started with machine learning models. For more information, see [Get Started with SageMaker AI](https://docs.aws.amazon.com/sagemaker/latest/dg/gs.html) in the *Amazon SageMaker AI Developer Guide*. + Launch an Inf1 or Inf2 instance using the Deep Learning AMI. For more information, see [AWS Inferentia with DLAMI](https://docs.aws.amazon.com/dlami/latest/devguide/tutorial-inferentia.html) in the *AWS Deep Learning AMIs Developer Guide*. + Launch an Inf1 or Inf2 instance using your own AMI and install the [AWS Neuron SDK](https://github.com/aws/aws-neuron-sdk), which enables you to compile, run, and profile deep learning models for AWS Inferentia. + Launch a container instance using an Inf1 or Inf2 instance and an Amazon ECS-optimized AMI. For more information, see [Amazon Linux 2 (Inferentia) AMIs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*. + Create an Amazon EKS cluster with nodes running Inf1 instances. For more information, see [Inferentia support](https://docs.aws.amazon.com/eks/latest/userguide/inferentia-support.html) in the **Amazon EKS User Guide**. # Find an Amazon EC2 instance type Find an instance type Before you can launch an instance, you must select an instance type to use. The instance type that you choose might depend on the resources that your workload requires, such as compute, memory, or storage resources. It can be beneficial to identify several instance types that might suit your workload and evaluate their performance in a test environment. There is no substitute for measuring the performance of your application under load. You can get suggestions and guidance for EC2 instance types using the EC2 instance type finder. For more information, see [Get recommendations from EC2 instance type finder](get-ec2-instance-type-recommendations.md). If you already have running EC2 instances, you can use AWS Compute Optimizer to get recommendations about the instance types that you should use to improve performance, save money, or both. For more information, see [Get EC2 instance recommendations from Compute Optimizer](ec2-instance-recommendations.md). **Topics** + [ ## Find an instance type using the console ](#instance-discovery-console) + [ ## Describe an instance type using the AWS CLI ](#describe-instance-type-example) + [ ## Find an instance type using the AWS CLI ](#instance-discovery-cli) + [ ## Find an instance type using the Tools for PowerShell ](#instance-discovery-ps) ## Find an instance type using the console Find using the console You can find an instance type that meets your needs using the Amazon EC2 console. **To find an instance type using the console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation bar, select the Region in which to launch your instances. You can select any Region that's available to you, regardless of your location. 1. In the navigation pane, choose **Instance Types**. 1. (Optional) Choose the preferences (gear) icon to select which instance type attributes to display, such as **On-Demand Linux pricing**, and then choose **Confirm**. Alternatively, select the name of an instance type to open its details page and view all attributes available through the console. The console does not display all the attributes available through the API or the command line. 1. Use the instance type attributes to filter the list of displayed instance types to only the instance types that meet your needs. For example, you can filter on the following attributes: + **Availability zones** – The name of the Availability Zone, Local Zone, or Wavelength Zone. For more information, see [Regions and Zones](using-regions-availability-zones.md). + **vCPUs** or **Cores** – The number of vCPUs or cores. + **Memory (GiB)** – The memory size, in GiB. + **Network performance** – The network performance, in Gigabits. + **Local instance storage** – Indicates whether the instance type has local instance storage (`true` \$1 `false`). 1. (Optional) To see a side-by-side comparison, select the checkbox for multiple instance types. The comparison is displayed at the bottom of the screen. 1. (Optional) To save the list of instance types to a comma-separated values (.csv) file for further review, choose **Actions**, **Download list CSV**. The file includes all instance types that match the filters you set. 1. (Optional) To launch instances using an instance type that meet your needs, select the checkbox for the instance type and choose **Actions**, **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ## Describe an instance type using the AWS CLI Describe using the AWS CLI You can use the [describe-instance-types](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html) command to describe a specific instance type. **To fully describe an instance type** The following command displays all available details for the specified instance type. The output is lengthy, so it is omitted here. ``` aws ec2 describe-instance-types \ --instance-types t2.micro \ --region us-east-2 ``` **The describe an instance type and filter the output** The following command displays the networking details for the specified instance type. ``` aws ec2 describe-instance-types \ --instance-types t2.micro \ --region us-east-2 \ --query "InstanceTypes[].NetworkInfo" ``` The following is example output. ``` [ { "NetworkPerformance": "Low to Moderate", "MaximumNetworkInterfaces": 2, "MaximumNetworkCards": 1, "DefaultNetworkCardIndex": 0, "NetworkCards": [ { "NetworkCardIndex": 0, "NetworkPerformance": "Low to Moderate", "MaximumNetworkInterfaces": 2, "BaselineBandwidthInGbps": 0.064, "PeakBandwidthInGbps": 1.024 } ], "Ipv4AddressesPerInterface": 2, "Ipv6AddressesPerInterface": 2, "Ipv6Supported": true, "EnaSupport": "unsupported", "EfaSupported": false, "EncryptionInTransitSupported": false, "EnaSrdSupported": false } ] ``` The following command displays the available memory for the specified instance type. ``` aws ec2 describe-instance-types \ --instance-types t2.micro \ --region us-east-2 \ --query "InstanceTypes[].MemoryInfo" ``` The following is example output. ``` [ { "SizeInMiB": 1024 } ] ``` ## Find an instance type using the AWS CLI Find using the AWS CLI You can use the [describe-instance-types](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html) and [describe-instance-type-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-type-offerings.html) commands to find the instance types that meet your needs. **Topics** + [Find an instance type by Availability Zone](#find-instance-type-example-1) + [Find an instance type by available memory size](#find-instance-type-example-2) + [Find an instance type by available instance storage](#find-instance-type-example-3) + [Find an instance type that supports hibernation](#find-instance-type-example-4) ### Example 1: Find an instance type by Availability Zone Find an instance type by Availability Zone The following example displays only the instance types offered in the specified Availability Zone. ``` aws ec2 describe-instance-type-offerings \ --location-type "availability-zone" \ --filters "Name=location,Values=us-east-2a" \ --region us-east-2 \ --query "InstanceTypeOfferings[*].[InstanceType]" --output text | sort ``` The output is a list of instance types, sorted alphabetically. The following is the start of the output only. ``` a1.2xlarge a1.4xlarge a1.large a1.medium a1.metal a1.xlarge c4.2xlarge ... ``` ### Example 2: Find an instance type by available memory size Find an instance type by available memory size The following example displays only current generation instance types with 64 GiB (65536 MiB) of memory. ``` aws ec2 describe-instance-types \ --filters "Name=current-generation,Values=true" "Name=memory-info.size-in-mib,Values=65536" \ --region us-east-2 \ --query "InstanceTypes[*].[InstanceType]" --output text | sort ``` The output is a list of instance types, sorted alphabetically. The following is the start of the output only. ``` c5a.8xlarge c5ad.8xlarge c6a.8xlarge c6g.8xlarge c6gd.8xlarge c6gn.8xlarge c6i.8xlarge c6id.8xlarge c6in.8xlarge ... ``` ### Example 3: Find an instance type by available instance storage Find an instance type by available instance storage The following example displays the total size of instance storage for all R7 instances with instance store volumes. ``` aws ec2 describe-instance-types \ --filters "Name=instance-type,Values=r7*" "Name=instance-storage-supported,Values=true" \ --region us-east-2 \ --query "InstanceTypes[].[InstanceType, InstanceStorageInfo.TotalSizeInGB]" \ --output table ``` The following is example output. ``` --------------------------- | DescribeInstanceTypes | +----------------+--------+ | r7gd.xlarge | 237 | | r7gd.8xlarge | 1900 | | r7gd.16xlarge | 3800 | | r7gd.medium | 59 | | r7gd.4xlarge | 950 | | r7gd.2xlarge | 474 | | r7gd.metal | 3800 | | r7gd.large | 118 | | r7gd.12xlarge | 2850 | +----------------+--------+ ``` ### Example 4: Find an instance type that supports hibernation Find an instance type that supports hibernation The following example displays the instance types that support hibernation. ``` aws ec2 describe-instance-types \ --filters "Name=hibernation-supported,Values=true" \ --region us-east-2 \ --query "InstanceTypes[*].[InstanceType]" \ --output text | sort ``` The output is a list of instance types, sorted alphabetically. The following is the start of the output only. ``` c4.2xlarge c4.4xlarge c4.8xlarge c4.large c4.xlarge c5.12xlarge c5.18xlarge c5.2xlarge c5.4xlarge c5.9xlarge ... ``` ## Find an instance type using the Tools for PowerShell Find using the Tools for PowerShell You can use the [Get-EC2InstanceType](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceType.html) and [Get-EC2InstanceTypeOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceTypeOffering.html) cmdlets to find the instance types that meet your needs. **Topics** + [ ### Find an instance type by Availability Zone ](#find-instance-type-by-az-ps) + [ ### Find an instance type by available memory size ](#find-instance-type-by-memory-ps) + [ ### Find an instance type by available instance storage ](#find-instance-type-by-storage-ps) + [ ### Find an instance type that supports hibernation ](#find-instance-type-hibernation-ps) ### Find an instance type by Availability Zone The following example displays only the instance types offered in the specified Availability Zone. ``` (Get-EC2InstanceTypeOffering ` -LocationType "availability-zone" ` -Region us-east-2 ` -Filter @{Name="location"; Values="us-east-2a"}).InstanceType | Sort-Object ` ``` ### Find an instance type by available memory size The following example displays only current generation instance types with 64 GiB (65536 MiB) of memory. ``` (Get-EC2InstanceType ` -Filter @{Name="current-generation"; Values="true"}, @{Name="memory-info.size-in-mib"; Values="65536"}).InstanceType | Sort-Object ``` ### Find an instance type by available instance storage The following example displays the total size of instance storage for all R7 instances with instance store volumes. ``` Get-EC2InstanceType ` -Filter @{Name="instance-type"; Values="r7*"}, @{Name="instance-storage-supported"; Values="true"} | ` Select InstanceType, @{Name="TotalSizeInGB"; Expression={($_.InstanceStorageInfo.TotalSizeInGB)}} ``` The following is example output. ``` InstanceType TotalSizeInGB ------------ ------------- r7gd.8xlarge 1900 r7gd.16xlarge 3800 r7gd.xlarge 237 r7gd.4xlarge 950 r7gd.medium 59 r7gd.2xlarge 474 r7gd.large 118 r7gd.metal 3800 r7gd.12xlarge 2850 ``` ### Find an instance type that supports hibernation The following example displays the instance types that support hibernation. ``` (Get-EC2InstanceType ` -Filter @{Name="hibernation-supported"; Values="true"}).InstanceType | Sort-Object ``` # Get recommendations from EC2 instance type finder EC2 instance type finder EC2 instance type finder considers your use case, workload type, CPU manufacturer preference, and how you prioritize price and performance, as well as additional parameters that you can specify. It then uses this data to provide suggestions and guidance for Amazon EC2 instance types that are best suited to your new workloads. With so many instance types available, finding the right instance types for your workload can be time-consuming and complex. By using the EC2 instance type finder, you can remain up to date with the latest instance types and achieve the best price-performance for your workloads. You can get suggestions and guidance for EC2 instance types using the Amazon EC2 console. You can also go directly to Amazon Q to ask for instance type advice. For more information, see the [Amazon Q Developer User Guide](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/what-is.html). If you're looking for instance type recommendations for an *existing* workload, use AWS Compute Optimizer. For more information, see [Get EC2 instance recommendations from Compute Optimizer](ec2-instance-recommendations.md). ## Use the EC2 instance type finder In the Amazon EC2 console, you can get instance type suggestions from the EC2 instance type finder in the launch instance wizard, when creating a launch template, or on the **Instance types** page. Use the following instructions to get suggestions and guidance for EC2 instance types using the EC2 instance type finder in the Amazon EC2 console. To view an animation of the steps, see [View an animation: Get instance type suggestions using the EC2 instance type finder](#use-ec2-instance-type-finder-animation). **To get instance type suggestions using the EC2 instance type finder** 1. Start your process using any of the following: + Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md). Next to **Instance type**, choose the **Get advice** link. + Follow the procedure to [create a launch template](create-launch-template.md#create-launch-template-define-parameters). Next to **Instance type**, choose the **Get advice** link. + In the navigation pane, choose **Instance Types**, and then choose the **Instance type finder** button. 1. In the **Get advice on instance type selection** screen, do the following: 1. Specify your instance type requirements by selecting options for **Workload type**, **Use case**, **Priority**, and **CPU manufacturers**. 1. (Optional) To specify more detailed requirements for your workload, do the following: 1. Expand **Advanced parameters**. 1. To add a parameter, select a parameter, choose **Add**, and specify a value for the parameter. Repeat for each additional parameter that you want to add. To indicate no minimum or maximum value, leave the field empty. 1. To remove a parameter after adding it, choose the **X** next to the parameter. 1. Choose **Get instance type advice**. Amazon EC2 provides you with suggestions for instance families matching your specified requirements. 1. To view the details of each instance type within the suggested instance families, choose **View recommended instance family details**. 1. Select an instance type that meets your requirements, and then choose **Actions**, **Launch instance** or **Actions**, **Create launch template**. Alternatively, if you started the process in the launch instance wizard or the launch template page, and you prefer to go back to your original flow, make note of the instance type you’d like to use. Then, in the launch instance wizard or launch template, for **Instance type**, choose the instance type, and complete the procedure to launch an instance or create a launch template. ### View an animation: Get instance type suggestions using the EC2 instance type finder ![\[This animation shows how to get instance type suggestions using the EC2 instance type finder. For the text version of this animation, see the steps in the preceding procedure.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/use-ec2-instance-type-finder-animation.gif) # Get EC2 instance recommendations from Compute Optimizer Compute Optimizer recommendations AWS Compute Optimizer provides Amazon EC2 recommendations to help you improve performance, save money, or both. You can use these recommendations to decide whether to change to a new instance type. To make recommendations, Compute Optimizer analyzes your existing instance specifications and utilization metrics. The compiled data is then used to recommend which Amazon EC2 instance types are best able to handle the existing workload. Recommendations are returned along with per-hour instance pricing. For more information, see [Amazon EC2 instance metrics](https://docs.aws.amazon.com/compute-optimizer/latest/ug/metrics.html#ec2-metrics-analyzed) in the *AWS Compute Optimizer User Guide*. **Topics** + [ ## Requirements ](#compute-optimizer-limitations) + [ ## Finding classifications ](#findings-classifications) + [ ## View recommendations ](#viewing-recommendations) + [ ## Considerations for evaluating recommendations ](#considerations) ## Requirements To get recommendations from Compute Optimizer, you must first opt in to Compute Optimizer. For more information, see [Getting started with AWS Compute Optimizer](https://docs.aws.amazon.com/compute-optimizer/latest/ug/getting-started.html) in the *AWS Compute Optimizer User Guide*. Compute Optimizer generates recommendations for some instance types, but not all instance types. If you're using an unsupported instance type, Compute Optimizer will not generate recommendations. For the list of supported instance types, see [Amazon EC2 instance requirements](https://docs.aws.amazon.com/compute-optimizer/latest/ug/requirements.html#requirements-ec2-instances) in the *AWS Compute Optimizer User Guide*. ## Finding classifications Compute Optimizer classifies its findings for EC2 instances as follows: + **Under-provisioned** – An EC2 instance is considered under-provisioned when at least one specification of your instance, such as CPU, memory, or network, does not meet the performance requirements of your workload. Under-provisioned EC2 instances might lead to poor application performance. + **Over-provisioned** – An EC2 instance is considered over-provisioned when at least one specification of your instance, such as CPU, memory, or network, can be sized down while still meeting the performance requirements of your workload, and when no specification is under-provisioned. Over-provisioned EC2 instances might lead to unnecessary infrastructure cost. + **Optimized** – An EC2 instance is considered optimized when all specifications of your instance, such as CPU, memory, and network, meet the performance requirements of your workload, and the instance is not over-provisioned. An optimized EC2 instance runs your workloads with optimal performance and infrastructure cost. For optimized instances, Compute Optimizer might sometimes recommend a new generation instance type. + **None** – There are no recommendations for this instance. This might occur if you've been opted in to Compute Optimizer for less than 12 hours, or when the instance has been running for less than 30 hours, or when the instance type is not supported by Compute Optimizer. ## View recommendations After you opt in to Compute Optimizer, you can view the findings that Compute Optimizer generates for your EC2 instances in the Amazon EC2 console. You can then access the Compute Optimizer console to view the recommendations. If you recently opted in, findings might not be reflected in the EC2 console for up to 12 hours. **To view recommendations for an instance using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Choose the instance ID to open the instance detail page. 1. On the instance detail page, in the top summary section, locate **AWS Compute Optimizer finding**. If there is a finding, we display the finding classification and a link to view the details. Otherwise, we display **No recommendations available for this instance.** 1. If there is a finding, choose **View detail**. This opens the **Recommendations for EC2 instances** page in the Compute Optimizer console. The current instance type is labeled **Current**. There are also up to three instance type recommendations, labeled **Option 1**, **Option 2**, and **Option 3**. This page also shows recent CloudWatch metric data for the instance. **To view recommendations for all instances in all Regions** You can view recommendations for all of your Amazon EC2 instances in all Regions using the Compute Optimizer console. For more information, see [Viewing EC2 instances recommendations](https://docs.aws.amazon.com/compute-optimizer/latest/ug/view-ec2-recommendations.html#ec2-view-recommendations) and [Viewing EC2 instance details](https://docs.aws.amazon.com/compute-optimizer/latest/ug/view-ec2-recommendations.html#ec2-viewing-details) in the *AWS Compute Optimizer User Guide*. ## Considerations for evaluating recommendations When you receive a recommendation, you must decide whether to act on it. Before changing an instance type, consider the following: + The recommendations don’t forecast your usage. Recommendations are based on your historical usage over the most recent 14-day time period. Be sure to choose an instance type that is expected to meet your future resource needs. + Focus on the graphed metrics to determine whether actual usage is lower than instance capacity. You can also view metric data (average, peak, percentile) in CloudWatch to further evaluate your EC2 instance recommendations. For example, notice how CPU percentage metrics change during the day and whether there are peaks that need to be accommodated. For more information, see [Viewing Available Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/viewing_metrics_with_cloudwatch.html) in the *Amazon CloudWatch User Guide*. + Compute Optimizer might supply recommendations for burstable performance instances, which are T3, T3a, and T2 instances. If you periodically burst above the baseline, make sure that you can continue to do so based on the vCPUs of the new instance type. For more information, see [Key concepts for burstable performance instances](burstable-credits-baseline-concepts.md). + If you’ve purchased a Reserved Instance, your On-Demand Instance might be billed as a Reserved Instance. Before you change your current instance type, first evaluate the impact on Reserved Instance utilization and coverage. + Consider conversions to newer generation instances, where possible. + When migrating to a different instance family, make sure the current instance type and the new instance type are compatible, for example, in terms of virtualization, architecture, or network type. For more information, see [Compatibility for changing the instance type](resize-limitations.md). + Finally, consider the performance risk rating that's provided for each recommendation. Performance risk indicates the amount of effort you might need to spend in order to validate whether the recommended instance type meets the performance requirements of your workload. We also recommend rigorous load and performance testing before and after making any changes. # Amazon EC2 instance type changes Instance type changes As your needs change, you might find that your instance is over-utilized (the instance type is too small) or under-utilized (the instance type is too large). If this is the case, you can resize your instance by changing its instance type. For example, if your `t2.micro` instance is too small for its workload, you can increase its size by changing it to a bigger T2 instance type, such as `t2.large`. Or you can change it to another instance type, such as `m5.large`. You might also want to change from a previous generation to a current generation instance type to take advantage of some features, such as support for IPv6. If you want a recommendation for an instance type that is best able to handle your existing workload, you can use AWS Compute Optimizer. For more information, see [Get EC2 instance recommendations from Compute Optimizer](ec2-instance-recommendations.md). When you change the instance type, you'll start paying the rate of the new instance type. For the on-demand rates of all instance types, see [Amazon EC2 On-Demand Pricing](https://aws.amazon.com/ec2/pricing/on-demand/). To add additional storage to your instance without changing the instance type, add an EBS volume to the instance. For more information, see [Attach an Amazon EBS volume to an instance](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-attaching-volume.html) in the *Amazon EBS User Guide*. ## Which instructions to follow? There are different instructions for changing the instance type. The instructions to use depend on the instance's root volume, and whether the instance type is compatible with the instance's current configuration. For information about how compatibility is determined, see [Compatibility for changing the instance type](resize-limitations.md). Use the following table to determine which instructions to follow. | Root volume | Compatibility | Use these instructions | | --- | --- | --- | | EBS | Compatible | [Change the instance type](change-instance-type-of-ebs-backed-instance.md) | | EBS | Not compatible | [Migrate to a new instance type](migrate-instance-configuration.md) | | Instance store | Not applicable | [Migrate to a new instance type](migrate-instance-configuration.md) | # Compatibility for changing the instance type Compatibility You can change the instance type only if the instance's current configuration is compatible with the instance type that you want. If the instance type that you want is not compatible with the instance's current configuration, you must launch a new instance with a configuration that is compatible with the instance type, and then migrate your application to the new instance. Compatibility is determined through the following: **Virtualization type** Linux AMIs use one of two types of virtualization: paravirtual (PV) or hardware virtual machine (HVM). If an instance was launched from a PV AMI, you can't change to an instance type that is HVM only. For more information, see [Virtualization types](ComponentsAMIs.md#virtualization_types). To check the virtualization type of your instance, check the **Virtualization** value on the details pane of the **Instances** screen in the Amazon EC2 console. **Architecture** AMIs are specific to the architecture of the processor, so you must select an instance type with the same processor architecture as the current instance type. For example: + If the current instance type has a processor based on the Arm architecture, you are limited to the instance types that support a processor based on the Arm architecture, such as C6g and M6g. + The following instance types are the only instance types that support 32-bit AMIs: `t2.nano`, `t2.micro`, `t2.small`, `t2.medium`, `c3.large`, `t1.micro`, `m1.small`, `m1.medium`, and `c1.medium`. If you are changing the instance type of a 32-bit instance, you are limited to these instance types. **Network adapters** If you switch from a driver for one network adapter to another, the network adapter settings are reset when the operating system creates the new adapter. To reconfigure the settings, you might need access to a local account with administrator permissions. The following are examples of moving from one network adapter to another: + AWS PV (T2 instances) to Intel 82599 VF (M4 instances) + Intel 82599 VF (most M4 instances) to ENA (M5 instances) + ENA (M5 instances) to high-bandwidth ENA (M5n instances) **Enhanced networking** Instance types that support [enhanced networking](enhanced-networking.md) require the necessary drivers installed. For example, [Nitro-based instances](instance-types.md#instance-hypervisor-type) require EBS-backed AMIs with the Elastic Network Adapter (ENA) drivers installed. To change from an instance type that does not support enhanced networking to an instance type that supports enhanced networking, you must install the [ENA drivers](enhanced-networking-ena.md) or [ixgbevf drivers](sriov-networking.md) on the instance, as appropriate. When you resize an instance with ENA Express enabled, the new instance type must also support ENA Express. For a list of instance types that support ENA Express, see [Supported instance types for ENA Express](ena-express.md#ena-express-supported-instance-types). To change from an instance type that supports ENA Express to an instance type that does not support it, ensure that ENA Express is not currently enabled before you resize the instance. **NVMe** EBS volumes are exposed as NVMe block devices on [Nitro-based instances](instance-types.md#instance-hypervisor-type). If you change from an instance type that does not support NVMe to an instance type that supports NVMe, you must first install the NVMe drivers on your instance. Also, the device names for devices that you specify in the block device mapping are renamed using NVMe device names (`/dev/nvme[0-26]n1`). [Linux instances] Therefore, to mount file systems at boot time using `/etc/fstab`, you must use UUID/Label instead of device names. **Volume limit** The maximum number of Amazon EBS volumes that you can attach to an instance depends on the instance type and instance size. For more information, see [Amazon EBS volume limits for Amazon EC2 instances](volume_limits.md). You can only change to an instance type or instance size that supports the same number or a larger number of volumes than is currently attached to the instance. If you change to an instance type or instance size that does not support the number of currently attached volumes, the request fails. For example, if you change from an `m7i.4xlarge` instance with 32 attached volumes to an `m6i.4xlarge`, which supports a maximum of 27 volumes, the request fails. **NitroTPM** If you launched the instance using an AMI with [NitroTPM](nitrotpm.md) enabled and an instance type that supports NitroTPM, the instance launches with NitroTPM enabled. You can only change to an instance type that also supports NitroTPM. # Change the instance type for your Amazon EC2 instance Change the instance type Use the following instructions to change the instance type of an Amazon EBS-backed instance if the instance type that you need is compatible with the current configuration of your instance. For more information, see [Compatibility for changing the instance type](resize-limitations.md). **Considerations** + You must stop your instance before you can change its instance type. Ensure that you plan for downtime while your instance is stopped. Stopping the instance and changing its instance type might take a few minutes, and restarting your instance might take a variable amount of time depending on your application's startup scripts. For more information, see [Stop and start Amazon EC2 instances](Stop_Start.md). + When you stop and start an instance, we move the instance to new hardware. If your instance has a public IPv4 address, that is not an Elastic IP, we release the address and give your instance a new public IPv4 address. For more information on IP address behavior throughout the lifecycle of an instance, see [Differences between instance states](ec2-instance-lifecycle.md#lifecycle-differences). + You can't change the instance type of a [Spot Instance](using-spot-instances-request.md#stopping-a-spot-instance). + [Windows instances] We recommend that you update the AWS PV driver package before changing the instance type. For more information, see [Upgrade PV drivers on EC2 Windows instances](Upgrading_PV_drivers.md). + If your instance is in an Auto Scaling group, the Amazon EC2 Auto Scaling service marks the stopped instance as unhealthy, and might terminate it and launch a replacement instance. To prevent this, you can suspend the scaling processes for the group while you're changing the instance type. For more information, see [Suspending and resuming a process for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html) in the *Amazon EC2 Auto Scaling User Guide*. + When you change the instance type of an instance with NVMe instance store volumes, the updated instance might have additional instance store volumes, because all NVMe instance store volumes are available even if they are not specified in the AMI or instance block device mapping. Otherwise, the updated instance has the same number of instance store volumes that you specified when you launched the original instance. + The maximum number of Amazon EBS volumes that you can attach to an instance depends on the instance type and instance size. You can't change to an instance type or instance size that does not support the number of volumes that are already attached to your instance. For more information, see [Amazon EBS volume limits for Amazon EC2 instances](volume_limits.md). + [Linux instances] You can use the `AWSSupport-MigrateXenToNitroLinux` runbook to migrate compatible Linux instances from a Xen instance type to a Nitro instance type. For more information, see [https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-migrate-xen-to-nitro.html](https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-migrate-xen-to-nitro.html) in the *AWS Systems Manager Automation runbook reference*. + [Windows instances] For additional guidance on migrating compatible Windows instances from a Xen instance type to a Nitro instance type, see [Migrate to latest generation instance types](migrating-latest-types.md). **To change the instance type of an Amazon EBS-backed instance** 1. (Optional) If the new instance type requires drivers that are not installed on the existing instance, you must connect to your instance and install the drivers first. For more information, see [Compatibility for changing the instance type](resize-limitations.md). 1. [Windows instances] If you configured your Windows instance to use [static IP addressing](config-windows-multiple-ip.md#step1) and you change from an instance type that doesn't support enhanced networking to an instance type that does support enhanced networking, you might get a warning about a potential IP address conflict when you reconfigure static IP addressing. To prevent this, enable DHCP on the network interface for your instance before you change the instance type. From your instance, open the **Network and Sharing Center**, open **Internet Protocol Version 4 (TCP/IPv4) Properties** for the network interface, and choose **Obtain an IP address automatically**. Change the instance type and reconfigure static IP addressing on the network interface. 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Instance state**, **Stop instance**. When prompted for confirmation, choose **Stop**. It can take a few minutes for the instance to stop. 1. With the instance still selected, choose **Actions**, **Instance settings**, **Change instance type**. This option is grayed out if the instance state is not `stopped`. 1. On the **Change instance type** page, do the following: 1. For **Instance type**, select the instance type that you want. If the instance type is not in the list, then it's not compatible with the configuration of your instance. Instead, use the following instructions: [Migrate to a new instance type by launching a new EC2 instance](migrate-instance-configuration.md). 1. (Optional) If the instance type that you selected supports EBS optimization, select **EBS-optimized** to enable EBS optimization, or deselect **EBS-optimized** to disable EBS optimization. If the instance type that you selected is EBS optimized by default, **EBS-optimized** is selected and you can't deselect it. 1. (Optional) Configure vCPU options on the new instance type. When you change the instance type of an existing instance, Amazon EC2 applies the CPU option settings from the existing instance to the new instance, if possible. If the new instance type doesn't support those settings, the CPU options are reset to **None**. This option uses the default number of vCPUs for the new instance type. If the instance type that you selected supports vCPU configuration, select **Specify CPU options** in the **Advanced details** panel to configure vCPUs for your new instance type. 1. Choose **Change** to accept the new settings. 1. To start the instance, select the instance and choose **Instance state**, **Start instance**. It can take a few minutes for the instance to enter the `running` state. If your instance won't start, see [Troubleshoot changing the instance type](troubleshoot-change-instance-type.md). 1. [Windows instances] If your instance runs Windows Server 2016 or Windows Server 2019 with EC2Launch v1, connect to your Windows instance and run the following EC2Launch PowerShell script to configure the instance after the instance type is changed. **Important** The administrator password will reset when you enable the initialize instance EC2 Launch script. You can modify the configuration file to disable the administrator password reset by specifying it in the settings for the initialization tasks. For steps on how to disable password reset, see [Configure initialization tasks](ec2launch-config.md#ec2launch-inittasks) (EC2Launch) or [Change settings](ec2launch-v2-settings.md#ec2launch-v2-ui) (EC2Launch v2). ``` PS C:\> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule ``` # Migrate to a new instance type by launching a new EC2 instance Migrate to a new instance type You can change the instance type of an EC2 instance only if it is an EBS-backed instance with a configuration that is compatible with the new instance type that you want. Otherwise, if the configuration or your instance is not compatible with the new instance type, or it is an instance store-based instance, you must launch a replacement instance that is compatible with the instance type that you want. For more information about how compatibility is determined, see [Compatibility for changing the instance type](resize-limitations.md). **Overview of the migration process** + Back up the data on the original instance. + Launch a new instance with a configuration that is compatible with the new instance type that you want, attaching any EBS volumes that were attached to your original instance. + Install your application on your new instance. + Restore any data. + If the original instance has an Elastic IP address, you must associate it with your new instance to ensure that your users can continue to use your application without interruption. **To migrate an instance to a new instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Back up any data that you still need as follows: + Connect to your instance and copy the data on your instance store volumes to persistent storage. + [Create snapshots](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-creating-snapshot.html) of your EBS volumes so that you can create new volumes with the same data, or detach the volumes from the original instance so that you can attach them to the new instance. 1. In the navigation pane, choose **Instances**. 1. Choose **Launch instances**. When you configure the instance, do the following: 1. Select an AMI that supports the instance type that you want. For example, you must select an AMI that supports the processor type of the new instance type. Also, current generation instance types require an HVM AMI. 1. Select the new instance type that you want. If the instance type that you want isn't available, then it's not compatible with the configuration of the AMI that you selected. 1. If you want to allow the same traffic to reach the new instance, select the same VPC and security group that are used with the original instance. 1. When you're done configuring your new instance, complete the steps to select a key pair and launch your instance. It can take a few minutes for the instance to enter the `running` state. 1. If you backed up data to an EBS snapshot, [create a volume from the snapshot](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-creating-volume.html#ebs-create-volume-from-snapshot) and then [attach the volume](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-attaching-volume.html) to the new instance. To move an EBS volume from the original instance to the new instance, [detach the volume](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-detaching-volume.html) from the original instance and then [attach the volume](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-attaching-volume.html) to the new instance. 1. Install your application and any required software on the new instance. 1. Restore any data that you backed up from the instance store volumes of the original instance. 1. If the original instance has an Elastic IP address, assign it to the new instance as follows: 1. In the navigation pane, choose **Elastic IPs**. 1. Select the Elastic IP address that is associated with the original instance and choose **Actions**, **Disassociate Elastic IP address**. When prompted for confirmation, choose **Disassociate**. 1. With the Elastic IP address still selected, choose **Actions**, **Associate Elastic IP address**. 1. For **Resource type**, choose **Instance**. 1. For **Instance**, choose the new instance. 1. (Optional) For **Private IP address**, specify a private IP address with which to associate the Elastic IP address. 1. Choose **Associate**. 1. (Optional) You can terminate the original instance if it's no longer needed. Select the instance, verify that you are about to terminate the original instance and not the new instance (for example, check the name or launch time), and then choose **Instance state**, **Terminate instance**. # Troubleshoot changing the instance type Troubleshoot Use the following information to help diagnose and fix issues that you might encounter when changing the instance type. ## Instance won't start after changing instance type **Possible cause: Requirements for new instance type not met** If your instance won't boot, it is possible that one of the requirements for the new instance type was not met. For more information, see [Why is my Linux instance not booting after I changed its type?](https://repost.aws/knowledge-center/boot-error-linux-nitro-instance) **Possible cause: AMI does not support instance type** If you use the EC2 console to change the instance type, only the instance types that are supported by the selected AMI are available. However, if you use the AWS CLI to launch an instance, you can specify an incompatible AMI and instance type. If the AMI and instance type are incompatible, the instance can't start. For more information, see [Compatibility for changing the instance type](resize-limitations.md). **Possible cause: Instance is in cluster placement group** If your instance is in a [cluster placement group](placement-strategies.md#placement-groups-cluster) and, after changing the instance type, the instance fails to start, try the following: 1. Stop all the instances in the cluster placement group. 1. Change the instance type of the affected instance. 1. Start all the instances in the cluster placement group. ## Application or website not reachable from the internet after changing instance type **Possible cause: Public IPv4 address is released** When you change the instance type, you must first stop the instance. When you stop an instance, we release the public IPv4 address and give your instance a new public IPv4 address. To retain the public IPv4 address between instance stops and starts, we recommend that you use an Elastic IP address, at no extra cost provided your instance is running. For more information, see [Elastic IP addresses](elastic-ip-addresses-eip.md). # Burstable performance instances Many general purpose workloads are on average not busy, and do not require a high level of sustained CPU performance. The following graph illustrates the CPU utilization for many common workloads that customers run in the AWS Cloud today. ![\[Many common workloads look like this: the average CPU utilization is at or below the baseline, with some spikes above the baseline.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/CPU-common-workloads.png) These low-to-moderate CPU utilization workloads lead to wastage of CPU cycles and, as a result, you pay for more than you use. To overcome this, you can leverage the low-cost burstable general purpose instances, which are the T instances. The T instance family provides a baseline CPU performance with the ability to burst above the baseline at any time for as long as required. The baseline CPU is defined to meet the needs of the majority of general purpose workloads, including large-scale micro-services, web servers, small and medium databases, data logging, code repositories, virtual desktops, development and test environments, and business-critical applications. The T instances offer a balance of compute, memory, and network resources, and provide you with the most cost-effective way to run a broad spectrum of general purpose applications that have a low-to-moderate CPU usage. They can save you up to 15% in costs when compared to M instances, and can lead to even more cost savings with smaller, more economical instance sizes, offering as low as 2 vCPUs and 0.5 GiB of memory. The smaller T instance sizes, such as nano, micro, small, and medium, are well suited for workloads that need a small amount of memory and do not expect high CPU usage. **Note** This topic describes burstable CPU. For information about burstable network performance, see [Amazon EC2 instance network bandwidth](ec2-instance-network-bandwidth.md). ## EC2 burstable instance types The EC2 burstable instances consist of T4g, T3a, and T3 instance types, and the previous generation T2 instance types. The T4g instance types are the latest generation of burstable instances. They provide the best price for performance, and provide you with the lowest cost of all the EC2 instance types. The T4g instance types are powered by Arm-based [AWS Graviton2](https://aws.amazon.com/ec2/graviton/) processors with extensive ecosystem support from operating systems vendors, independent software vendors, and popular AWS services and applications. The following table summarizes the key differences between the burstable instance types. **** | Type | Description | Processor family | | --- | --- | --- | | Latest generation | | T4g | Lowest cost EC2 instance type with up to 40% higher price/performance and 20% lower costs vs T3 | AWS Graviton2 processors with Arm Neoverse N1 cores | | T3a | Lowest cost x86-based instances with 10% lower costs vs T3 instances | AMD 1st gen EPYC processors | | T3 | Best peak price/performance for x86 workloads with up to 30% lower price/performance vs previous generation T2 instances | Intel Xeon Scalable (Skylake, Cascade Lake processors) | | Previous generation | | T2 | Previous generation burstable instances | Intel Xeon processors | For information about instance pricing and additional specifications, see [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/) and [Amazon EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/). For information about burstable network performance, see [Amazon EC2 instance network bandwidth](ec2-instance-network-bandwidth.md). If your created your AWS account before July 15, 2025 and it's less than 12 months old, you can use a `t2.micro` instance for free (or a `t3.micro` instance in Regions where `t2.micro` is unavailable) within certain usage limits. If you created your AWS account on or after July 15, 2025, you can use `t3.micro`, `t3.small`, `t4g.micro`, `t4g.small` instance types for 6 months or until your credits are used up. For more information, see [AWS Free Tier](https://aws.amazon.com/free/). **Supported purchasing options for T instances** + On-Demand Instances + Reserved Instances + Dedicated Instances (T3 only) + Dedicated Hosts (T3 only, in `standard` mode only) + Spot Instances For more information, see [Amazon EC2 billing and purchasing options](instance-purchasing-options.md). **Topics** + [ ## EC2 burstable instance types ](#burstable-instance-types) + [ ## Best practices ](#burstable-performance-instances-best-practices) + [ # Key concepts for burstable performance instances ](burstable-credits-baseline-concepts.md) + [ # Unlimited mode for burstable performance instances ](burstable-performance-instances-unlimited-mode.md) + [ # Standard mode for burstable performance instances ](burstable-performance-instances-standard-mode.md) + [ # Configure burstable performance instances ](burstable-performance-instances-how-to.md) + [ # Monitor CPU credits for burstable instances ](burstable-performance-instances-monitoring-cpu-credits.md) ## Best practices Follow these best practices to get the maximum benefit from burstable performance instances. + Ensure that the instance size you choose passes the minimum memory requirements of your operating system and applications. Operating systems with graphical user interfaces that consume significant memory and CPU resources (for example, Windows) might require a `t3.micro` or larger instance size for many use cases. As the memory and CPU requirements of your workload grow over time, you have the flexibility with the T instances to scale to larger instance sizes of the same instance type, or to select another instance type. + Enable [AWS Compute Optimizer](https://aws.amazon.com/compute-optimizer/getting-started/) for your account and review the Compute Optimizer recommendations for your workload. Compute Optimizer can help assess whether instances should be upsized to improve performance or downsized for cost savings. Compute Optimizer may also recommend a different instance type based on your scenario. For more information, see [Viewing EC2 instance recommendations](https://docs.aws.amazon.com/compute-optimizer/latest/ug/view-ec2-recommendations.html) in the *AWS Compute Optimizer User Guide*. # Key concepts for burstable performance instances Key concepts Traditional Amazon EC2 instance types provide fixed CPU resources, while burstable performance instances provide a baseline level of CPU utilization with the ability to burst CPU utilization above the baseline level. This ensures that you pay only for baseline CPU plus any additional burst CPU usage resulting in lower compute costs. The baseline utilization and ability to burst are governed by CPU credits. Burstable performance instances are the only instance types that use credits for CPU usage. Each burstable performance instance continuously earns credits when it stays below the CPU baseline, and continuously spends credits when it bursts above the baseline. The amount of credits earned or spent depends on the CPU utilization of the instance: + If the CPU utilization is below baseline, then credits earned are greater than credits spent. + If the CPU utilization is equal to baseline, then credits earned are equal to credits spent. + If the CPU utilization is higher than baseline, then credits spent are higher than credits earned. When the credits earned are greater than credits spent, then the difference is called accrued credits, which can be used later to burst above baseline CPU utilization. Similarly, when the credits spent are more than credits earned, then the instance behavior depends on the credit configuration mode—Standard mode or Unlimited mode. In Standard mode, when credits spent are more than credits earned, the instance uses the accrued credits to burst above baseline CPU utilization. If there are no accrued credits remaining, then the instance gradually comes down to baseline CPU utilization and cannot burst above baseline until it accrues more credits. In Unlimited mode, if the instance bursts above baseline CPU utilization, then the instance first uses the accrued credits to burst. If there are no accrued credits remaining, then the instance spends surplus credits to burst. When its CPU utilization falls below the baseline, it uses the CPU credits that it earns to pay down the surplus credits that it spent earlier. The ability to earn CPU credits to pay down surplus credits enables Amazon EC2 to average the CPU utilization of an instance over a 24-hour period. If the average CPU usage over a 24-hour period exceeds the baseline, the instance is billed for the additional usage at a [flat additional rate](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) per vCPU-hour. **Contents** + [ ## Key concepts and definitions ](#key-concepts) + [ ## Earn CPU credits ](#earning-CPU-credits) + [ ## CPU credit earn rate ](#CPU-credit-earn-rate) + [ ## CPU credit accrual limit ](#CPU-credit-accrual-limit) + [ ## Accrued CPU credits life span ](#accrued-CPU-credits-life-span) + [ ## Baseline utilization ](#baseline_performance) ## Key concepts and definitions The following key concepts and definitions are applicable to burstable performance instances. **CPU utilization** CPU utilization is the percentage of allocated EC2 compute units that are currently in use on the instance. This metric measures the percentage of allocated CPU cycles that are being utilized on an instance. The CPU Utilization CloudWatch metric shows CPU usage per instance and not CPU usage per core. The baseline CPU specification of an instance is also based on the CPU usage per instance. To measure CPU utilization using the AWS Management Console or the AWS CLI, see [Get statistics for a specific instance](US_SingleMetricPerInstance.md). **CPU credit** A unit of vCPU-time. Examples: 1 CPU credit = 1 vCPU \$1 100% utilization \$1 1 minute. 1 CPU credit = 1 vCPU \$1 50% utilization \$1 2 minutes 1 CPU credit = 2 vCPU \$1 25% utilization \$1 2 minutes **Baseline utilization** The baseline utilization is the level at which the CPU can be utilized for a net credit balance of zero, when the number of CPU credits being earned matches the number of CPU credits being used. Baseline utilization is also known as the baseline. Baseline utilization is expressed as a percentage of vCPU utilization, which is calculated as follows: Baseline utilization % = (number of credits earned/number of vCPUs)/60 minutes. For the baseline utilization of each burstable performance instance type, see the [credit table](#burstable-performance-instances-credit-table). **Earned credits** Credits earned continuously by an instance when it is running. Number of credits earned per hour = % baseline utilization \$1 number of vCPUs \$1 60 minutes Example: A t3.nano with 2 vCPUs and a baseline utilization of 5% earns 6 credits per hour, calculated as follows: 2 vCPUs \$1 5% baseline \$1 60 minutes = 6 credits per hour **Spent or used credits** Credits used continuously by an instance when it is running. CPU credits spent per minute = Number of vCPUs \$1 CPU utilization \$1 1 minute **Accrued credits** Unspent CPU credits when an instance uses fewer credits than is required for baseline utilization. In other words, accrued credits = (Earned credits – Used credits) below baseline. Example: If a t3.nano is running at 2% CPU utilization, which is below its baseline of 5% for an hour, the accrued credits is calculated as follows: Accrued CPU credits = (Earned credits per hour – Used credits per hour) = 6 – 2 vCPUs \$1 2% CPU utilization \$1 60 minutes = 6 – 2.4 = 3.6 accrued credits per hour **Credit accrual limit** Depends on the instance size but in general is equal to the number of maximum credits earned in 24 hours. Example: For t3.nano, the credit accrual limit = 24 \$1 6 = 144 credits **Launch credits** Only applicable for T2 instances configured for Standard mode. Launch credits are a limited number of CPU credits that are allocated to a new T2 instance so that, when launched in Standard mode, it can burst above the baseline. **Surplus credits** Credits that are spent by an instance after it depletes its accrued credit balance. The surplus credits are designed for burstable instances to sustain high performance for an extended period of time, and are only used in Unlimited mode. The surplus credits balance is used to determine how many credits were used by the instance for bursting in Unlimited mode. **Standard mode** Credit configuration mode, which allows an instance to burst above the baseline by spending credits it has accrued in its credit balance. **Unlimited mode** Credit configuration mode, which allows an instance to burst above the baseline by sustaining high CPU utilization for any period of time whenever required. The hourly instance price automatically covers all CPU usage spikes if the average CPU utilization of the instance is at or below the baseline over a rolling 24-hour period or the instance lifetime, whichever is shorter. If the instance runs at higher CPU utilization for a prolonged period, it can do so for a [flat additional rate](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) per vCPU-hour. The following table summarizes the key credit differences between the burstable instance types. **** | Type | Type of CPU credits supported | Credit configuration modes | Accrued CPU credits lifespan between instance starts and stops | | --- | --- | --- | --- | | Latest generation | | T4g | Earned credits, Accrued credits, Spent credits, Surplus credits (Unlimited mode only) | Standard, Unlimited (default) | 7 days (credits persist for 7 days after an instance stops) | | T3a | Earned credits, Accrued credits, Spent credits, Surplus credits (Unlimited mode only) | Standard, Unlimited (default) | 7 days (credits persist for 7 days after an instance stops) | | T3 | Earned credits, Accrued credits, Spent credits, Surplus credits (Unlimited mode only) | Standard, Unlimited (default) | 7 days (credits persist for 7 days after an instance stops) | | Previous generation | | T2 | Earned credits, Accrued credits, Spent credits, Launch credits (Standard mode only), Surplus credits (Unlimited mode only) | Standard (default), Unlimited | 0 days (credits are lost when an instance stops) | **Note** Unlimited mode is not supported for T3 instances that are launched on a Dedicated Host. ## Earn CPU credits Each burstable performance instance continuously earns (at a millisecond-level resolution) a set rate of CPU credits per hour, depending on the instance size. The accounting process for whether credits are accrued or spent also happens at a millisecond-level resolution, so you don't have to worry about overspending CPU credits; a short burst of CPU uses a small fraction of a CPU credit. If a burstable performance instance uses fewer CPU resources than is required for baseline utilization (such as when it is idle), the unspent CPU credits are accrued in the CPU credit balance. If a burstable performance instance needs to burst above the baseline utilization level, it spends the accrued credits. The more credits that a burstable performance instance has accrued, the more time it can burst beyond its baseline when more CPU utilization is needed. The following table lists the burstable performance instance types, the rate at which CPU credits are earned per hour, the maximum number of earned CPU credits that an instance can accrue, the number of vCPUs per instance, and the baseline utilization as a percentage of a full core (using a single vCPU). | Instance type | CPU credits earned per hour | Maximum earned credits that can be accrued\$1 | vCPUs\$1\$1\$1 | Baseline utilization per vCPU | | --- | --- | --- | --- | --- | | **T2** | | | | | | t2.nano | 3 | 72 | 1 | 5% | | t2.micro | 6 | 144 | 1 | 10% | | t2.small | 12 | 288 | 1 | 20% | | t2.medium | 24 | 576 | 2 | 20%\$1\$1 | | t2.large | 36 | 864 | 2 | 30%\$1\$1 | | t2.xlarge | 54 | 1296 | 4 | 22.5%\$1\$1 | | t2.2xlarge | 81.6 | 1958.4 | 8 | 17%\$1\$1 | | **T3** | | | | | | t3.nano | 6 | 144 | 2 | 5%\$1\$1 | | t3.micro | 12 | 288 | 2 | 10%\$1\$1 | | t3.small | 24 | 576 | 2 | 20%\$1\$1 | | t3.medium | 24 | 576 | 2 | 20%\$1\$1 | | t3.large | 36 | 864 | 2 | 30%\$1\$1 | | t3.xlarge | 96 | 2304 | 4 | 40%\$1\$1 | | t3.2xlarge | 192 | 4608 | 8 | 40%\$1\$1 | | **T3a** | | | | | | t3a.nano | 6 | 144 | 2 | 5%\$1\$1 | | t3a.micro | 12 | 288 | 2 | 10%\$1\$1 | | t3a.small | 24 | 576 | 2 | 20%\$1\$1 | | t3a.medium | 24 | 576 | 2 | 20%\$1\$1 | | t3a.large | 36 | 864 | 2 | 30%\$1\$1 | | t3a.xlarge | 96 | 2304 | 4 | 40%\$1\$1 | | t3a.2xlarge | 192 | 4608 | 8 | 40%\$1\$1 | | **T4g** | | | | | | t4g.nano | 6 | 144 | 2 | 5%\$1\$1 | | t4g.micro | 12 | 288 | 2 | 10%\$1\$1 | | t4g.small | 24 | 576 | 2 | 20%\$1\$1 | | t4g.medium | 24 | 576 | 2 | 20%\$1\$1 | | t4g.large | 36 | 864 | 2 | 30%\$1\$1 | | t4g.xlarge | 96 | 2304 | 4 | 40%\$1\$1 | | t4g.2xlarge | 192 | 4608 | 8 | 40%\$1\$1 | | | | --- | | \$1 The number of credits that can be accrued is equivalent to the number of credits that can be earned in a 24-hour period. | | \$1\$1 The percentage baseline utilization in the table is per vCPU. In CloudWatch, CPU utilization is shown per vCPU. For example, the CPU utilization for a `t3.large` instance operating at the baseline level is shown as 30% in CloudWatch CPU metrics. For information about how to calculate the baseline utilization, see [Baseline utilization](#baseline_performance). | | \$1\$1\$1 Each vCPU is a thread of either an Intel Xeon core or an AMD EPYC core, except for T2 and T4g instances. | ## CPU credit earn rate The number of CPU credits earned per hour is determined by the instance size. For example, a `t3.nano` earns six credits per hour, while a `t3.small` earns 24 credits per hour. The preceding table lists the credit earn rate for all instances. ## CPU credit accrual limit While earned credits never expire on a running instance, there is a limit to the number of earned credits that an instance can accrue. The limit is determined by the CPU credit balance limit. After the limit is reached, any new credits that are earned are discarded, as indicated by the following image. The full bucket indicates the CPU credit balance limit, and the spillover indicates the newly earned credits that exceed the limit. ![\[New credits earned are discarded once the limit is exceeded.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-t3-bucket.png) The CPU credit balance limit differs for each instance size. For example, a `t3.micro` instance can accrue a maximum of 288 earned CPU credits in the CPU credit balance. The preceding table lists the maximum number of earned credits that each instance can accrue. T2 Standard instances also earn launch credits. Launch credits do not count towards the CPU credit balance limit. If a T2 instance has not spent its launch credits, and remains idle over a 24-hour period while accruing earned credits, its CPU credit balance appears as over the limit. For more information, see [Launch credits](burstable-performance-instances-standard-mode-concepts.md#launch-credits). T4g, T3a, and T3 instances do not earn launch credits. These instances launch as `unlimited` by default, and therefore can burst immediately upon start without any launch credits. T3 instances launched on a Dedicated Host launch as `standard` by default; `unlimited` mode is not supported for T3 instances on a Dedicated Host. ## Accrued CPU credits life span CPU credits on a running instance do not expire. For T2, the CPU credit balance does not persist between instance stops and starts. If you stop a T2 instance, the instance loses all its accrued credits. For T4g, T3a, and T3, the CPU credit balance persists for seven days after an instance stops and the credits are lost thereafter. If you start the instance within seven days, no credits are lost. For more information, see `CPUCreditBalance` in the [CloudWatch metrics table](burstable-performance-instances-monitoring-cpu-credits.md#burstable-performance-instances-CW-metrics-table). ## Baseline utilization The *baseline utilization* is the level at which the CPU can be utilized for a net credit balance of zero, when the number of CPU credits being earned matches the number of CPU credits being used. Baseline utilization is also known as *the baseline*. Baseline utilization is expressed as a percentage of vCPU utilization, which is calculated as follows: `(number of credits earned/number of vCPUs)/60 minutes = % baseline utilization` For example, a `t3.nano` instance, with 2 vCPUs, earns 6 credits per hour, resulting in a baseline utilization of 5% , which is calculated as follows: `(6 credits earned/2 vCPUs)/60 minutes = 5% baseline utilization` A `t3.large` instance, with 2 vCPUs, earns 36 credits per hour, resulting in a baseline utilization of 30% (`(36/2)/60`). The following graph provides an example of a `t3.large` with an average CPU utilization below the baseline. ![\[A graph of a t3.large instance with an average CPU utilization below baseline.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/baseline-utilization.png) # Unlimited mode for burstable performance instances Unlimited mode A burstable performance instance configured as `unlimited` can sustain high CPU utilization for any period of time whenever required. The hourly instance price automatically covers all CPU usage spikes if the average CPU utilization of the instance is at or below the baseline over a rolling 24-hour period or the instance lifetime, whichever is shorter. For the vast majority of general-purpose workloads, instances configured as `unlimited` provide ample performance without any additional charges. If the instance runs at higher CPU utilization for a prolonged period, it can do so for a flat additional rate per vCPU-hour. For information about pricing, see [Amazon EC2 pricing](https://aws.amazon.com/ec2/pricing/) and [T2/T3/T4 Unlimited Mode Pricing](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing). If your created your AWS account before July 15, 2025 and you use a `t2.micro` or `t3.micro` instance under the [AWS Free Tier](https://aws.amazon.com/free/) offer and use it in `unlimited` mode, charges might apply if your average utilization over a rolling 24-hour period exceeds the [baseline utilization](burstable-credits-baseline-concepts.md#baseline_performance) of the instance. T4g, T3a, and T3 instances launch as `unlimited` by default (unless you [change the default](burstable-performance-instances-how-to.md#burstable-performance-instance-set-default-credit-specification-for-account)). If the average CPU usage over a 24-hour period exceeds the baseline, you incur charges for surplus credits. If you launch Spot Instances as `unlimited` and plan to use them immediately and for a short duration, with no idle time for accruing CPU credits, you incur charges for surplus credits. We recommend that you launch your Spot Instances in [standard](burstable-performance-instances-standard-mode.md) mode to avoid paying higher costs. For more information, see [Surplus credits can incur charges](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-surplus-credits) and [Launch burstable performance instances](how-spot-instances-work.md#burstable-spot-instances). **Note** T3 instances launched on a Dedicated Host launch as `standard` by default; `unlimited` mode is not supported for T3 instances on a Dedicated Host. **Contents** + [ # Unlimited mode concepts for burstable instances ](burstable-performance-instances-unlimited-mode-concepts.md) + [ ## How Unlimited burstable performance instances work ](burstable-performance-instances-unlimited-mode-concepts.md#how-burstable-performance-instances-unlimited-works) + [ ## When to use unlimited mode versus fixed CPU ](burstable-performance-instances-unlimited-mode-concepts.md#when-to-use-unlimited-mode) + [ ## Surplus credits can incur charges ](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-surplus-credits) + [ ## How much does unlimited burstable performance cost? ](burstable-performance-instances-unlimited-mode-concepts.md#how-much-does-unlimited-burstable-performance-cost) + [ ## No launch credits for T2 Unlimited instances ](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-no-launch-credits) + [ ## Enable unlimited mode ](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-enabling) + [ ## What happens to credits when switching between Unlimited and Standard ](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-switching-and-credits) + [ ## Monitor credit usage ](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-monitoring-credit-usage) + [ # Unlimited mode examples for burstable instances ](unlimited-mode-examples.md) + [ ## Example 1: Explain credit use with T3 Unlimited ](unlimited-mode-examples.md#t3_unlimited_example) + [ ## Example 2: Explain credit use with T2 Unlimited ](unlimited-mode-examples.md#t2_unlimited_example) # Unlimited mode concepts for burstable instances Concepts The `unlimited` mode is a credit configuration option for burstable performance instances. It can be enabled or disabled at any time for a running or stopped instance. You can [set `unlimited` as the default credit option](burstable-performance-instances-how-to.md#burstable-performance-instance-set-default-credit-specification-for-account) at the account level per AWS Region, per burstable performance instance family, so that all new burstable performance instances in the account launch using the default credit option. ## How Unlimited burstable performance instances work If a burstable performance instance configured as `unlimited` depletes its CPU credit balance, it can spend *surplus* credits to burst beyond the [baseline](burstable-credits-baseline-concepts.md#baseline_performance). When its CPU utilization falls below the baseline, it uses the CPU credits that it earns to pay down the surplus credits that it spent earlier. The ability to earn CPU credits to pay down surplus credits enables Amazon EC2 to average the CPU utilization of an instance over a 24-hour period. If the average CPU usage over a 24-hour period exceeds the baseline, the instance is billed for the additional usage at a [flat additional rate](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) per vCPU-hour. The following graph shows the CPU usage of a `t3.large`. The baseline CPU utilization for a `t3.large` is 30%. If the instance runs at 30% CPU utilization or less on average over a 24-hour period, there is no additional charge because the cost is already covered by the instance hourly price. However, if the instance runs at 40% CPU utilization on average over a 24-hour period, as shown in the graph, the instance is billed for the additional 10% CPU usage at a [flat additional rate](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) per vCPU-hour. ![\[CPU billing usage of a t3.large instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t3-cpu-usage.png) For more information about the baseline utilization per vCPU for each instance type and how many credits each instance type earns, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). ## When to use unlimited mode versus fixed CPU When determining whether you should use a burstable performance instance in `unlimited` mode, such as T3, or a fixed performance instance, such as M5, you need to determine the breakeven CPU usage. The breakeven CPU usage for a burstable performance instance is the point at which a burstable performance instance costs the same as a fixed performance instance. The breakeven CPU usage helps you determine the following: + If the average CPU usage over a 24-hour period is at or below the breakeven CPU usage, use a burstable performance instance in `unlimited` mode so that you can benefit from the lower price of a burstable performance instance while getting the same performance as a fixed performance instance. + If the average CPU usage over a 24-hour period is above the breakeven CPU usage, the burstable performance instance will cost more than the equivalently-sized fixed performance instance. If a T3 instance continuously bursts at 100% CPU, you end up paying approximately 1.5 times the price of an equivalently-sized M5 instance. The following graph shows the breakeven CPU usage point where a `t3.large` costs the same as an `m5.large`. The breakeven CPU usage point for a `t3.large` is 42.5%. If the average CPU usage is at 42.5%, the cost of running the `t3.large` is the same as an `m5.large`, and is more expensive if the average CPU usage is above 42.5%. If the workload needs less than 42.5% average CPU usage, you can benefit from the lower price of the `t3.large` while getting the same performance as an `m5.large`. ![\[The breakeven CPU usage point for a t3.large instance is 42.5%.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/T3-unltd-when-to-use.png) The following table shows how to calculate the breakeven CPU usage threshold so that you can determine when it's less expensive to use a burstable performance instance in `unlimited` mode or a fixed performance instance. The columns in the table are labeled A through K. | Instance type | vCPUs | T3 price\$1/hour | M5 price\$1/hour | Price difference | T3 baseline utilization per vCPU (%) | Charge per vCPU hour for surplus credits | Charge per vCPU minute | Additional burst minutes available per vCPU | Additional CPU % available | Breakeven CPU % | | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | | A | B | C | D | E = D - C | F | G | H = G / 60 | I = E / H | J = (I / 60) / B | K = F \$1 J | | t3.large | 2 | \$10.0835 | \$10.096 | \$10.0125 | 30% | \$10.05 | \$10.000833 | 15 | 12.5% | 42.5% | | | | --- | | \$1 Price is based on us-east-1 and Linux OS. | The table provides the following information: + Column A shows the instance type, `t3.large`. + Column B shows the number of vCPUs for the `t3.large`. + Column C shows the price of a `t3.large` per hour. + Column D shows the price of an `m5.large` per hour. + Column E shows the price difference between the `t3.large` and the `m5.large`. + Column F shows the baseline utilization per vCPU of the `t3.large`, which is 30%. At the baseline, the hourly cost of the instance covers the cost of the CPU usage. + Column G shows the [flat additional rate](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) per vCPU-hour that an instance is charged if it bursts at 100% CPU after it has depleted its earned credits. + Column H shows the [flat additional rate](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) per vCPU-minute that an instance is charged if it bursts at 100% CPU after it has depleted its earned credits. + Column I shows the number of additional minutes that the `t3.large` can burst per hour at 100% CPU while paying the same price per hour as an `m5.large`. + Column J shows the additional CPU usage (in %) over baseline that the instance can burst while paying the same price per hour as an `m5.large`. + Column K shows the breakeven CPU usage (in %) that the `t3.large` can burst without paying more than the `m5.large`. Anything above this, and the `t3.large` costs more than the `m5.large`. The following table shows the breakeven CPU usage (in %) for T3 instance types compared to the similarly-sized M5 instance types. | T3 instance type | Breakeven CPU usage (in %) for T3 compared to M5 | | --- | --- | | t3.large | 42.5% | | t3.xlarge | 52.5% | | t3.2xlarge | 52.5% | ## Surplus credits can incur charges If the average CPU utilization of an instance is at or below the baseline, the instance incurs no additional charges. Because an instance earns a [maximum number of credits](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table) in a 24-hour period (for example, a `t3.micro` instance can earn a maximum of 288 credits in a 24-hour period), it can spend surplus credits up to that maximum without being charged. However, if CPU utilization stays above the baseline, the instance cannot earn enough credits to pay down the surplus credits that it has spent. The surplus credits that are not paid down are charged at a flat additional rate per vCPU-hour. For information about the rate, see [ T2/T3/T4g Unlimited Mode Pricing](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing). Surplus credits that were spent earlier are charged when any of the following occurs: + The spent surplus credits exceed the [maximum number of credits](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table) the instance can earn in a 24-hour period. Spent surplus credits above the maximum are charged at the end of the hour. + The instance is stopped or terminated. + The instance is switched from `unlimited` to `standard`. Spent surplus credits are tracked by the CloudWatch metric `CPUSurplusCreditBalance`. Surplus credits that are charged are tracked by the CloudWatch metric `CPUSurplusCreditsCharged`. For more information, see [Additional CloudWatch metrics for burstable performance instances](burstable-performance-instances-monitoring-cpu-credits.md#burstable-performance-instances-cw-metrics). ## How much does unlimited burstable performance cost? If you use surplus credits and they're not paid down by earned credits (see [Surplus credits can incur charges](#unlimited-mode-surplus-credits)), you pay a flat additional rate per vCPU-hour for the surplus credits. The rate is listed in the [T2/T3/T4g Unlimited Mode Pricing](https://aws.amazon.com/ec2/pricing/on-demand/#T2.2FT3.2FT4g_Unlimited_Mode_Pricing) section on the *Amazon EC2 On-Demand Pricing* page. ## No launch credits for T2 Unlimited instances T2 Standard instances receive [launch credits](burstable-performance-instances-standard-mode-concepts.md#launch-credits), but T2 Unlimited instances do not. A T2 Unlimited instance can burst beyond the baseline at any time with no additional charge, as long as its average CPU utilization is at or below the baseline over a rolling 24-hour window or its lifetime, whichever is shorter. As such, T2 Unlimited instances do not require launch credits to achieve high performance immediately after launch. If a T2 instance is switched from `standard` to `unlimited`, any accrued launch credits are removed from the `CPUCreditBalance` before the remaining `CPUCreditBalance` is carried over. T4g, T3a, and T3 instances never receive launch credits because they launch in Unlimited mode by default, and therefore can burst immediately upon start. The Unlimited mode credit configuration enables T4g, T3a, and T3 instances to use as much CPU as needed to burst beyond the baseline and for as long as needed. ## Enable unlimited mode You can switch from `unlimited` to `standard`, and from `standard` to `unlimited`, at any time on a running or stopped instance. For more information, see [Configure the credit specification at launch](burstable-performance-instances-how-to.md#launch-burstable-performance-instances) and [Manage the credit specification of a burstable performance instance](burstable-performance-instances-how-to.md#modify-burstable-performance-instances). You can set `unlimited` as the default credit option at the account level per AWS Region, per burstable performance instance family, so that all new burstable performance instances in the account launch using the default credit option. For more information, see [Manage the default credit specification for an account](burstable-performance-instances-how-to.md#burstable-performance-instance-set-default-credit-specification-for-account). You can check whether your burstable performance instance is configured as `unlimited` or `standard` using the Amazon EC2 console or the AWS CLI. For more information, see [Configure burstable performance instances](burstable-performance-instances-how-to.md). ## What happens to credits when switching between Unlimited and Standard `CPUCreditBalance` is a CloudWatch metric that tracks the number of credits accrued by an instance. `CPUSurplusCreditBalance` is a CloudWatch metric that tracks the number of surplus credits spent by an instance. When you change an instance configured as `unlimited` to `standard`, the following occurs: + The `CPUCreditBalance` value remains unchanged and is carried over. + The `CPUSurplusCreditBalance` value is immediately charged. When a `standard` instance is switched to `unlimited`, the following occurs: + The `CPUCreditBalance` value containing accrued earned credits is carried over. + For T2 Standard instances, any launch credits are removed from the `CPUCreditBalance` value, and the remaining `CPUCreditBalance` value containing accrued earned credits is carried over. ## Monitor credit usage To see if your instance is spending more credits than the baseline provides, you can use CloudWatch metrics to track usage, and you can set up hourly alarms to be notified of credit usage. For more information, see [Monitor CPU credits for burstable instances](burstable-performance-instances-monitoring-cpu-credits.md). # Unlimited mode examples for burstable instances Examples The following examples explain credit use for instances that are configured as `unlimited`. **Topics** + [ ## Example 1: Explain credit use with T3 Unlimited ](#t3_unlimited_example) + [ ## Example 2: Explain credit use with T2 Unlimited ](#t2_unlimited_example) ## Example 1: Explain credit use with T3 Unlimited In this example, you see the CPU utilization of a `t3.nano` instance launched as `unlimited`, and how it spends *earned* and *surplus* credits to sustain CPU utilization. A `t3.nano` instance earns 144 CPU credits over a rolling 24-hour period, which it can redeem for 144 minutes of vCPU use. When it depletes its CPU credit balance (represented by the CloudWatch metric `CPUCreditBalance`), it can spend *surplus* CPU credits—that it has *not yet earned*—to burst for as long as it needs. Because a `t3.nano` instance earns a maximum of 144 credits in a 24-hour period, it can spend surplus credits up to that maximum without being charged immediately. If it spends more than 144 CPU credits, it is charged for the difference at the end of the hour. The intent of the example, illustrated by the following graph, is to show how an instance can burst using surplus credits even after it depletes its `CPUCreditBalance`. The following workflow references the numbered points on the graph: **P1** – At 0 hours on the graph, the instance is launched as `unlimited` and immediately begins to earn credits. The instance remains idle from the time it is launched—CPU utilization is 0%—and no credits are spent. All unspent credits are accrued in the credit balance. For the first 24 hours, `CPUCreditUsage` is at 0, and the `CPUCreditBalance` value reaches its maximum of 144. **P2** – For the next 12 hours, CPU utilization is at 2.5%, which is below the 5% baseline. The instance earns more credits than it spends, but the `CPUCreditBalance` value cannot exceed its maximum of 144 credits. **P3** – For the next 24 hours, CPU utilization is at 7% (above the baseline), which requires a spend of 57.6 credits. The instance spends more credits than it earns, and the `CPUCreditBalance` value reduces to 86.4 credits. **P4** – For the next 12 hours, CPU utilization decreases to 2.5% (below the baseline), which requires a spend of 36 credits. In the same time, the instance earns 72 credits. The instance earns more credits than it spends, and the `CPUCreditBalance` value increases to 122 credits. **P5** – For the next 5 hours, the instance bursts at 100% CPU utilization, and spends a total of 570 credits to sustain the burst. About an hour into this period, the instance depletes its entire `CPUCreditBalance` of 122 credits, and starts to spend surplus credits to sustain the high CPU utilization, totaling 448 surplus credits in this period (570-122=448). When the `CPUSurplusCreditBalance` value reaches 144 CPU credits (the maximum a `t3.nano` instance can earn in a 24-hour period), any surplus credits spent thereafter cannot be offset by earned credits. The surplus credits spent thereafter amounts to 304 credits (448-144=304), which results in a small additional charge at the end of the hour for 304 credits. **P6** – For the next 13 hours, CPU utilization is at 5% (the baseline). The instance earns as many credits as it spends, with no excess to pay down the `CPUSurplusCreditBalance`. The `CPUSurplusCreditBalance` value remains at 144 credits. **P7** – For the last 24 hours in this example, the instance is idle and CPU utilization is 0%. During this time, the instance earns 144 credits, which it uses to pay down the `CPUSurplusCreditBalance`. ![\[The t3 instance earned 144 credits after 24 hours.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t3_unlimited_graph.png) ## Example 2: Explain credit use with T2 Unlimited In this example, you see the CPU utilization of a `t2.nano` instance launched as `unlimited`, and how it spends *earned* and *surplus* credits to sustain CPU utilization. A `t2.nano` instance earns 72 CPU credits over a rolling 24-hour period, which it can redeem for 72 minutes of vCPU use. When it depletes its CPU credit balance (represented by the CloudWatch metric `CPUCreditBalance`), it can spend *surplus* CPU credits—that it has *not yet earned*—to burst for as long as it needs. Because a `t2.nano` instance earns a maximum of 72 credits in a 24-hour period, it can spend surplus credits up to that maximum without being charged immediately. If it spends more than 72 CPU credits, it is charged for the difference at the end of the hour. The intent of the example, illustrated by the following graph, is to show how an instance can burst using surplus credits even after it depletes its `CPUCreditBalance`. You can assume that, at the start of the time line in the graph, the instance has an accrued credit balance equal to the maximum number of credits it can earn in 24 hours. The following workflow references the numbered points on the graph: **1** – In the first 10 minutes, `CPUCreditUsage` is at 0, and the `CPUCreditBalance` value remains at its maximum of 72. **2** – At 23:40, as CPU utilization increases, the instance spends CPU credits and the `CPUCreditBalance` value decreases. **3** – At around 00:47, the instance depletes its entire `CPUCreditBalance`, and starts to spend surplus credits to sustain high CPU utilization. **4** – Surplus credits are spent until 01:55, when the `CPUSurplusCreditBalance` value reaches 72 CPU credits. This is equal to the maximum a `t2.nano` instance can earn in a 24-hour period. Any surplus credits spent thereafter cannot be offset by earned credits within the 24-hour period, which results in a small additional charge at the end of the hour. **5** – The instance continues to spend surplus credits until around 02:20. At this time, CPU utilization falls below the baseline, and the instance starts to earn credits at 3 credits per hour (or 0.25 credits every 5 minutes), which it uses to pay down the `CPUSurplusCreditBalance`. After the `CPUSurplusCreditBalance` value reduces to 0, the instance starts to accrue earned credits in its `CPUCreditBalance` at 0.25 credits every 5 minutes. ![\[Graphed CPU utilization of a t2.nano instance launched as unlimited.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2_unlimited_graph.png) **Calculating the bill (Linux instance)** Surplus credits cost \$10.05 per vCPU-hour. The instance spent approximately 25 surplus credits between 01:55 and 02:20, which is equivalent to 0.42 vCPU-hours. Additional charges for this instance are 0.42 vCPU-hours x \$10.05/vCPU-hour = \$10.021, rounded to \$10.02. Here is the month-end bill for this T2 Unlimited instance: ![\[Example bill for a T2 Unlimited instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2_unlimited_bill_linux.png) **Calculating the bill (Windows instance)** Surplus credits cost \$10.096 per vCPU-hour. The instance spent approximately 25 surplus credits between 01:55 and 02:20, which is equivalent to 0.42 vCPU-hours. Additional charges for this instance are 0.42 vCPU-hours x \$10.096/vCPU-hour = \$10.04032, rounded to \$10.04. Here is the month-end bill for this T2 Unlimited instance: ![\[Example bill for a T2 Unlimited instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2_unlimited_bill_windows.png) You can set billing alerts to be notified every hour of any accruing charges, and take action if required. # Standard mode for burstable performance instances Standard mode A burstable performance instance configured as `standard` is suited to workloads with an average CPU utilization that is consistently below the baseline CPU utilization of the instance. To burst above the baseline, the instance spends credits that it has accrued in its CPU credit balance. If the instance is running low on accrued credits, CPU utilization is gradually lowered to the baseline level, so that the instance does not experience a sharp performance drop-off when its accrued CPU credit balance is depleted. For more information, see [Key concepts for burstable performance instances](burstable-credits-baseline-concepts.md). **Contents** + [ # Standard mode concepts for burstable instances ](burstable-performance-instances-standard-mode-concepts.md) + [ ## How standard burstable performance instances work ](burstable-performance-instances-standard-mode-concepts.md#how-burstable-performance-instances-standard-works) + [ ## Launch credits ](burstable-performance-instances-standard-mode-concepts.md#launch-credits) + [ ## Launch credit limits ](burstable-performance-instances-standard-mode-concepts.md#launch-credit-limits) + [ ## Differences between launch credits and earned credits ](burstable-performance-instances-standard-mode-concepts.md#burstable-performance-instances-diff-launch-earned-credits) + [ # Standard mode examples for burstable instances ](standard-mode-examples.md) + [ ## Example 1: Explain credit use with T3 Standard ](standard-mode-examples.md#t3_standard_example) + [ ## Example 2: Explain credit use with T2 Standard ](standard-mode-examples.md#t2-standard-example) + [ ### Period 1: 1 – 24 hours ](standard-mode-examples.md#period-1) + [ ### Period 2: 25 – 36 hours ](standard-mode-examples.md#period-2) + [ ### Period 3: 37 – 61 hours ](standard-mode-examples.md#period-3) + [ ### Period 4: 62 – 72 hours ](standard-mode-examples.md#period-4) + [ ### Period 5: 73 – 75 hours ](standard-mode-examples.md#period-5) + [ ### Period 6: 76 – 90 hours ](standard-mode-examples.md#period-6) + [ ### Period 7: 91 – 96 hours ](standard-mode-examples.md#period-7) # Standard mode concepts for burstable instances Concepts The `standard` mode is a configuration option for burstable performance instances. It can be enabled or disabled at any time for a running or stopped instance. You can [set `standard` as the default credit option](burstable-performance-instances-how-to.md#burstable-performance-instance-set-default-credit-specification-for-account) at the account level per AWS Region, per burstable performance instance family, so that all new burstable performance instances in the account launch using the default credit option. ## How standard burstable performance instances work When a burstable performance instance configured as `standard` is in a running state, it continuously earns (at a millisecond-level resolution) a set rate of earned credits per hour. For T2 Standard, when the instance is stopped, it loses all its accrued credits, and its credit balance is reset to zero. When it is restarted, it receives a new set of launch credits, and begins to accrue earned credits. For T4g, T3a, and T3 Standard instances, the CPU credit balance persists for seven days after the instance stops and the credits are lost thereafter. If you start the instance within seven days, no credits are lost. T2 Standard instances receive two types of [CPU credits](burstable-credits-baseline-concepts.md#key-concepts): *earned credits* and *launch credits*. When a T2 Standard instance is in a running state, it continuously earns (at a millisecond-level resolution) a set rate of earned credits per hour. At start, it has not yet earned credits for a good startup experience; therefore, to provide a good startup experience, it receives launch credits at start, which it spends first while it accrues earned credits. T4g, T3a, and T3 instances do not receive launch credits because they support Unlimited mode. The Unlimited mode credit configuration enables T4g, T3a, and T3 instances to use as much CPU as needed to burst beyond baseline and for as long as needed. ## Launch credits T2 Standard instances get 30 launch credits per vCPU at launch or start, and T1 Standard instances get 15 launch credits. For example, a `t2.micro` instance has one vCPU and gets 30 launch credits, while a `t2.xlarge` instance has four vCPUs and gets 120 launch credits. Launch credits are designed to provide a good startup experience to allow instances to burst immediately after launch before they have accrued earned credits. Launch credits are spent first, before earned credits. Unspent launch credits are accrued in the CPU credit balance, but do not count towards the CPU credit balance limit. For example, a `t2.micro` instance has a CPU credit balance limit of 144 earned credits. If it is launched and remains idle for 24 hours, its CPU credit balance reaches 174 (30 launch credits \$1 144 earned credits), which is over the limit. However, after the instance spends the 30 launch credits, the credit balance cannot exceed 144. For more information about the CPU credit balance limit for each instance size, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). The following table lists the initial CPU credit allocation received at launch or start, and the number of vCPUs. | Instance type | Launch credits | vCPUs | | --- | --- | --- | | t1.micro | 15 | 1 | | t2.nano | 30 | 1 | | t2.micro | 30 | 1 | | t2.small | 30 | 1 | | t2.medium | 60 | 2 | | t2.large | 60 | 2 | | t2.xlarge | 120 | 4 | | t2.2xlarge | 240 | 8 | ## Launch credit limits There is a limit to the number of times T2 Standard instances can receive launch credits. The default limit is 100 launches or starts of all T2 Standard instances combined per account, per Region, per rolling 24-hour period. For example, the limit is reached when one instance is stopped and started 100 times within a 24-hour period, or when 100 instances are launched within a 24-hour period, or other combinations that equate to 100 starts. New accounts may have a lower limit, which increases over time based on your usage. **Tip** To ensure that your workloads always get the performance they need, switch to [Unlimited mode for burstable performance instances](burstable-performance-instances-unlimited-mode.md) or consider using a larger instance size. ## Differences between launch credits and earned credits The following table lists the differences between launch credits and earned credits. | | Launch credits | Earned credits | | --- | --- | --- | | **Credit earn rate** | T2 Standard instances get 30 launch credits per vCPU at launch or start. If a T2 instance is switched from `unlimited` to `standard`, it does not get launch credits at the time of switching. | Each T2 instance continuously earns (at a millisecond-level resolution) a set rate of CPU credits per hour, depending on the instance size. For more information about the number of CPU credits earned per instance size, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). | | **Credit earn limit** | The limit for receiving launch credits is 100 launches or starts of all T2 Standard instances combined per account, per Region, per rolling 24-hour period. New accounts may have a lower limit, which increases over time based on your usage. | A T2 instance cannot accrue more credits than the CPU credit balance limit. If the CPU credit balance has reached its limit, any credits that are earned after the limit is reached are discarded. Launch credits do not count towards the limit. For more information about the CPU credit balance limit for each T2 instance size, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). | | **Credit use** | Launch credits are spent first, before earned credits. | Earned credits are spent only after all launch credits are spent. | | **Credit expiration** | When a T2 Standard instance is running, launch credits do not expire. When a T2 Standard instance stops or is switched to T2 Unlimited, all launch credits are lost. | When a T2 instance is running, earned credits that have accrued do not expire. When the T2 instance stops, all accrued earned credits are lost. | The number of accrued launch credits and accrued earned credits is tracked by the CloudWatch metric `CPUCreditBalance`. For more information, see `CPUCreditBalance` in the [CloudWatch metrics table](burstable-performance-instances-monitoring-cpu-credits.md#burstable-performance-instances-CW-metrics-table). # Standard mode examples for burstable instances Examples The following examples explain credit use when instances are configured as `standard`. **Topics** + [ ## Example 1: Explain credit use with T3 Standard ](#t3_standard_example) + [ ## Example 2: Explain credit use with T2 Standard ](#t2-standard-example) ## Example 1: Explain credit use with T3 Standard In this example, you see how a `t3.nano` instance launched as `standard` earns, accrues, and spends *earned* credits. You see how the credit balance reflects the accrued *earned* credits. A running `t3.nano` instance earns 144 credits every 24 hours. Its credit balance limit is 144 earned credits. After the limit is reached, new credits that are earned are discarded. For more information about the number of credits that can be earned and accrued, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). You might launch a T3 Standard instance and use it immediately. Or, you might launch a T3 Standard instance and leave it idle for a few days before running applications on it. Whether an instance is used or remains idle determines if credits are spent or accrued. If an instance remains idle for 24 hours from the time it is launched, the credit balance reaches it limit, which is the maximum number of earned credits that can be accrued. This example describes an instance that remains idle for 24 hours from the time it is launched, and walks you through seven periods of time over a 96-hour period, showing the rate at which credits are earned, accrued, spent, and discarded, and the value of the credit balance at the end of each period. The following workflow references the numbered points on the graph: **P1** – At 0 hours on the graph, the instance is launched as `standard` and immediately begins to earn credits. The instance remains idle from the time it is launched—CPU utilization is 0%—and no credits are spent. All unspent credits are accrued in the credit balance. For the first 24 hours, `CPUCreditUsage` is at 0, and the `CPUCreditBalance` value reaches its maximum of 144. **P2** – For the next 12 hours, CPU utilization is at 2.5%, which is below the 5% baseline. The instance earns more credits than it spends, but the `CPUCreditBalance` value cannot exceed its maximum of 144 credits. Any credits that are earned in excess of the limit are discarded. **P3** – For the next 24 hours, CPU utilization is at 7% (above the baseline), which requires a spend of 57.6 credits. The instance spends more credits than it earns, and the `CPUCreditBalance` value reduces to 86.4 credits. **P4** – For the next 12 hours, CPU utilization decreases to 2.5% (below the baseline), which requires a spend of 36 credits. In the same time, the instance earns 72 credits. The instance earns more credits than it spends, and the `CPUCreditBalance` value increases to 122 credits. **P5** – For the next two hours, the instance bursts at 60% CPU utilization, and depletes its entire `CPUCreditBalance` value of 122 credits. At the end of this period, with the `CPUCreditBalance` at zero, CPU utilization is forced to drop to the baseline utilization level of 5%. At the baseline, the instance earns as many credits as it spends. **P6** – For the next 14 hours, CPU utilization is at 5% (the baseline). The instance earns as many credits as it spends. The `CPUCreditBalance` value remains at 0. **P7** – For the last 24 hours in this example, the instance is idle and CPU utilization is 0%. During this time, the instance earns 144 credits, which it accrues in its `CPUCreditBalance`. ![\[T3 Standard instance CPU utilization.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t3_standard_graph.png) ## Example 2: Explain credit use with T2 Standard In this example, you see how a `t2.nano` instance launched as `standard` earns, accrues, and spends *launch* and *earned* credits. You see how the credit balance reflects not only accrued *earned* credits, but also accrued *launch* credits. A `t2.nano` instance gets 30 launch credits when it is launched, and earns 72 credits every 24 hours. Its credit balance limit is 72 earned credits; launch credits do not count towards the limit. After the limit is reached, new credits that are earned are discarded. For more information about the number of credits that can be earned and accrued, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). For more information about limits, see [Launch credit limits](burstable-performance-instances-standard-mode-concepts.md#launch-credit-limits). You might launch a T2 Standard instance and use it immediately. Or, you might launch a T2 Standard instance and leave it idle for a few days before running applications on it. Whether an instance is used or remains idle determines if credits are spent or accrued. If an instance remains idle for 24 hours from the time it is launched, the credit balance appears to exceed its limit because the balance reflects both accrued earned credits and accrued launch credits. However, after CPU is used, the launch credits are spent first. Thereafter, the limit always reflects the maximum number of earned credits that can be accrued. This example describes an instance that remains idle for 24 hours from the time it is launched, and walks you through seven periods of time over a 96-hour period, showing the rate at which credits are earned, accrued, spent, and discarded, and the value of the credit balance at the end of each period. ### Period 1: 1 – 24 hours At 0 hours on the graph, the T2 instance is launched as `standard` and immediately gets 30 launch credits. It earns credits while in the running state. The instance remains idle from the time it is launched—CPU utilization is 0%—and no credits are spent. All unspent credits are accrued in the credit balance. At approximately 14 hours after launch, the credit balance is 72 (30 launch credits \$1 42 earned credits), which is equivalent to what the instance can earn in 24 hours. At 24 hours after launch, the credit balance exceeds 72 credits because the unspent launch credits are accrued in the credit balance—the credit balance is 102 credits: 30 launch credits \$1 72 earned credits. ![\[In period 1 for the T2 standard, the credit balance is 102 credits.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph1.png) | | | | --- |--- | | Credit Spend Rate | 0 credits per 24 hours (0% CPU utilization) | | Credit Earn Rate | 72 credits per 24 hours | | Credit Discard Rate | 0 credits per 24 hours | | Credit Balance | 102 credits (30 launch credits \$1 72 earned credits) | **Conclusion** If there is no CPU utilization after launch, the instance accrues more credits than what it can earn in 24 hours (30 launch credits \$1 72 earned credits = 102 credits). In a real-world scenario, an EC2 instance consumes a small number of credits while launching and running, which prevents the balance from reaching the maximum theoretical value in this example. ### Period 2: 25 – 36 hours For the next 12 hours, the instance continues to remain idle and earn credits, but the credit balance does not increase. It plateaus at 102 credits (30 launch credits \$1 72 earned credits). The credit balance has reached its limit of 72 accrued earned credits, so newly earned credits are discarded. ![\[The credit balance has reached its limit of 72 accrued earned credits.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph2.png) | | | | --- |--- | | Credit Spend Rate | 0 credits per 24 hours (0% CPU utilization) | | Credit Earn Rate | 72 credits per 24 hours (3 credits per hour) | | Credit Discard Rate | 72 credits per 24 hours (100% of credit earn rate) | | Credit Balance | 102 credits (30 launch credits \$1 72 earned credits)—balance is unchanged | **Conclusion** An instance constantly earns credits, but it cannot accrue more earned credits if the credit balance has reached its limit. After the limit is reached, newly earned credits are discarded. Launch credits do not count towards the credit balance limit. If the balance includes accrued launch credits, the balance appears to be over the limit. ### Period 3: 37 – 61 hours For the next 25 hours, the instance uses 2% CPU, which requires 30 credits. In the same period, it earns 75 credits, but the credit balance decreases. The balance decreases because the accrued *launch* credits are spent first, while newly earned credits are discarded because the credit balance is already at its limit of 72 earned credits. ![\[Newly earned credits are discarded because the credit balance is already at its limit.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph3.png) | | | | --- |--- | | Credit Spend Rate | 28.8 credits per 24 hours (1.2 credits per hour, 2% CPU utilization, 40% of credit earn rate)—30 credits over 25 hours | | Credit Earn Rate | 72 credits per 24 hours | | Credit Discard Rate | 72 credits per 24 hours (100% of credit earn rate) | | Credit Balance | 72 credits (30 launch credits were spent; 72 earned credits remain unspent) | **Conclusion** An instance spends launch credits first, before spending earned credits. Launch credits do not count towards the credit limit. After the launch credits are spent, the balance can never go higher than what can be earned in 24 hours. Furthermore, while an instance is running, it cannot get more launch credits. ### Period 4: 62 – 72 hours For the next 11 hours, the instance uses 2% CPU, which requires 13.2 credits. This is the same CPU utilization as in the previous period, but the balance does not decrease. It stays at 72 credits. The balance does not decrease because the credit earn rate is higher than the credit spend rate. In the time that the instance spends 13.2 credits, it also earns 33 credits. However, the balance limit is 72 credits, so any earned credits that exceed the limit are discarded. The balance plateaus at 72 credits, which is different from the plateau of 102 credits during Period 2, because there are no accrued launch credits. ![\[The balance plateaus at 72 credits, because there are no accrued launch credits.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph4.png) | | | | --- |--- | | Credit Spend Rate | 28.8 credits per 24 hours (1.2 credits per hour, 2% CPU utilization, 40% of credit earn rate)—13.2 credits over 11 hours | | Credit Earn Rate | 72 credits per 24 hours | | Credit Discard Rate | 43.2 credits per 24 hours (60% of credit earn rate) | | Credit Balance | 72 credits (0 launch credits, 72 earned credits)—balance is at its limit | **Conclusion** After launch credits are spent, the credit balance limit is determined by the number of credits that an instance can earn in 24 hours. If the instance earns more credits than it spends, newly earned credits over the limit are discarded. ### Period 5: 73 – 75 hours For the next three hours, the instance bursts at 20% CPU utilization, which requires 36 credits. The instance earns nine credits in the same three hours, which results in a net balance decrease of 27 credits. At the end of three hours, the credit balance is 45 accrued earned credits. ![\[At the end of three hours, the credit balance is 45 accrued earned credits.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph5.png) | | | | --- |--- | | Credit Spend Rate | 288 credits per 24 hours (12 credits per hour, 20% CPU utilization, 400% of credit earn rate)—36 credits over 3 hours | | Credit Earn Rate | 72 credits per 24 hours (9 credits over 3 hours) | | Credit Discard Rate | 0 credits per 24 hours | | Credit Balance | 45 credits (previous balance (72) - spent credits (36) \$1 earned credits (9))—balance decreases at a rate of 216 credits per 24 hours (spend rate 288/24 \$1 earn rate 72/24 = balance decrease rate 216/24) | **Conclusion** If an instance spends more credits than it earns, its credit balance decreases. ### Period 6: 76 – 90 hours For the next 15 hours, the instance uses 2% CPU, which requires 18 credits. This is the same CPU utilization as in Periods 3 and 4. However, the balance increases in this period, whereas it decreased in Period 3 and plateaued in Period 4. In Period 3, the accrued launch credits were spent, and any earned credits that exceeded the credit limit were discarded, resulting in a decrease in the credit balance. In Period 4, the instance spent fewer credits than it earned. Any earned credits that exceeded the limit were discarded, so the balance plateaued at its maximum of 72 credits. In this period, there are no accrued launch credits, and the number of accrued earned credits in the balance is below the limit. No earned credits are discarded. Furthermore, the instance earns more credits than it spends, resulting in an increase in the credit balance. ![\[The instance earns more credits than it spends.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph6.png) | | | | --- |--- | | Credit Spend Rate | 28.8 credits per 24 hours (1.2 credits per hour, 2% CPU utilization, 40% of credit earn rate)—18 credits over 15 hours | | Credit Earn Rate | 72 credits per 24 hours (45 credits over 15 hours) | | Credit Discard Rate | 0 credits per 24 hours | | Credit Balance | 72 credits (balance increases at a rate of 43.2 credits per 24 hours—change rate = spend rate 28.8/24 \$1 earn rate 72/24) | **Conclusion** If an instance spends fewer credits than it earns, its credit balance increases. ### Period 7: 91 – 96 hours For the next six hours, the instance remains idle—CPU utilization is 0%—and no credits are spent. This is the same CPU utilization as in Period 2, but the balance does not plateau at 102 credits—it plateaus at 72 credits, which is the credit balance limit for the instance. In Period 2, the credit balance included 30 accrued launch credits. The launch credits were spent in Period 3. A running instance cannot get more launch credits. After its credit balance limit is reached, any earned credits that exceed the limit are discarded. ![\[Earned credits that exceed the limit are discarded.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/t2-graph7.png) | | | | --- |--- | | Credit Spend Rate | 0 credits per 24 hours (0% CPU utilization) | | Credit Earn Rate | 72 credits per 24 hours | | Credit Discard Rate | 72 credits per 24 hours (100% of credit earn rate) | | Credit Balance | 72 credits (0 launch credits, 72 earned credits) | **Conclusion** An instance constantly earns credits, but cannot accrue more earned credits if the credit balance limit has been reached. After the limit is reached, newly earned credits are discarded. The credit balance limit is determined by the number of credits that an instance can earn in 24 hours. For more information about credit balance limits, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). # Configure burstable performance instances The steps for launching, monitoring, and modifying burstable performance instances (T instances) are similar. The key difference is the default credit specification when they launch. Each T instance family comes with the following *default credit specification*: + T4g, T3a, and T3 instances launch as `unlimited` + T3 instances on a Dedicated Host can only launch as `standard` + T2 instances launch as `standard` You can [change the default credit specification](#burstable-performance-instance-set-default-credit-specification-for-account) for the account. **Topics** + [ ## Configure the credit specification at launch ](#launch-burstable-performance-instances) + [ ## Configure an Auto Scaling group to set the credit specification as unlimited ](#burstable-performance-instances-auto-scaling-grp) + [ ## Manage the credit specification of a burstable performance instance ](#modify-burstable-performance-instances) + [ ## Manage the default credit specification for an account ](#burstable-performance-instance-set-default-credit-specification-for-account) ## Configure the credit specification at launch You can launch your T instances with a credit specification of `unlimited` or `standard`. The following procedures describe how to use the EC2 console or the AWS CLI. For information about using an Auto Scaling group, see [Configure an Auto Scaling group to set the credit specification as unlimited](#burstable-performance-instances-auto-scaling-grp). ------ #### [ Console ] **To configure the credit specification of an instance at launch** 1. Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md). 1. Under **Instance type**, select a T instance type. 1. Expand **Advanced details**. For **Credit specification**, select a credit specification. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. ------ #### [ AWS CLI ] **To set the credit specification of an instance at launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command with the `--credit-specification` option. ``` --credit-specification CpuCredits=unlimited ``` ------ #### [ PowerShell ] **To set the credit specification of an instance at launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet with the `-CreditSpecification_CpuCredit` parameter. ``` -CreditSpecification_CpuCredit unlimited ``` ------ ## Configure an Auto Scaling group to set the credit specification as unlimited When T instances are launched or started, they require CPU credits for a good bootstrapping experience. If you use an Auto Scaling group to launch your instances, we recommend that you configure your instances as `unlimited`. If you do, the instances use surplus credits when they are automatically launched or restarted by the Auto Scaling group. Using surplus credits prevents performance restrictions. ### Create a launch template You must use a *launch template* for launching instances as `unlimited` in an Auto Scaling group. A launch configuration does not support launching instances as `unlimited`. ------ #### [ Console ] **To create a launch template that sets the credit specification** 1. Follow the [Create a launch template using advanced settings](https://docs.aws.amazon.com/autoscaling/ec2/userguide/advanced-settings-for-your-launch-template.html) procedure in the *Amazon EC2 Auto Scaling User Guide*. 1. In **Launch template contents**, for **Instance type**, choose an instance size. 1. To launch instances as `unlimited` in an Auto Scaling group, under **Advanced details**, for **Credit specification**, choose **Unlimited**. 1. When you've finished defining the launch template parameters, choose **Create launch template**. ------ #### [ AWS CLI ] **To create a launch template that sets the credit specification** Use the [create-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html) command. ``` aws ec2 create-launch-template \ --launch-template-name my-launch-template \ --version-description FirstVersion \ --launch-template-data CreditSpecification={CpuCredits=unlimited} ``` ------ #### [ PowerShell ] **To create a launch template that sets the credit specification** Use the [New-EC2LaunchTemplate](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2LaunchTemplate.html) cmdlet. Define the credit specification for the launch template data as follows. ``` $creditSpec = New-Object Amazon.EC2.Model.CreditSpecificationRequest $creditSpec.CpuCredits = "unlimited" $launchTemplateData = New-Object Amazon.EC2.Model.RequestLaunchTemplateData $launchTemplateData.CreditSpecification = $creditSpec ``` ------ ### Associate an Auto Scaling group with a launch template To associate the launch template with an Auto Scaling group, create the Auto Scaling group using the launch template, or add the launch template to an existing Auto Scaling group. ------ #### [ Console ] **To create an Auto Scaling group using a launch template** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the navigation bar at the top of the screen, select the same Region that you used when you created the launch template. 1. In the navigation pane, choose **Auto Scaling Groups**, **Create Auto Scaling group**. 1. Choose **Launch Template**, select your launch template, and then choose **Next Step**. 1. Complete the fields for the Auto Scaling group. When you've finished reviewing your configuration settings on the **Review page**, choose **Create Auto Scaling group**. For more information, see [Creating an Auto Scaling Group Using a Launch Template](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*. **To add a launch template to an existing Auto Scaling group** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the navigation bar at the top of the screen, select the same Region that you used when you created the launch template. 1. In the navigation pane, choose **Auto Scaling Groups**. 1. From the Auto Scaling group list, select an Auto Scaling group, and choose **Actions**, **Edit**. 1. On the **Details** tab, for **Launch Template**, choose a launch template, and then choose **Save**. ------ #### [ AWS CLI ] **To create an Auto Scaling group using a launch template** Use the [create-auto-scaling-group](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/create-auto-scaling-group.html) command and specify the `--launch-template` parameter. **To add a launch template to an existing Auto Scaling group** Use the [update-auto-scaling-group](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/update-auto-scaling-group.html) command and specify the `--launch-template` parameter. ------ #### [ PowerShell ] **To create an Auto Scaling group using a launch template** Use the [New-ASAutoScalingGroup](https://docs.aws.amazon.com/powershell/latest/reference/items/New-ASAutoScalingGroup.html) cmdlet and specify the `-LaunchTemplate_LaunchTemplateId` or `-LaunchTemplate_LaunchTemplateName` parameter. **To add a launch template to an existing Auto Scaling group** Use the [Update-ASAutoScalingGroup](https://docs.aws.amazon.com/powershell/latest/reference/items/Update-ASAutoScalingGroup.html) cmdlet and specify the `-LaunchTemplate_LaunchTemplateId` or `-LaunchTemplate_LaunchTemplateName` parameter. ------ ## Manage the credit specification of a burstable performance instance You can switch the credit specification of a running or stopped T instance at any time between `unlimited` and `standard`. Note that in `unlimited` mode, an instance can spend surplus credits, which might incur an additional charge. For more information, see [Surplus credits can incur charges](burstable-performance-instances-unlimited-mode-concepts.md#unlimited-mode-surplus-credits). ------ #### [ Console ] **To manage the credit specification of an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances**. 1. (Optional) Select an instance. On its **Details** tab, find **Credit specification**. The value is either `unlimited` or `standard`. 1. (Optional) To modify the credit specification for multiple instances at the same time, select them all. 1. Choose **Actions**, **Instance settings**, **Change credit specification**. This option is enabled only if you selected a T instance. 1. For **Unlimited mode**, select or clear the checkbox next to each instance ID. ------ #### [ AWS CLI ] **To get the credit specification of an instance** Use the [describe-instance-credit-specifications](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-credit-specifications.html) command. If you do not specify an instance ID, all instances with the credit specification of `unlimited` are returned. The output would also include instances that were previously configured with the `unlimited` credit specification. For example, if you resize a T3 instance to an M4 instance, while it is configured as `unlimited`, Amazon EC2 returns the M4 instance. ``` aws ec2 describe-instance-credit-specifications \ --instance-id i-1234567890abcdef0 \ --query InstanceCreditSpecifications[].CpuCredits \ --output text ``` The following is example output. ``` unlimited ``` **To set the credit specification of an instance** Use the [modify-instance-credit-specification](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-credit-specification.html) command. ``` aws ec2 modify-instance-credit-specification \ --region us-east-1 \ --instance-credit-specification "InstanceId=i-1234567890abcdef0,CpuCredits=unlimited" ``` ------ #### [ PowerShell ] **To get the credit specification of an instance** Use the [Get-EC2CreditSpecification](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CreditSpecification.html) cmdlet. ``` (Get-EC2CreditSpecification ` -InstanceId i-1234567890abcdef0).CpuCredits ``` The following is example output. ``` unlimited ``` **To set the credit specification of an instance** Use the [Edit-EC2InstanceCreditSpecification](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceCreditSpecification.html) cmdlet. ``` Edit-EC2InstanceCreditSpecification ` -Region us-east-1 ` -InstanceCreditSpecification @({InstanceId="i-1234567890abcdef0" CpuCredits="unlimited"}) ``` ------ ## Manage the default credit specification for an account Each T instance family comes with a [default credit specification](#default-credit-spec). You can change the default credit specification for each T instance family at the account level per AWS Region. The valid values for the default credit specification are `unlimited` and `standard`. If you use the launch instance wizard in the EC2 console to launch instances, the value you select for the credit specification overrides the account-level default credit specification. If you use the AWS CLI to launch instances, all new T instances in the account launch using the default credit specification. The credit specification for existing running or stopped instances is not affected. **Consideration** The default credit specification for an instance family can be modified only once in a rolling 5-minute period, and up to four times in a rolling 24-hour period. ------ #### [ Console ] **To manage the default credit specification** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. To change the AWS Region, use the Region selector in the upper-right corner of the page. 1. In the navigation pane, choose **Dashboard**. 1. On the **Account attributes** card, under **Settings**, choose **Default credit specification**. 1. Choose **Manage**. 1. For each instance family, choose **Unlimited** or **Standard**, and then choose **Update**. ------ #### [ AWS CLI ] **To get the default credit specification** Use the [get-default-credit-specification](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-default-credit-specification.html) command. ``` aws ec2 get-default-credit-specification \ --region us-east-1 \ --instance-family t2 \ --query InstanceFamilyCreditSpecifications[].CpuCredits \ --output text ``` The following is example output. ``` standard ``` **To set the default credit specification** Use the [modify-default-credit-specification](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-default-credit-specification.html) command. The following example sets the value to `unlimited`. ``` aws ec2 modify-default-credit-specification \ --region us-east-1 \ --instance-family t2 \ --cpu-credits unlimited ``` ------ #### [ PowerShell ] **To get the default credit specification** Use the [Get-EC2DefaultCreditSpecification](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2DefaultCreditSpecification.html) cmdlet. ``` (Get-EC2DefaultCreditSpecification ` -Region us-east-1 ` -InstanceFamily t2).CpuCredits ``` The following is example output. ``` standard ``` **To set the default credit specification** Use the [Edit-EC2DefaultCreditSpecification](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2DefaultCreditSpecification.html) cmdlet. The following example sets the value to `unlimited`. ``` Edit-EC2DefaultCreditSpecification ` -Region us-east-1 ` -InstanceFamily t2 ` -CpuCredit unlimited ``` ------ # Monitor CPU credits for burstable instances Monitor your CPU credits EC2 sends metrics to Amazon CloudWatch. You can see the CPU credit metrics in the Amazon EC2 per-instance metrics of the CloudWatch console or by using the AWS CLI to list the metrics for each instance. For more information, see [CloudWatch metrics that are available for your instances](viewing_metrics_with_cloudwatch.md). **Topics** + [ ## Additional CloudWatch metrics for burstable performance instances ](#burstable-performance-instances-cw-metrics) + [ ## Calculate CPU credit usage ](#burstable-performance-instances-calculating-credit-use) ## Additional CloudWatch metrics for burstable performance instances Burstable performance instances have these additional CloudWatch metrics, which are updated every five minutes: + `CPUCreditUsage` – The number of CPU credits spent during the measurement period. + `CPUCreditBalance` – The number of CPU credits that an instance has accrued. This balance is depleted when the CPU bursts and CPU credits are spent more quickly than they are earned. + `CPUSurplusCreditBalance` – The number of surplus CPU credits spent to sustain CPU utilization when the `CPUCreditBalance` value is zero. + `CPUSurplusCreditsCharged` – The number of surplus CPU credits exceeding the [maximum number of CPU credits](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table) that can be earned in a 24-hour period, and thus attracting an additional charge. The last two metrics apply only to instances configured as `unlimited`. The following table describes the CloudWatch metrics for burstable performance instances. For more information, see [CloudWatch metrics that are available for your instances](viewing_metrics_with_cloudwatch.md). | Metric | Description | | --- | --- | | CPUCreditUsage | The number of CPU credits spent by the instance for CPU utilization. One CPU credit equals one vCPU running at 100% utilization for one minute or an equivalent combination of vCPUs, utilization, and time (for example, one vCPU running at 50% utilization for two minutes or two vCPUs running at 25% utilization for two minutes). CPU credit metrics are available at a five-minute frequency only. If you specify a period greater than five minutes, use the `Sum` statistic instead of the `Average` statistic. Units: Credits (vCPU-minutes) | | CPUCreditBalance | The number of earned CPU credits that an instance has accrued since it was launched or started. For T2 Standard, the `CPUCreditBalance` also includes the number of launch credits that have been accrued. Credits are accrued in the credit balance after they are earned, and removed from the credit balance when they are spent. The credit balance has a maximum limit, determined by the instance size. After the limit is reached, any new credits that are earned are discarded. For T2 Standard, launch credits do not count towards the limit. The credits in the `CPUCreditBalance` are available for the instance to spend to burst beyond its baseline CPU utilization. When an instance is running, credits in the `CPUCreditBalance` do not expire. When a T4g, T3a or T3 instance stops, the `CPUCreditBalance` value persists for seven days. Thereafter, all accrued credits are lost. When a T2 instance stops, the `CPUCreditBalance` value does not persist, and all accrued credits are lost. CPU credit metrics are available at a five-minute frequency only. Units: Credits (vCPU-minutes) | | CPUSurplusCreditBalance | The number of surplus credits that have been spent by an `unlimited` instance when its `CPUCreditBalance` value is zero. The `CPUSurplusCreditBalance` value is paid down by earned CPU credits. If the number of surplus credits exceeds the maximum number of credits that the instance can earn in a 24-hour period, the spent surplus credits above the maximum incur an additional charge. Units: Credits (vCPU-minutes) | | CPUSurplusCreditsCharged | The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge. Spent surplus credits are charged when any of the following occurs: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-monitoring-cpu-credits.html) Units: Credits (vCPU-minutes) | ## Calculate CPU credit usage The CPU credit usage of instances is calculated using the instance CloudWatch metrics described in the preceding table. Amazon EC2 sends the metrics to CloudWatch every five minutes. A reference to the *prior* value of a metric at any point in time implies the previous value of the metric, sent *five minutes ago*. ### Calculate CPU credit usage for Standard instances + The CPU credit balance increases if CPU utilization is below the baseline, when the credits spent are less than the credits earned in the prior five-minute interval. + The CPU credit balance decreases if CPU utilization is above the baseline, when the credits spent are more than the credits earned in the prior five-minute interval. Mathematically, this is captured by the following equation: **Example** ``` CPUCreditBalance = prior CPUCreditBalance + [Credits earned per hour * (5/60) - CPUCreditUsage] ``` The size of the instance determines the number of credits that the instance can earn per hour and the number of earned credits that it can accrue in the credit balance. For information about the number of credits earned per hour, and the credit balance limit for each instance size, see the [credit table](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table). **Example** This example uses a `t3.nano` instance. To calculate the `CPUCreditBalance` value of the instance, use the preceding equation as follows: + `CPUCreditBalance` – The current credit balance to calculate. + `prior CPUCreditBalance` – The credit balance five minutes ago. In this example, the instance had accrued two credits. + `Credits earned per hour` – A `t3.nano` instance earns six credits per hour. + `5/60` – Represents the five-minute interval between CloudWatch metric publication. Multiply the credits earned per hour by 5/60 (five minutes) to get the number of credits that the instance earned in the past five minutes. A `t3.nano` instance earns 0.5 credits every five minutes. + `CPUCreditUsage` – How many credits the instance spent in the past five minutes. In this example, the instance spent one credit in the past five minutes. Using these values, you can calculate the `CPUCreditBalance` value: **Example** ``` CPUCreditBalance = 2 + [0.5 - 1] = 1.5 ``` ### Calculate CPU credit usage for Unlimited instances When a burstable performance instance needs to burst above the baseline, it always spends accrued credits before spending surplus credits. When it depletes its accrued CPU credit balance, it can spend surplus credits to burst CPU for as long as it needs. When CPU utilization falls below the baseline, surplus credits are always paid down before the instance accrues earned credits. We use the term `Adjusted balance` in the following equations to reflect the activity that occurs in this five-minute interval. We use this value to arrive at the values for the `CPUCreditBalance` and `CPUSurplusCreditBalance` CloudWatch metrics. **Example** ``` Adjusted balance = [prior CPUCreditBalance - prior CPUSurplusCreditBalance] + [Credits earned per hour * (5/60) - CPUCreditUsage] ``` A value of `0` for `Adjusted balance` indicates that the instance spent all its earned credits for bursting, and no surplus credits were spent. As a result, both `CPUCreditBalance` and `CPUSurplusCreditBalance` are set to `0`. A positive `Adjusted balance` value indicates that the instance accrued earned credits, and previous surplus credits, if any, were paid down. As a result, the `Adjusted balance` value is assigned to `CPUCreditBalance`, and the `CPUSurplusCreditBalance` is set to `0`. The instance size determines the [maximum number of credits](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table) that it can accrue. **Example** ``` CPUCreditBalance = min [max earned credit balance, Adjusted balance] CPUSurplusCreditBalance = 0 ``` A negative `Adjusted balance` value indicates that the instance spent all its earned credits that it accrued and, in addition, also spent surplus credits for bursting. As a result, the `Adjusted balance` value is assigned to `CPUSurplusCreditBalance` and `CPUCreditBalance` is set to `0`. Again, the instance size determines the [maximum number of credits](burstable-credits-baseline-concepts.md#burstable-performance-instances-credit-table) that it can accrue. **Example** ``` CPUSurplusCreditBalance = min [max earned credit balance, -Adjusted balance] CPUCreditBalance = 0 ``` If the surplus credits spent exceed the maximum credits that the instance can accrue, the surplus credit balance is set to the maximum, as shown in the preceding equation. The remaining surplus credits are charged as represented by the `CPUSurplusCreditsCharged` metric. **Example** ``` CPUSurplusCreditsCharged = max [-Adjusted balance - max earned credit balance, 0] ``` Finally, when the instance terminates, any surplus credits tracked by the `CPUSurplusCreditBalance` are charged. If the instance is switched from `unlimited` to `standard`, any remaining `CPUSurplusCreditBalance` is also charged. # Performance acceleration with GPU instances GPU instances GPU-based instances provide access to NVIDIA GPUs with thousands of compute cores. You can use these instances to accelerate scientific, engineering, and rendering applications by leveraging the CUDA or Open Computing Language (OpenCL) parallel computing frameworks. You can also use them for graphics applications, including game streaming, 3-D application streaming, and other graphics workloads. Before you can activate or optimize a GPU-based instance, you must install the appropriate drivers, as follows: + To install NVIDIA drivers on an instance with an attached NVIDIA GPU, such as a P3 or G4dn instance, see [NVIDIA drivers](install-nvidia-driver.md). + To install AMD drivers on an instance with an attached AMD GPU, such as a G4ad instance, see [AMD drivers](install-amd-driver.md). **Topics** + [Activate NVIDIA GRID Virtual Applications](activate_grid.md) + [Optimize GPU settings](optimize_gpu.md) + [Set up dual 4K displays on G4ad](activate_g4ad_4k.md) + [ # Get started with GPU accelerated instances ](gpu-instances-started.md) # Activate NVIDIA GRID Virtual Applications on your Amazon EC2 GPU-based instances Activate NVIDIA GRID Virtual Applications To activate the GRID Virtual Applications on GPU-based instances that have NVIDIA GPUs (NVIDIA GRID Virtual Workstation is enabled by default), you must define the product type for the driver. The process that you use depends on the operating system of your instance. ## Linux instances **To activate GRID Virtual Applications on your Linux instances** 1. Create the `/etc/nvidia/gridd.conf` file from the provided template file. ``` [ec2-user ~]$ sudo cp /etc/nvidia/gridd.conf.template /etc/nvidia/gridd.conf ``` 1. Open the `/etc/nvidia/gridd.conf` file in your favorite text editor. 1. Find the `FeatureType` line, and set it equal to `0`. Then add a line with `IgnoreSP=TRUE`. ``` FeatureType=0 IgnoreSP=TRUE ``` 1. Save the file and exit. 1. Reboot the instance to pick up the new configuration. ``` [ec2-user ~]$ sudo reboot ``` ## Windows instances **To activate GRID Virtual Applications on your Windows instances** 1. Run **regedit.exe** to open the registry editor. 1. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Global\GridLicensing`. 1. Open the context (right-click) menu on the right pane and choose **New**, **DWORD**. 1. For **Name**, enter **FeatureType** and type `Enter`. 1. Open the context (right-click) menu on **FeatureType** and choose **Modify**. 1. For **Value data**, enter `0` for NVIDIA GRID Virtual Applications and choose **OK**. 1. Open the context (right-click) menu on the right pane and choose **New**, **DWORD**. 1. For **Name**, enter **IgnoreSP** and type `Enter`. 1. Open the context (right-click) menu on **IgnoreSP** and choose **Modify**. 1. For **Value data**, type `1` and choose **OK**. 1. Close the registry editor. # Optimize GPU settings on Amazon EC2 instances Optimize GPU settings There are several GPU setting optimizations that you can perform to achieve the best performance on NVIDIA GPU instances. With some of these instance types, the NVIDIA driver uses an autoboost feature, which varies the GPU clock speeds. By disabling autoboost and setting the GPU clock speeds to their maximum frequency, you can consistently achieve the maximum performance with your GPU instances. ## Optimize GPU settings on Linux 1. Configure the GPU settings to be persistent. This command can take several minutes to run. ``` [ec2-user ~]$ sudo nvidia-persistenced ``` 1. [G3, and P2 instances only] Disable the autoboost feature for all GPUs on the instance. ``` [ec2-user ~]$ sudo nvidia-smi --auto-boost-default=0 ``` 1. Set all GPU clock speeds to their maximum frequency. Use the memory and graphics clock speeds specified in the following commands. Some versions of the NVIDIA driver do not support setting the application clock speed, and display the error `"Setting applications clocks is not supported for GPU..."`, which you can ignore. + G3 instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 2505,1177 ``` + G4dn instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 5001,1590 ``` + G5 instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 6250,1710 ``` + G6, G6f, Gr6, and Gr6f instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 6251,2040 ``` + G6e instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 9001,2520 ``` + G7e instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 12481,2430 ``` + P2 instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 2505,875 ``` + P3 and P3dn instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 877,1530 ``` + P4d instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 1215,1410 ``` + P4de instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 1593,1410 ``` + P5 instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 2619,1980 ``` + P5e and P5en instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 3201,1980 ``` + P6-B200 instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 3996,1965 ``` + P6-B300 instances: ``` [ec2-user ~]$ sudo nvidia-smi -ac 3996,2032 ``` ## Optimize GPU settings on Windows 1. Open a PowerShell window and navigate to the NVIDIA installation folder. ``` PS C:\> cd "C:\Windows\System32\DriverStore\FileRepository\nvgridsw_aws.inf_*\" ``` 1. [G3, and P2 instances only] Disable the autoboost feature for all GPUs on the instance. ``` PS C:\> .\nvidia-smi --auto-boost-default=0 ``` 1. Set all GPU clock speeds to their maximum frequency. Use the memory and graphics clock speeds specified in the following commands. Some versions of the NVIDIA driver do not support setting the application clock speed, and display the error `"Setting applications clocks is not supported for GPU..."`, which you can ignore. + G3 instances: ``` PS C:\> .\nvidia-smi -ac "2505,1177" ``` + G4dn instances: ``` PS C:\> .\nvidia-smi -ac "5001,1590" ``` + G5 instances: ``` PS C:\> .\nvidia-smi -ac "6250,1710" ``` + G6, G6f, Gr6, and Gr6f instances: ``` PS C:\> .\nvidia-smi -ac "6251,2040" ``` + G6e instances: ``` PS C:\> .\nvidia-smi -ac "9001,2520" ``` + P2 instances: ``` PS C:\> .\nvidia-smi -ac "2505,875" ``` + P3 and P3dn instances: ``` PS C:\> .\nvidia-smi -ac "877,1530" ``` # Set up Dual 4K displays on G4ad Linux instances Set up dual 4K displays on G4ad After you launch a G4ad instance, you can set up dual 4K displays. **To install the AMD drivers and configure dual screens** 1. Connect to your Linux instance to get the PCI Bus address of the GPU you want to target for dual 4K (2x4k): ``` lspci -vv | grep -i amd ``` You will get output similar to the following: ``` 00:1e.0 Display controller: Advanced Micro Devices, Inc. [*AMD*/ATI] Device 7362 (rev c3) Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] Device 0a34 ``` 1. Note the PCI bus address is 00:1e.0 in the above output. Create a file named `/etc/modprobe.d/amdgpu.conf` and add: ``` options amdgpu virtual_display=0000:00:1e.0,2 ``` 1. To install the AMD drivers on Linux, see [AMD drivers for your EC2 instance](install-amd-driver.md). If you already have the AMD GPU driver installed, you will need to rebuild the amdgpu kernel modules through dkms. 1. Use the below xorg.conf file to define the dual (2x4K) screen topology and save the file in `/etc/X11/xorg.conf:` ``` ~$ cat /etc/X11/xorg.conf Section "ServerLayout" Identifier "Layout0" Screen 0 "Screen0" Screen 1 "Screen1" InputDevice "Keyboard0" "CoreKeyboard" InputDevice "Mouse0" "CorePointer" Option "Xinerama" "1" EndSection Section "Files" ModulePath "/opt/amdgpu/lib64/xorg/modules/drivers" ModulePath "/opt/amdgpu/lib/xorg/modules" ModulePath "/opt/amdgpu-pro/lib/xorg/modules/extensions" ModulePath "/opt/amdgpu-pro/lib64/xorg/modules/extensions" ModulePath "/usr/lib64/xorg/modules" ModulePath "/usr/lib/xorg/modules" EndSection Section "InputDevice" # generated from default Identifier "Mouse0" Driver "mouse" Option "Protocol" "auto" Option "Device" "/dev/psaux" Option "Emulate3Buttons" "no" Option "ZAxisMapping" "4 5" EndSection Section "InputDevice" # generated from default Identifier "Keyboard0" Driver "kbd" EndSection Section "Monitor" Identifier "Virtual" VendorName "Unknown" ModelName "Unknown" Option "Primary" "true" EndSection Section "Monitor" Identifier "Virtual-1" VendorName "Unknown" ModelName "Unknown" Option "RightOf" "Virtual" EndSection Section "Device" Identifier "Device0" Driver "amdgpu" VendorName "AMD" BoardName "Radeon MxGPU V520" BusID "PCI:0:30:0" EndSection Section "Device" Identifier "Device1" Driver "amdgpu" VendorName "AMD" BoardName "Radeon MxGPU V520" BusID "PCI:0:30:0" EndSection Section "Extensions" Option "DPMS" "Disable" EndSection Section "Screen" Identifier "Screen0" Device "Device0" Monitor "Virtual" DefaultDepth 24 Option "AllowEmptyInitialConfiguration" "True" SubSection "Display" Virtual 3840 2160 Depth 32 EndSubSection EndSection Section "Screen" Identifier "Screen1" Device "Device1" Monitor "Virtual" DefaultDepth 24 Option "AllowEmptyInitialConfiguration" "True" SubSection "Display" Virtual 3840 2160 Depth 32 EndSubSection EndSection ``` 1. Set up DCV by following the instructions in setting up an [interactive desktop](#amd-interactive-desktop). 1. After the DCV set up is complete, reboot. 1. Confirm that the driver is functional: ``` dmesg | grep amdgpu ``` The response should look like the following: ``` Initialized amdgpu ``` 1. You should see in the output for `DISPLAY=:0 xrandr -q` that you have 2 virtual displays connected: ``` ~$ DISPLAY=:0 xrandr -q Screen 0: minimum 320 x 200, current 3840 x 1080, maximum 16384 x 16384 Virtual connected primary 1920x1080+0+0 (normal left inverted right x axis y axis) 0mm x 0mm 4096x3112 60.00 3656x2664 59.99 4096x2160 60.00 3840x2160 60.00 1920x1200 59.95 1920x1080 60.00 1600x1200 59.95 1680x1050 60.00 1400x1050 60.00 1280x1024 59.95 1440x900 59.99 1280x960 59.99 1280x854 59.95 1280x800 59.96 1280x720 59.97 1152x768 59.95 1024x768 60.00 59.95 800x600 60.32 59.96 56.25 848x480 60.00 59.94 720x480 59.94 640x480 59.94 59.94 Virtual-1 connected 1920x1080+1920+0 (normal left inverted right x axis y axis) 0mm x 0mm 4096x3112 60.00 3656x2664 59.99 4096x2160 60.00 3840x2160 60.00 1920x1200 59.95 1920x1080 60.00 1600x1200 59.95 1680x1050 60.00 1400x1050 60.00 1280x1024 59.95 1440x900 59.99 1280x960 59.99 1280x854 59.95 1280x800 59.96 1280x720 59.97 1152x768 59.95 1024x768 60.00 59.95 800x600 60.32 59.96 56.25 848x480 60.00 59.94 720x480 59.94 640x480 59.94 59.94 ``` 1. When you connect into DCV, change the resolution to 2x4K, confirming the dual monitor support is registered by DCV. ![\[DCV resolution changes\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/dm-dcv-example.png) ## Set up an interactive desktop for Linux After you confirm that your Linux instance has the AMD GPU driver installed and amdgpu is in use, you can install an interactive desktop manager. We recommend the MATE desktop environment for the best compatibility and performance. **Prerequisite** Open a text editor and save the following as a file named `xorg.conf`. You'll need this file on your instance. ``` Section "ServerLayout" Identifier "Layout0" Screen 0 "Screen0" InputDevice "Keyboard0" "CoreKeyboard" InputDevice "Mouse0" "CorePointer" EndSection Section "Files" ModulePath "/opt/amdgpu/lib64/xorg/modules/drivers" ModulePath "/opt/amdgpu/lib/xorg/modules" ModulePath "/opt/amdgpu-pro/lib/xorg/modules/extensions" ModulePath "/opt/amdgpu-pro/lib64/xorg/modules/extensions" ModulePath "/usr/lib64/xorg/modules" ModulePath "/usr/lib/xorg/modules" EndSection Section "InputDevice" # generated from default Identifier "Mouse0" Driver "mouse" Option "Protocol" "auto" Option "Device" "/dev/psaux" Option "Emulate3Buttons" "no" Option "ZAxisMapping" "4 5" EndSection Section "InputDevice" # generated from default Identifier "Keyboard0" Driver "kbd" EndSection Section "Monitor" Identifier "Monitor0" VendorName "Unknown" ModelName "Unknown" EndSection Section "Device" Identifier "Device0" Driver "amdgpu" VendorName "AMD" BoardName "Radeon MxGPU V520" BusID "PCI:0:30:0" EndSection Section "Extensions" Option "DPMS" "Disable" EndSection Section "Screen" Identifier "Screen0" Device "Device0" Monitor "Monitor0" DefaultDepth 24 Option "AllowEmptyInitialConfiguration" "True" SubSection "Display" Virtual 3840 2160 Depth 32 EndSubSection EndSection ``` **To set up an interactive desktop on Amazon Linux 2** 1. Install the EPEL repository. ``` [ec2-user ~]$ sudo amazon-linux-extras install epel -y ``` 1. Install the MATE desktop. ``` [ec2-user ~]$ sudo amazon-linux-extras install mate-desktop1.x -y [ec2-user ~]$ sudo yum groupinstall "MATE Desktop" -y [ec2-user ~]$ sudo systemctl disable firewalld ``` 1. Copy the `xorg.conf` file to `/etc/X11/xorg.conf`. 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. (Optional) [Install the Amazon DCV server](https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing.html) to use Amazon DCV as a high-performance display protocol, and then [connect to a Amazon DCV session](https://docs.aws.amazon.com/dcv/latest/userguide/using-connecting.html) using your preferred client. **To set up an interactive desktop on Ubuntu** 1. Install the MATE desktop. ``` $ sudo apt install xorg-dev ubuntu-mate-desktop -y $ sudo apt purge ifupdown -y ``` 1. Copy the `xorg.conf` file to `/etc/X11/xorg.conf`. 1. Reboot the instance. ``` $ sudo reboot ``` 1. Install the AMF encoder for the appropriate version of Ubuntu. ``` $ sudo apt install ./amdgpu-pro-20.20-*/amf-amdgpu-pro_20.20-*_amd64.deb ``` 1. (Optional) [Install the Amazon DCV server](https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing.html) to use Amazon DCV as a high-performance display protocol, and then [connect to a Amazon DCV session](https://docs.aws.amazon.com/dcv/latest/userguide/using-connecting.html) using your preferred client. 1. After the DCV installation give the DCV User video permissions: ``` $ sudo usermod -aG video dcv ``` **To set up an interactive desktop on CentOS** 1. Install the EPEL repository. ``` $ sudo yum update -y $ sudo yum install epel-release -y ``` 1. Install the MATE desktop. ``` $ sudo yum groupinstall "MATE Desktop" -y $ sudo systemctl disable firewalld ``` 1. Copy the `xorg.conf` file to `/etc/X11/xorg.conf`. 1. Reboot the instance. ``` $ sudo reboot ``` 1. (Optional) [Install the Amazon DCV server](https://docs.aws.amazon.com/dcv/latest/adminguide/setting-up-installing.html) to use Amazon DCV as a high-performance display protocol, and then [connect to a Amazon DCV session](https://docs.aws.amazon.com/dcv/latest/userguide/using-connecting.html) using your preferred client. # Get started with GPU accelerated instances The latest generation of GPU accelerated instance types, such as those shown in the following list deliver the highest performance capabilities for deep learning and high performance computing (HPC) applications. Select the instance type link to learn more about its capabilities. + [P6 family](https://aws.amazon.com/ec2/instance-types/p6/) + [P6 family](https://aws.amazon.com/ec2/instance-types/p6/) + [P5 family](https://aws.amazon.com/ec2/instance-types/p5/) For a complete list of instance type specifications for accelerated instance types, see [Accelerated computing](https://docs.aws.amazon.com/ec2/latest/instancetypes/ac.html) in the *Amazon EC2 Instance Types* reference. **Software configuration** The easiest way to get started with the latest generation GPU accelerated instance types is to launch an instance from an AWS Deep Learning AMI that's preconfigured with all of the required software. For the latest AWS Deep Learning AMIs for use with GPU accelerated instance types, see [P6 Supported DLAMI](https://docs.aws.amazon.com/dlami/latest/devguide/p6-support-dlami.html) in the *AWS Deep Learning AMIs Developer Guide*. If you need to build a custom AMI to launch instances that host deep learning or HPC applications, we recommend that you install the following minimum software versions on top of your base image. | Instance type | NVIDIA driver | CUDA | NVIDIA GDRCopy | EFA installer | NCCL | EFA K8s ¹ | | --- | --- | --- | --- | --- | --- | --- | | G7e | 575 | 12.9 | 2.5 | 1.45.0 | 2.28.3 | 0.5.10 | | P5 | 530 | 12.1 | 2.3 | 1.24.1 | 2.18.3 | 0.4.4 | | P5.4xlarge | 530 | 12.1 | 2.3 | 1.43.1 ² | 2.18.3 | 0.4.4 | | P5e | 550 | 12.1 | 2.3 | 1.24.1 | 2.18.3 | 0.5.5 | | P5en | 550 | 12.1 | 2.3 | 1.24.1 | 2.18.3 | 0.5.6 | | P6-B200 | 570 | 12.8 | 2.5 | 1.41.0 | 2.26.2-1 | 0.5.10 | | P6e-GB200 | 570 | 12.8 | 2.5 | 1.41.0 | 2.26.2-1 | 0.5.10 | | P6-B300 | 580 | 13.0 | 2.5 | 1.44.0 | 2.28.3 | 0.5.10 | ** ¹** The **EFA K8s** column contains the minimum recommended version for `aws-efa-k8s-device-plugin`. ** ²** There is compatibility issue that affects `P5.4xlarge` instances when GPU-to-GPU communication uses Elastic Fabric Adapter (EFA) and the NVIDIA Collective Communications Library (NCCL). To mitigate the issue, set the environment variable `FI_HMEM_DISABLE_P2P` to `1`, and ensure that you install EFA version 1.43.1 or newer. **Note** If you use version 1.41.0 of the EFA installer, the `aws-ofi-nccl plugin` comes with it. For earlier versions of the EFA installer, use `aws-ofi-nccl plugin` version `1.7.2-aws` or later. We also recommend that you configure the instance to not use deeper C-states. For more information, see [High performance and low latency by limiting deeper C-states](https://docs.aws.amazon.com/linux/al2/ug/processor_state_control.html#c-states) in the *Amazon Linux 2 User Guide*. The latest AWS Deep Learning Base GPU AMIs are preconfigured to not use deeper C-states. For networking and Elastic Fabric Adapter (EFA) configuration see [Maximize network bandwidth on Amazon EC2 instances with multiple network cards](efa-acc-inst-types.md). # Amazon EC2 Mac instances Mac instances EC2 Mac instances are ideal for developing, building, testing, and signing applications for Apple platforms, such as iPhone, iPad, Mac, Vision Pro, Apple Watch, Apple TV, and Safari. You can connect to your Mac instance using SSH or Apple Remote Desktop (ARD). **Note** The **unit of billing** is the **dedicated host**. The instances running on that host have no additional charge. Amazon EC2 Mac instances natively support the macOS operating system. + **EC2 x86 Mac instances** (`mac1.metal`) are built on 2018 Mac mini hardware powered by 3.2 GHz Intel eighth-generation (Coffee Lake) Core i7 processors, 6 physical and 12 logical cores, and 32 GiB of memory. + **EC2 M1 Mac instances** (`mac2.metal`) are built on 2020 Mac mini hardware powered by Apple silicon M1 processor, 8 CPU cores, 8 GPU cores, 16 GiB of memory, and the 16-core Apple Neural Engine. + **EC2 M1 Ultra Mac instances** (`mac2-m1ultra.metal`) are built on 2022 Mac Studio hardware powered by Apple silicon M1 Ultra processor, 20 CPU cores, 64 GPU cores, 128 GiB of memory, and the 32-core Apple Neural Engine. + **EC2 M2 Mac instances** (`mac2-m2.metal`) are built on 2023 Mac mini hardware powered by Apple silicon M2 processor, 8 CPU cores, 10 GPU cores, 24 GiB of memory, and the 16-core Apple Neural Engine. + **EC2 M2 Pro Mac instances** (`mac2-m2pro.metal`) are built on 2023 Mac mini hardware powered by Apple silicon M2 Pro processor, 12 CPU cores, 19 GPU cores, 32 GiB of memory, and the 16-core Apple Neural Engine. + **EC2 M4 Mac instances** (`mac-m4.metal`) are built on 2024 Mac mini hardware powered by Apple silicon M4 processor, 10 CPU cores, 10 GPU cores, 24 GiB of memory, and the 16-core Apple Neural Engine. + **EC2 M4 Pro Mac Mac instances** (`mac-m4pro.metal`) are built on 2024 Mac mini hardware powered by Apple silicon M4 Pro processor, 14 CPU cores, 20 GPU cores, 48 GiB of memory, and the 16-core Apple Neural Engine. Amazon EC2 Mac Dedicated Hosts support [Dedicated Host auto recovery](dedicated-hosts-recovery.md) and [reboot-based host maintenance](dedicated-hosts-maintenance.md). **Topics** + [ ## Considerations ](#mac-instance-considerations) + [ ## Instance readiness ](#mac-instance-readiness) + [ ## EC2 macOS AMIs ](#ec2-macos-images) + [ ## EC2 macOS Init ](#ec2-macos-init) + [ ## Amazon EC2 System Monitor for macOS ](#mac-instance-system-monitor) + [ ## Related resources ](#related-resources) + [ # Launch a Mac instance using the AWS Management Console or the AWS CLI ](mac-instance-launch.md) + [ # Connect to your Mac instance using SSH or a GUI ](connect-to-mac-instance.md) + [ # Update the operating system and software on Amazon EC2 Mac instances ](mac-instance-updates.md) + [ # Increase the size of an EBS volume on your Mac instance ](mac-instance-increase-volume.md) + [ # Stop or terminate your Amazon EC2 Mac instance ](mac-instance-stop.md) + [ # Configure System Integrity Protection for Amazon EC2 Mac instances ](mac-sip-settings.md) + [ # Find supported macOS versions for your Amazon EC2 Mac Dedicated Host ](macos-firmware-visibility.md) + [ # Subscribe to macOS AMI notifications ](macos-subscribe-notifications.md) + [ # Retrieve macOS AMI IDs using AWS Systems Manager Parameter Store API ](macos-ami-ids-parameter-store.md) + [ # Amazon EC2 macOS AMIs release notes ](macos-ami-overview.md) ## Considerations The following considerations apply to Mac instances: + Mac instances are available only as bare metal instances on [Dedicated Hosts](dedicated-hosts-overview.md), with a minimum allocation period of 24 hours before you can release the Dedicated Host. You can launch one Mac instance per Dedicated Host. You can share the Dedicated Host with the AWS accounts or organizational units within your AWS organization, or the entire AWS organization. + Mac instances are available in different AWS Regions. For a list of Mac instance availability in each of the AWS Regions, see [Amazon EC2 instance types by Region](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-regions.html). + Mac instances are available only as On-Demand Instances. They are not available as Spot Instances or Reserved Instances. You can save money on Mac instances by purchasing a [Savings Plan](https://docs.aws.amazon.com/savingsplans/latest/userguide/). + The compatibility of different Mac instance types with specific macOS Amazon Machine Images (AMIs) varies. For more information, see [Amazon EC2 macOS AMIs release notes](macos-ami-overview.md). + EBS hotplug is supported. + AWS does not manage or support the internal SSD on the Apple hardware. We strongly recommend that you use Amazon EBS volumes instead. EBS volumes provide the same elasticity, availability, and durability benefits on Mac instances as they do on any other EC2 instance. + We recommend using an Amazon EBS volume with 10,000 IOPS and 400 MiB/s throughput with Mac instances for optimal performance. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide*. + [Mac instances support Amazon EC2 Auto Scaling.](https://aws.amazon.com/blogs/compute/implementing-autoscaling-for-ec2-mac-instances/) + On x86 Mac instances, automatic software updates are disabled. We recommend that you apply updates and test them on your instance before you put the instance into production. For more information, see [Update the operating system and software on Amazon EC2 Mac instances](mac-instance-updates.md). + When you stop or terminate a Mac instance, a scrubbing workflow is performed on the Dedicated Host. For more information, see [Stop or terminate your Amazon EC2 Mac instance](mac-instance-stop.md). + **Important** Apple Intelligence features are not available when booting Mac hardware from an external volume. As EC2 Mac instances boot from external EBS volumes by default, they do not support Apple Intelligence features. + **Warning** Do not use FileVault. If you enable FileVault, the host fails to boot because the partitions are locked. If data encryption is required, use Amazon EBS encryption to avoid boot issues and performance impact. With Amazon EBS encryption, encryption operations occur on the host servers, ensuring the security of both data-at-rest and data-in-transit between the instances and their attached EBS storage. For more information, see [Amazon EBS encryption](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html) in the *Amazon EBS User Guide*. ## Instance readiness After you launch a Mac instance, you'll need to wait until the instance is ready before you can connect to it. For an AWS vended AMI with a x86 Mac instance or a Apple silicon Mac instance, the launch time can range from approximately 6 minutes to 20 minutes. Depending on the chosen Amazon EBS volume sizes, the inclusion of additional scripts to *user data*, or additional loaded software on a custom macOS AMI, the launch time might increase. You can use a small shell script, like the one below, to poll the describe-instance-status API to know when the instance is ready to be connected to. In the following command, replace the example instance ID with your own. ``` for i in $(seq 1 200); do aws ec2 describe-instance-status --instance-ids=i-1234567890abcdef0 \ --query='InstanceStatuses[0].InstanceStatus.Status'; sleep 5; done; ``` ## EC2 macOS AMIs Amazon EC2 macOS is designed to provide a stable, secure, and high-performance environment for developer workloads running on Amazon EC2 Mac instances. EC2 macOS AMIs includes packages that enable easy integration with AWS, such as launch configuration tools and popular AWS libraries and tools. For more information about EC2 macOS AMIs, see [Amazon EC2 macOS AMIs release notes](macos-ami-overview.md). AWS provides updated EC2 macOS AMIs on a regular basis that include updates to packages owned by AWS and the latest fully-tested macOS version. Additionally, AWS provides updated AMIs with the latest minor version updates or major version updates as soon as they can be fully tested and vetted. If you do not need to preserve data or customizations to your Mac instances, you can get the latest updates by launching a new instance using the current AMI and then terminating the previous instance. Otherwise, you can choose which updates to apply to your Mac instances. For information about how to subscribe to macOS AMI notifications, see [Subscribe to macOS AMI notifications](macos-subscribe-notifications.md). ## EC2 macOS Init EC2 macOS Init is used to initialize EC2 Mac instances at launch. It uses priority groups to run logical groups of tasks at the same time. The launchd plist file is `/Library/LaunchDaemons/com.amazon.ec2.macos-init.plist`. The files for EC2 macOS Init are located in `/usr/local/aws/ec2-macos-init`. For more information, see [https://github.com/aws/ec2-macos-init](https://github.com/aws/ec2-macos-init). ## Amazon EC2 System Monitor for macOS Amazon EC2 System Monitor for macOS provides CPU utilization metrics to Amazon CloudWatch. It sends these metrics to CloudWatch over a custom serial device in 1-minute periods. You can enable or disable this agent as follows. It is enabled by default. ``` sudo setup-ec2monitoring [enable | disable] ``` **Note** Amazon EC2 System Monitor for macOS is not currently supported on Apple silicon Mac instances. ## Related resources For information about pricing, see [Pricing](https://aws.amazon.com/ec2/instance-types/mac/#Pricing). For more information about Mac instances, see [Amazon EC2 Mac Instances](https://aws.amazon.com/ec2/instance-types/mac/). For more information about hardware specifications and network performance of Mac instances, see [General purpose instances](https://docs.aws.amazon.com/ec2/latest/instancetypes/gp.html). # Launch a Mac instance using the AWS Management Console or the AWS CLI Launch a Mac instance EC2 Mac instances require a [Dedicated Host](dedicated-hosts-overview.md). You first need to allocate a host to your account, and then launch the instance onto the host. You can launch a Mac instance using the AWS Management Console or the AWS CLI. ## Launch a Mac instance using the console **To launch a Mac instance onto a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Allocate the Dedicated Host, as follows: 1. In the navigation pane, choose **Dedicated Hosts**. 1. Choose **Allocate Dedicated Host** and then do the following: 1. For **Instance family**, choose a **Mac** Instance family. If the instance family doesn’t appear in the list, it’s not supported in the currently selected Region. 1. For **Instance type**, choose the instance type based on the selected instance family chosen. 1. For **Availability Zone**, choose the Availability Zone for the Dedicated Host. 1. For **Quantity**, keep **1**. 1. Choose **Allocate**. 1. Launch the instance on the host, as follows: 1. Select the Dedicated Host that you created and then do the following: 1. Choose **Actions**, **Launch instance(s) onto host**. 1. Under **Application and OS Images (Amazon Machine Image)**, select a macOS AMI. 1. Under **Instance type**, select the Mac instance type. 1. Under **Advanced details**, verify that **Tenancy**, **Tenancy host by**, and **Tenancy host ID** are preconfigured based on the Dedicated Host you created. Update **Tenancy affinity** as needed. 1. Complete the wizard, specifying EBS volumes, security groups, and key pairs as needed. 1. In the **Summary** panel, choose **Launch instance**. 1. A confirmation page lets you know that your instance is launching. Choose **View all instances** to close the confirmation page and return to the console. The initial state of an instance is `pending`. The instance is ready when its state changes to `running` and it passes status checks. ## Launch a Mac instance using the AWS CLI **Allocate the Dedicated Host** Use the following [allocate-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/allocate-hosts.html) command to allocate a Dedicated Host for your Mac instance, replacing the `instance-type` with a valid mac instance type, and the `region` and `availability-zone` with the appropriate ones for your environment. ``` aws ec2 allocate-hosts --region us-east-1 --instance-type mac1.metal --availability-zone us-east-1b --auto-placement "on" --quantity 1 ``` **Launch the instance on the host** Use the following [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to launch a Mac instance, again replacing the `instance-type` with a valid mac instance type, and the `region` and `availability-zone` with the ones used previously. ``` aws ec2 run-instances --region us-east-1 --instance-type mac1.metal --placement Tenancy=host --image-id ami_id --key-name my-key-pair ``` The initial state of an instance is `pending`. The instance is ready when its state changes to `running` and it passes status checks. Use the following [describe-instance-status](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-status.html) command to display status information for your instance. ``` aws ec2 describe-instance-status --instance-ids i-017f8354e2dc69c4f ``` The following is example output for an instance that is running and has passed status checks. ``` { "InstanceStatuses": [ { "AvailabilityZone": "us-east-1b", "InstanceId": "i-017f8354e2dc69c4f", "InstanceState": { "Code": 16, "Name": "running" }, "InstanceStatus": { "Details": [ { "Name": "reachability", "Status": "passed" } ], "Status": "ok" }, "SystemStatus": { "Details": [ { "Name": "reachability", "Status": "passed" } ], "Status": "ok" } } ] } ``` # Connect to your Mac instance using SSH or a GUI Connect to your Mac instance You can connect to your Mac instance using SSH or a graphical user interface (GUI). Multiple users can access the OS simultaneously. Typically there is a 1:1 user:GUI session, due to the built-in Screen Sharing service on port 5900. Using SSH within macOS supports multiple sessions up until the "Max Sessions" limit in the `sshd_config` file. ## Connect to your instance using SSH Amazon EC2 Mac instances do not allow remote root SSH by default. The ec2-user account is configured to log in remotely using SSH. The ec2-user account also has **sudo** privileges. After you connect to your instance, you can add other users. To support connecting to your instance using SSH, launch the instance using a key pair and a security group that allows SSH access, and ensure that the instance has internet connectivity. You provide the `.pem` file for the key pair when you connect to the instance. Use the following procedure to connect to your Mac instance using an SSH client. If you receive an error while attempting to connect to your instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **To connect to your instance using SSH** 1. Verify that your local computer has an SSH client installed by entering **ssh** at the command line. If your computer doesn't recognize the command, search for an SSH client for your operating system and install it. 1. Get the public DNS name of your instance. Using the Amazon EC2 console, you can find the public DNS name on both the **Details** and the **Networking** tabs. Using the AWS CLI, you can find the public DNS name using the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. 1. Locate the `.pem` file for the key pair that you specified when you launched the instance. 1. Connect to your instance using the following **ssh** command, specifying the public DNS name of the instance and the `.pem` file. ``` ssh -i /path/key-pair-name.pem ec2-user@instance-public-dns-name ``` Password authentication is disabled to prevent brute-force password attacks. Before you make changes to the SSH configuration, open `/usr/local/aws/ec2-macos-init/init.toml` and set `secureSSHDConfig` to `false`. ## Connect to your instance's graphical user interface (GUI) Use the following procedure to connect to your instance's GUI using VNC, Apple Remote Desktop (ARD), or the Apple Screen Sharing application (included with macOS). **Note** macOS 10.14 and later only allows control if Screen Sharing is enabled through [System Preferences](https://support.apple.com/guide/remote-desktop/enable-remote-management-apd8b1c65bd/mac). **To connect to your instance using ARD client or VNC client** 1. Verify that your local computer has an ARD client or a VNC client that supports ARD installed. On macOS, you can leverage the built-in Screen Sharing application. Otherwise, search for ARD for your operating system and install it. 1. From your local computer, [connect to your instance using SSH](#mac-instance-ssh). 1. Set up a password for the ec2-user account using the **passwd** command as follows. ``` [ec2-user ~]$ sudo passwd ec2-user ``` 1. Install and start macOS Screen Sharing using the following command. ``` [ec2-user ~]$ sudo launchctl enable system/com.apple.screensharing sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist ``` 1. Disconnect from your instance by typing **exit** and pressing Enter. 1. From your computer, connect to your instance using the following **ssh** command. In addition to the options shown in the previous section, use the **-L** option to enable port forwarding and forward all traffic on local port 5900 to the ARD server on the instance. ``` ssh -L 5900:localhost:5900 -i /path/key-pair-name.pem ec2-user@instance-public-dns-name ``` 1. From your local computer, use the ARD client or VNC client that supports ARD to connect to `localhost:5900`. For example, use the Screen Sharing application on macOS as follows: 1. Open **Finder** and select **Go**. 1. Select **Connect to Server**. 1. In the **Server Address** field, enter `vnc://localhost:5900`. 1. Log in as prompted, using **ec2-user** as the username and the password that you created for the ec2-user account. ## Modify macOS screen resolution on Mac instances After you connect to your EC2 Mac instance using ARD or a VNC client that supports ARD, you can modify the screen resolution of your macOS environment using any of the publicly available macOS tools or utilities, such as [displayplacer](https://github.com/jakehilborn/displayplacer). **To modify the screen resolution using displayplacer** 1. Install displayplacer. ``` [ec2-user ~]$ brew tap jakehilborn/jakehilborn && brew install displayplacer ``` 1. Show the current screen information and possible screen resolutions. ``` [ec2-user ~]$ displayplacer list ``` 1. Apply the desired screen resolution. ``` [ec2-user ~]$ displayplacer "id: res:x origin:(0,0) degree:0" ``` For example: ``` RES="2560x1600" displayplacer "id:69784AF1-CD7D-B79B-E5D4-60D937407F68 res:${RES} scaling:off origin:(0,0) degree:0" ``` # Update the operating system and software on Amazon EC2 Mac instances Update operating system and software The following topic explains how to update the operating system and software on Apple silicon Mac instances (Mac2, Mac2-m1ultra, Mac2-m2, Mac2-m2pro, Mac-m4, and Mac-m4pro) and x86 Mac instances (Mac1). **Warning** Installation of beta or preview macOS versions is only available on Apple silicon Mac instances. Amazon EC2 doesn't qualify beta or preview macOS versions and doesn't ensure instances will remain functional after an update to a pre-production macOS version. Attempting to install beta or preview macOS versions on Amazon EC2 x86 Mac instances will lead to degradation of your Amazon EC2 Mac Dedicated Host when you stop or terminate your instances, and will prevent you from starting or launching a new instance on that host. **Note** If you perform an in-place macOS update before AWS releases an official AMI, the update applies to the selected host only. If you have other hosts, or if you launch new hosts, you must perform the same update process on those hosts as well. Each macOS version requires a minimum firmware version on the underlying Apple Mac hardware. The in-place update only updates the firmware on the selected host and doesn't transfer to other existing or new hosts. To check which macOS versions are compatible with your Amazon EC2 Mac Dedicated Host, see [ Find supported macOS versions for your Amazon EC2 Mac Dedicated Host](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-firmware-visibility.html). **Topics** ## Update software on Apple silicon Mac instances ### Prerequisites Due to an update in the network driver configuration, ENA driver version 1.0.2 isn't compatible with macOS 13.3 and later. If you want to install any beta, preview, or production macOS version 13.3 or later and have not installed the latest ENA driver, use the following procedure to install a new version of the driver. **To install a new version of the ENA driver** 1. In a Terminal window, connect to your Apple silicon Mac instance using [SSH](connect-to-mac-instance.md#mac-instance-ssh). 1. Update Homebrew and download the ENA application into the `Applications` file using the following command. ``` [ec2-user ~]$ brew update ``` ``` [ec2-user ~]$ brew install amazon-ena-ethernet-dext ``` 1. Disconnect from your instance by typing **exit** and pressing return. 1. Use the VNC client to activate the ENA application. 1. Setup the VNC client using [Connect to your instance's graphical user interface (GUI)](connect-to-mac-instance.md#mac-instance-vnc). 1. Once you have connected to your instance using the Screen Sharing application, go to the **Applications** folder and open the ENA application. 1. Choose **Activate** 1. To confirm the driver was activated correctly, run the following command in the Terminal window. The output of the command shows that the old driver is in the terminating state and the new driver is in the activated state. ``` systemextensionsctl list; ``` 1. After you restart the instance, only the new driver will be present. ### Perform the software update On Apple silicon Mac instances, you must complete several steps to perform an in-place operating system update. This includes delegating ownership of the Amazon EBS root volume to the EBS root volume administrative user. You can choose to do this either automatically using an Amazon EC2 API, or you can do it manually by running the commands on your instance. ------ #### [ Automated volume ownership delegation (Recommended) ] **Considerations** + It can take between 30 and 90 minutes for the volume ownership delegation task to complete. During this time, the instance is unreachable. + The following macOS versions are supported: + **Mac2 \$1 Mac2-m1ultra** — macOS Ventura (version 13.0 or later) + **Mac2-m2 \$1 Mac2-m2pro** — macOS Ventura (version 13.2 or later) + **Mac-m4 \$1 Mac-m4pro** — macOS Sequoia (version 15.6 or later) + Instances must have only one bootable volume, and each attached volume can have only one additional admin user. **Step 1: Set a password and enable the secure token for the EBS root volume administrative user** You must set a password and enable the secure token for the Amazon EBS root volume administrative user (`ec2-user`). **Note** The password and secure token are set the first time you connect to an Apple silicon Mac instance using the GUI. If you previously [ connected to the instance using the GUI](connect-to-mac-instance.md#mac-instance-vnc), you **do not** need to perform these steps. 1. [Connect to the instance using SSH](connect-to-mac-instance.md#mac-instance-ssh). 1. Set the password for the `ec2-user` user. ``` $ sudo /usr/bin/dscl . -passwd /Users/ec2-user ``` 1. Enable the secure token for the `ec2-user` user. For `-oldPassword`, specify the same password from the previous step. For `-newPassword`, specify a different password. The following command assumes that you have your old and new passwords saved in `.txt` files. ``` $ sysadminctl -oldPassword `cat old_password.txt` -newPassword `cat new_password.txt` ``` 1. Verify that the secure token is enabled. ``` $ sysadminctl -secureTokenStatus ec2-user ``` **Step 2: Delegate ownership of the Amazon EBS root volume to the EBS root volume administrative user** To delegate ownership, you must create a volume ownership delegation task. 1. Use the [ create-delegate-mac-volume-ownership-task](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-delegate-mac-volume-ownership-task.html) command to create the task. For `--instance-id`, specify the ID of the instance. For `--mac-credentials`, specify the following credentials: + **Internal disk administrative user** + **Username** — Only the default administrative user (`aws-managed-user`) is supported and it is used by default. You can't specify a different administrative user. + **Password** — If you did not change the default password for `aws-managed-user`, specify the default password, which is *blank*. Otherwise, specify your password. + **Amazon EBS root volume administrative user** + **Username** — If you did not change the default administrative user, specify `ec2-user`. Otherwise, specify the username for your administrative user. + **Password** — Specify the password that you set for root volume admin user in Step 1 above. ``` aws ec2 create-delegate-mac-volume-ownership-task \ --instance-id i-1234567890abcdef0 \ --mac-credentials file://mac-credentials.json ``` The following is the contents of the `mac-credentials.json` file referenced in the preceding examples. ``` { "internalDiskPassword":"internal-disk-admin_password", "rootVolumeUsername":"root-volume-admin_username", "rootVolumepassword":"root-volume-admin_password" } ``` 1. Wait for the volume ownership delegation task to complete and for the instance to return to a healthy state. Use the [ describe-mac-modification-tasks](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-mac-modification-tasks.html) command. For `--mac-modification-task-id`, specify the ID of the volume ownership delegation task from the previous step. ``` aws ec2 describe-mac-modification-tasks \ --mac-modification-task-id task-id ``` 1. After the volume ownership delegation task completes, continue to Step 3. **Step 3: Update the software** After you have delegated ownership of the Amazon EBS root volume, follow the steps described in [Update software on x86 Mac instances](#x86-mac1) (below) to update the software. ------ #### [ Manual volume ownership delegation ] As you work through this procedure, you create two passwords. One password is for the Amazon EBS root volume administrative user (`ec2-user`), and the other password is for the internal disk administrative user (`aws-managed-user`). Remember these passwords since you will use them as you work through the procedure. **Note** With this procedure on macOS Big Sur, you can only perform minor updates such as updating from macOS Big Sur 11.7.3 to macOS Big Sur 11.7.4. For macOS Monterey or above, you can perform major software updates. **To access the internal disk** 1. From your local computer, in the Terminal, connect to your Apple silicon Mac instance using SSH with the following command. For more information, see [Connect to your instance using SSH](connect-to-mac-instance.md#mac-instance-ssh). ``` ssh -i /path/key-pair-name.pem ec2-user@instance-public-dns-name ``` 1. Install and start macOS Screen Sharing using the following command. ``` [ec2-user ~]$ sudo launchctl enable system/com.apple.screensharing sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist ``` 1. Set a password for `ec2-user` with the following command. Remember the password as you will use it later. ``` [ec2-user ~]$ sudo /usr/bin/dscl . -passwd /Users/ec2-user ``` 1. Disconnect from the instance by typing **exit** and pressing return. 1. From your local computer, in the Terminal, reconnect to your instance with an SSH tunnel to the VNC port using the following command. ``` ssh -i /path/key-pair-name.pem -L 5900:localhost:5900 ec2-user@instance-public-dns-name ``` **Note** Do not exit this SSH session until the following VNC connection and GUI steps are completed. When the instance is restarted, the connection will close automatically. 1. From your local computer, connect to `localhost:5900` using the following steps: 1. Open **Finder** and select **Go**. 1. Select **Connect to Server**. 1. In the **Server Address** field, enter `vnc://localhost:5900`. 1. In the macOS window, connect to the remote session of the Apple silicon Mac instance as `ec2-user` with the password you created in [Step 3](#passwd-step). 1. Access the internal disk, named **InternalDisk**, using one of the following options. 1. For macOS Ventura or above: Open **System Settings**, select **General** in the left pane, then **Startup Disk** at the lower right of the pane. 1. For macOS Monterey or below: Open **System Preferences**, select **Startup Disk**, then unlock the pane by choosing the lock icon in the lower left of the window. **Troubleshooting tip** If you need to mount the internal disk, run the following command in the Terminal. ``` APFSVolumeName="InternalDisk" ; SSDContainer=$(diskutil list | grep "Physical Store disk0" -B 3 | grep "/dev/disk" | awk {'print $1'} ) ; diskutil apfs addVolume $SSDContainer APFS $APFSVolumeName ``` 1. Choose the internal disk, named **InternalDisk**, and select **Restart**. Select **Restart** again when prompted. **Important** If the internal disk is named **Macintosh HD** instead of **InternalDisk**, your instance needs to be stopped and restarted so the dedicated host can be updated. For more information, see [Stop or terminate your Amazon EC2 Mac instance](mac-instance-stop.md). Use the following procedure to delegate ownership to the administrative user. When you reconnect to your instance with SSH, you boot from the internal disk using the special administrative user (`aws-managed-user`). The initial password for `aws-managed-user` is blank, so you need to overwrite it on your first connection. Then, you need to repeat the steps to install and start macOS Screen Sharing since the boot volume has changed. **To delegate ownership to the administrator on an Amazon EBS volume** 1. From your local computer, in the Terminal, connect to your Apple silicon Mac instance using the following command. ``` ssh -i /path/key-pair-name.pem aws-managed-user@instance-public-dns-name ``` 1. When you receive the warning `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`, use one of the following commands to resolve this issue. 1. Clear out the known hosts using the following command. Then, repeat the previous step. ``` rm ~/.ssh/known_hosts ``` 1. Add the following to the SSH command in the previous step. ``` -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ``` 1. Set the password for `aws-managed-user` with the following command. The `aws-managed-user` initial password is blank, so you need to overwrite it on your first connection. 1. ``` [aws-managed-user ~]$ sudo /usr/bin/dscl . -passwd /Users/aws-managed-user password ``` 1. When you receive the prompt, `Permission denied. Please enter user's old password:`, press enter. **Troubleshooting tip** If you get the error `passwd: DS error: eDSAuthFailed`, use the following command. ``` [aws-managed-user ~]$ sudo passwd aws-managed-user ``` 1. Install and start macOS Screen Sharing using the following command. ``` [aws-managed-user ~]$ sudo launchctl enable system/com.apple.screensharing sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist ``` 1. Disconnect from the instance by typing **exit** and pressing return. 1. From your local computer, in the Terminal, reconnect to your instance with an SSH tunnel to the VNC port using the following command. ``` ssh -i /path/key-pair-name.pem -L 5900:localhost:5900 aws-managed-user@instance-public-dns-name ``` 1. From your local computer, connect to `localhost:5900` using the following steps: 1. Open **Finder** and select **Go**. 1. Select **Connect to Server**. 1. In the **Server Address** field, enter `vnc://localhost:5900`. 1. In the macOS window, connect to the remote session of the Apple silicon Mac instance as `aws-managed-user` with the password you created in [Step 3](#amu-passwd). **Note** When prompted to sign in with your Apple ID, select **Set Up Later**. 1. Access the Amazon EBS volume using one of the following options. 1. For macOS Ventura or later: Open **System Settings**, select **General** in the left pane, then **Startup Disk** at the lower right of the pane. 1. For macOS Monterey or earlier: Open **System Preferences**, select **Startup Disk**, then unlock the pane using the lock icon in the lower left of the window. **Note** Until the reboot takes place, when prompted for an administrator password, use the password you set above for `aws-managed-user`. This password might be different from the one you set for `ec2-user` or the default administrator account on your instance. The following instructions specify when to use your instance's administrator password. 1. Select the Amazon EBS volume (the volume not named **InternalDisk** in the **Startup Disk** window) and choose **Restart**. **Note** If you have multiple bootable Amazon EBS volumes attached to your Apple silicon Mac instance, be sure to use a unique name for each volume. 1. Confirm the restart, then choose **Authorize Users** when prompted. 1. On the **Authorize user on this volume** pane, verify that the administrative user (`ec2-user` by default) is selected, then select **Authorize**. 1. Enter the `ec2-user` password you created in [Step 3](#passwd-step) of the previous procedure, then select **Continue**. 1. Enter the password for the special administrative user (`aws-managed-user`) when prompted. 1. From your local computer, in the Terminal, reconnect to your instance using SSH with username `ec2-user`. **Troubleshooting tip** If you get the warning `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`, run the following command and reconnect to your instance using SSH. ``` rm ~/.ssh/known_hosts ``` 1. To perform the software update, use the commands under [Update software on x86 Mac instances](#x86-mac1). ------ ## Update software on x86 Mac instances On x86 Mac instances, you can install operating system updates from Apple using the `softwareupdate` command. **To install operating system updates from Apple on x86 Mac instances** 1. List the packages with available updates using the following command. ``` [ec2-user ~]$ softwareupdate --list ``` 1. Install all updates or only specific updates. To install specific updates, use the following command. ``` [ec2-user ~]$ sudo softwareupdate --install label ``` To install all updates instead, use the following command. ``` [ec2-user ~]$ sudo softwareupdate --install --all --restart ``` System administrators can use AWS Systems Manager to roll out pre-approved operating system updates on x86 Mac instances. For more information, see the [AWS Systems Manager User Guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/). You can use Homebrew to install updates to packages in the EC2 macOS AMIs, so that you have the latest version of these packages on your instances. You can also use Homebrew to install and run common macOS applications on Amazon EC2 macOS. For more information, see the [Homebrew Documentation](https://docs.brew.sh/). **To install updates using Homebrew** 1. Update Homebrew using the following command. ``` [ec2-user ~]$ brew update ``` 1. List the packages with available updates using the following command. ``` [ec2-user ~]$ brew outdated ``` 1. Install all updates or only specific updates. To install specific updates, use the following command. ``` [ec2-user ~]$ brew upgrade package name ``` To install all updates instead, use the following command. ``` [ec2-user ~]$ brew upgrade ``` # Increase the size of an EBS volume on your Mac instance Increase size of EBS volume You can increase the size of your Amazon EBS volumes on your Mac instance. For more information, see [Amazon EBS Elastic Volumes](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-modify-volume.html) in the *Amazon EBS User Guide*. After you increase the size of the volume, you must increase the size of your APFS container as follows. **Make increased disk space available for use** 1. Determine if a restart is required. If you resized an existing EBS volume on a running Mac instance, you must [reboot](ec2-instance-reboot.md) the instance to make the new size available. If disk space modification was done during launch time, a reboot will not be required. View current status of disk sizes: ``` [ec2-user ~]$ diskutil list external physical /dev/disk0 (external, physical): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *322.1 GB disk0 1: EFI EFI 209.7 MB disk0s1 2: Apple_APFS Container disk2 321.9 GB disk0s2 ``` 1. Copy and paste the following command. ``` [ec2-user ~]$ PDISK=$(diskutil list physical external | head -n1 | cut -d" " -f1) APFSCONT=$(diskutil list physical external | grep "Apple_APFS" | tr -s " " | cut -d" " -f8) yes | sudo diskutil repairDisk $PDISK ``` 1. Copy and paste the following command. ``` [ec2-user ~]$ sudo diskutil apfs resizeContainer $APFSCONT 0 ``` # Stop or terminate your Amazon EC2 Mac instance Stop or terminate Mac instance When you stop a Mac instance, the instance remains in the `stopping` state for about 15 minutes before it enters the `stopped` state. When you stop or terminate a Mac instance, Amazon EC2 performs a scrubbing workflow on the underlying Dedicated Host to erase the internal SSD, to clear the persistent NVRAM variables, and to update to the latest device firmware. This ensures that Mac instances provide the same security and data privacy as other EC2 Nitro instances. It also allows you to run the latest macOS AMIs. During the scrubbing workflow, the Dedicated Host temporarily enters the pending state. On x86 Mac instances, the scrubbing workflow might take up to 50 minutes to complete. If Amazon EC2 needs to update the device firmware, the workflow might take up to 3 hours to complete. On Apple silicon Mac instances, the scrubbing workflow might take up to 4.5 hours to complete. You can't start the stopped Mac instance or launch a new Mac instance until after the scrubbing workflow completes, at which point the Dedicated Host enters the `available` state. Metering and billing is paused when the Dedicated Host enters the `pending` state. You are not charged for the duration of the scrubbing workflow. ## Release the Dedicated Host for your Mac instance When you are finished with your Mac instance, you can release the Dedicated Host. Before you can release the Dedicated Host, you must stop or terminate the Mac instance. You cannot release the host until the allocation period exceeds the 24-hour minimum. **To release the Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Instance state**, then choose either **Stop instance** or **Terminate instance**. 1. In the navigation pane, choose **Dedicated Hosts**. 1. Select the Dedicated Host and choose **Actions**, **Release host**. 1. When prompted for confirmation, choose **Release**. # Configure System Integrity Protection for Amazon EC2 Mac instances Configure SIP settings You can configure System Integrity Protection (SIP) settings for x86 Mac instances and Apple silicon Mac instances. SIP is a critical macOS security feature that helps to prevent unauthorized code execution and system-level modifications. For more information, see [About System Integrity Protection](https://support.apple.com/en-us/102149). You can either enable or disable SIP completely, or you can selectively enable or disable specific SIP settings. It is recommended that you disable SIP only temporarily to perform necessary tasks, and then reenable it as soon as possible. Leaving SIP disabled could leave your instance vulnerable to malicious code. SIP configuration is supported in all AWS Regions where Amazon EC2 Mac instances are supported. **Topics** + [ ## Considerations ](#mac-sip-considerations) + [ ## Default SIP configurations ](#mac-sip-defaults) + [ ## Check your SIP configuration ](#mac-sip-check-settings) + [ ## Prerequisites for Apple silicon Mac instances ](#mac-sip-prereqs) + [ ## Configure SIP settings ](#mac-sip-configure) + [ ## Check SIP configuration task status ](#mac-sip-state) ## Considerations + The following Amazon EC2 Mac instance types and macOS versions are supported: + **Mac1 \$1 Mac2 \$1 Mac2-m1ultra** — macOS Ventura (version 13.0 or later) + **Mac2-m2 \$1 Mac2-m2pro** — macOS Ventura (version 13.2 or later) + **Mac-m4 \$1 Mac-m4pro** — macOS Sequoia (version 15.6 or later) **Note** Beta and preview versions of macOS are not supported. + You can specify a custom SIP configuration to selectively enable or disable individual SIP settings. If you implement a custom configuration, [connect to the instance and verify the settings](#mac-sip-check-settings) to ensure that your requirements are properly implemented and functioning as intended. SIP configurations might change with macOS updates. We recommend that you review custom SIP settings after any macOS version upgrade to ensure continued compatibility and proper functionality of your security configurations. + For x86 Mac instances, SIP settings are applied at the instance level. Any root volume attached to the instance will automatically inherit the configured SIP settings. For Apple silicon Mac instances, SIP settings are applied at the volume level. Root volumes attached to the instance do not inherit the SIP settings. If you attach another root volume, you must reconfigure the SIP settings to the required state. + It can take up to 90 mins for SIP configuration tasks to complete. The instance remains unreachable while the SIP configuration task in progress. + SIP configurations do not transfer to snapshots or AMIs that you subsequently create from the instance. + Apple silicon Mac instances must have only one bootable volume, and each attached volume can have only one additional admin user. ## Default SIP configurations The following table lists the default SIP configuration for x86 Mac instances and Apple silicon Mac instances. | | Apple silicon Mac instances | x86 Mac instances | | --- | --- | --- | | Apple Internal | Enabled | Disabled | | Filesystem Protections | Enabled | Disabled | | Base System | Enabled | Enabled | | Debugging Restrictions | Enabled | Enabled | | Dtrace Restrictions | Enabled | Enabled | | Kext Signing | Enabled | Enabled | | Nvram Protections | Enabled | Enabled | ## Check your SIP configuration We recommend that you check your SIP configuration before and after making changes to ensure that it is configured as expected. **To check the SIP configuration for an Amazon EC2 Mac instance** [Connect to the instance using SSH](connect-to-mac-instance.md#mac-instance-ssh), and then run the following command at the command line. ``` $ csrutil status ``` The following is example output. ``` System Integrity Protection status: enabled. Configuration: Apple Internal: enabled Kext Signing: disabled Filesystem Protections: enabled Debugging Restrictions: enabled DTrace Restrictions: enabled NVRAM Protections: enabled BaseSystem Verification: disabled ``` ## Prerequisites for Apple silicon Mac instances Before you can configure the SIP settings for Apple silicon Mac instances, you must set a password and enable the secure token for the Amazon EBS root volume administrative user (`ec2-user`). **Note** The password and secure token are set the first time you connect to an Apple silicon Mac instance using the GUI. If you previously [ connected to the instance using the GUI](connect-to-mac-instance.md#mac-instance-vnc), or if you are using an x86 Mac instance, you **do not** need to perform these steps. **Note** All macOS usernames and passwords used for macOS authentication are required to be between 4 and 16 characters for use with SIP settings API calls. **To set a password and enable the secure token for the EBS root volume administrative user** 1. [Connect to the instance using SSH](connect-to-mac-instance.md#mac-instance-ssh). 1. Set the password for the `ec2-user` user. ``` $ sudo /usr/bin/dscl . -passwd /Users/ec2-user ``` 1. Enable the secure token for the `ec2-user` user. For `-oldPassword`, specify the same password from the previous step. For `-newPassword`, specify a different password. The following command assumes that you have your old and new passwords saved in `.txt` files. ``` $ sysadminctl -oldPassword `cat old_password.txt` -newPassword `cat new_password.txt` ``` 1. Verify that the secure token is enabled. ``` $ sysadminctl -secureTokenStatus ec2-user ``` ## Configure SIP settings When you configure the SIP settings for your instance, you can either enable or disable all SIP settings, or you can specify a custom configuration that selectively enables or disables specific SIP settings. **Note** If you implement a custom configuration, [ connect to the instance and verify the settings](#mac-sip-check-settings) to ensure that your requirements are properly implemented and functioning as intended. SIP configurations might change with macOS updates. We recommend that you review custom SIP settings after any macOS version upgrade to ensure continued compatibility and proper functionality of your security configurations. To configure the SIP settings for your instance, you must create a SIP configuration task. The SIP configuration task specifies the SIP settings for your instance. When you create a SIP configuration for an Apple silicon Mac instance, you must specify the following credentials: + **Internal disk administrative user** + Username — Only the default administrative user (`aws-managed-user`) is supported and it is used by default. You can't specify a different administrative user. + Password — If you did not change the default password for `aws-managed-user`, specify the default password, which is *blank*. Otherwise, specify your password. + **Amazon EBS root volume administrative user** + Username — If you did not change the default administrative user, specify `ec2-user`. Otherwise, specify the username for your administrative user. + Password — You must always specify the password. Use the following methods to create a SIP configuration task. ------ #### [ Console ] **To create a SIP configuration task using the console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, choose **Instances** and then select the Amazon EC2 Mac instance. 1. In the **Security** tab, choose **Modify Mac, Modify System Integrity Protection**. 1. To enable all SIP settings, select **Enable SIP**. To disable all SIP settings, clear **Enable SIP**. 1. To specify a custom configuration that selectively enables or disables specific SIP settings, select **Specify a custom SIP configuration**, and then select the SIP settings to enable, or clear the SIP settings to disable. 1. Specify the credentials for the root volume user and internal disk owner. 1. Choose **Create SIP modification task**. ------ #### [ AWS CLI ] **To create a SIP configuration task using the AWS CLI** Use the [ create-mac-system-integrity-protection-modification-task](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-mac-system-integrity-protection-modification-task.html) command. **Enable or disable all SIP settings** To completely enable or disable all SIP settings, use only the `--mac-system-integrity-protection-status` parameter. The following example command enables all SIP settings. ``` aws ec2 create-mac-system-integrity-protection-modification-task \ --instance-id i-0abcdef9876543210 \ --mac-system-integrity-protection-status enabled \ --mac-credentials file://mac-credentials.json ``` **Specify a custom SIP configuration** To specify a custom SIP configuration that selectively enables or disable specific SIP settings, specify the `--mac-system-integrity-protection-status` and `--mac-system-integrity-protection-configuration` parameters. In this case, use `mac-system-integrity-protection-status` to specify the overall SIP status, and use `mac-system-integrity-protection-configuration` to selectively enable or disable individual SIP settings. The following example command creates a SIP configuration task to enable all SIP settings, except `NvramProtections` and `FilesystemProtections`. ``` aws ec2 create-mac-system-integrity-protection-modification-task \ --instance-id i-0abcdef9876543210 \ --mac-system-integrity-protection-status enabled \ --mac-system-integrity-protection-configuration "NvramProtections=disabled, FilesystemProtections=disabled" \ --mac-credentials file://mac-credentials.json ``` The following example command creates a SIP configuration task to disable all SIP settings, except `DtraceRestrictions`. ``` aws ec2 create-mac-system-integrity-protection-modification-task \ --instance-id i-0abcdef9876543210 \ --mac-system-integrity-protection-status disabled \ --mac-system-integrity-protection-configuration "DtraceRestrictions=enabled" \ --mac-credentials file://mac-credentials.json ``` **Contents of the `mac-credentials.json` file** The following is the contents of the `mac-credentials.json` file referenced in the preceding examples. ``` { "internalDiskPassword":"internal-disk-admin_password", "rootVolumeUsername":"root-volume-admin_username", "rootVolumepassword":"root-volume-admin_password" } ``` ------ ## Check SIP configuration task status Use one of the following methods to check the state of SIP configuration tasks. ------ #### [ Console ] **To view SIP configuration tasks using the console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, choose **Instances** and then select the Amazon EC2 Mac instance. 1. In the **Security** tab, scroll down to the **Mac modification tasks** section. ------ #### [ AWS CLI ] **To check the state of SIP configuration tasks using the AWS CLI** Use the [ describe-mac-modification-tasks](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-mac-modification-tasks.html) command. ------ # Find supported macOS versions for your Amazon EC2 Mac Dedicated Host Find supported macOS versions You can view the latest macOS versions supported by your Amazon EC2 Mac Dedicated Host. With this functionality, you can validate whether your Dedicated Host can support instance launches with your preferred macOS versions. Each macOS version requires a minimum firmware version on the underlying Apple Mac to successfully boot. The Apple Mac firmware version can become outdated if an allocated Mac Dedicated Host has remained idle for an extended period of time or if it has a long running instance on it. To ensure supportability for the latest macOS versions, you can stop or terminate instances on your allocated Mac Dedicated Host. This triggers the host scrubbing workflow and updates the firmware on the underlying Apple Mac to support the latest macOS versions. A Dedicated Host with a long running instance will automatically be updated when you stop or terminate a running instance. For more information about the scrubbing workflow, see [Stop or terminate your Amazon EC2 Mac instance](mac-instance-stop.md). For more information about launching Mac instances, see [Launch a Mac instance using the AWS Management Console or the AWS CLI](mac-instance-launch.md). You can view information about the latest macOS versions supported on your allocated Dedicated Host using the Amazon EC2 console or the AWS CLI. ------ #### [ Console ] **To view Dedicated Host firmware information using the console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. On the **Dedicated Hosts details** page, under **Latest supported macOS versions**, you can see the latest macOS versions that the host can support. ------ #### [ AWS CLI ] **To view Dedicated Host firmware information using the AWS CLI** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-mac-hosts.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-mac-hosts.html) command, replacing `region` with the appropriate AWS Region. ``` $ aws ec2 describe-mac-hosts --region us-east-1 { "MacHosts": [ { "HostId": "h-07879acf49EXAMPLE", "MacOSLatestSupportedVersions": [ "14.3", "13.6.4", "12.7.3" ] } ] } ``` ------ # Subscribe to macOS AMI notifications To be notified when new AMIs are released or when bridgeOS has been updated, subscribe for notifications using Amazon SNS. For more information about EC2 macOS AMIs, see [Amazon EC2 macOS AMIs release notes](macos-ami-overview.md). **To subscribe to macOS AMI notifications** 1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home). 1. In the navigation bar, change the Region to **US East (N. Virginia)**, if necessary. You must use this Region because the SNS notifications that you are subscribing to were created in this Region. 1. In the navigation pane, choose **Subscriptions**. 1. Choose **Create subscription**. 1. For the **Create subscription** dialog box, do the following: 1. For **Topic ARN**, copy and paste one of the following Amazon Resource Names (ARNs): + **arn:aws:sns:us-east-1:898855652048:amazon-ec2-macos-ami-updates** + **arn:aws:sns:us-east-1:898855652048:amazon-ec2-bridgeos-updates** 1. For **Protocol**, choose one of the following: + **Email:** For **Endpoint**, type an email address that you can use to receive the notifications. After you create your subscription you'll receive a confirmation message with the subject line `AWS Notification - Subscription Confirmation`. Open the email and choose **Confirm subscription** to complete your subscription + **SMS:** For **Endpoint**, type a phone number that you can use to receive the notifications. + **AWS Lambda, Amazon SQS, Amazon Data Firehose** (*Notifications come in JSON format*): For **Endpoint**, enter the ARN for the Lambda function, SQS queue, or Firehose stream you can use to receive the notifications. 1. Choose **Create subscription**. Whenever macOS AMIs are released, we send notifications to the subscribers of the `amazon-ec2-macos-ami-updates` topic. Whenever bridgeOS is updated, we send notifications to the subscribers of the `amazon-ec2-bridgeos-updates` topic. If you no longer want to receive these notifications, use the following procedure to unsubscribe. **To unsubscribe from macOS AMI notifications** 1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home). 1. In the navigation bar, change the Region to **US East (N. Virginia)**, if necessary. You must use this Region because the SNS notifications were created in this Region. 1. In the navigation pane, choose **Subscriptions**. 1. Select the subscriptions and then choose **Actions**, **Delete subscriptions** When prompted for confirmation, choose **Delete**. # Retrieve macOS AMI IDs using AWS Systems Manager Parameter Store API Retrieve macOS AMI IDs You must specify an AMI when you launch an instance. An AMI is specific to an AWS Region, operating system, and processor architecture. You can view all of the macOS AMIs in an AWS Region and retrieve the latest macOS AMI by querying the AWS Systems Manager Parameter Store API. Using these public parameters, you don't need to manually look up macOS AMI IDs. Public parameters are available for both x86 and ARM64 macOS AMIs, and can be integrated with your existing AWS CloudFormation templates. **Required permissions** To perform this action, the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts) must have permissions to call the `ssm:GetParameter` API action. **To view a list of all macOS AMIs in the current AWS Region using the AWS CLI** Use the following [get-parameters-by-path](https://docs.aws.amazon.com/cli/latest/reference/ssm/get-parameters-by-path.html) command to view a list of all macOS AMIs in the current Region. ``` aws ssm get-parameters-by-path --path /aws/service/ec2-macos --recursive --query "Parameters[].Name" ``` **To retrieve the AMI ID of the latest major macOS AMI using the AWS CLI** Use the following [get-parameter](https://docs.aws.amazon.com/cli/latest/reference/ssm/get-parameter.html) command with the sub-parameter `image_id`. In the following example, replace `sonoma` with a macOS supported major version, `x86_64_mac` with the processor, and `region-code` with a supported AWS Region for which you want the latest macOS AMI ID. ``` aws ssm get-parameter --name /aws/service/ec2-macos/sonoma/x86_64_mac/latest/image_id --region region-code ``` For more information, see [Calling AMI public parameters for macOS](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html#public-parameters-ami-macos) in the *AWS Systems Manager User Guide*. # Amazon EC2 macOS AMIs release notes macOS AMIs release notes The following information provides details about the packages included by default in the EC2 macOS AMIs and summarizes the changes for each EC2 macOS AMI release. For information about how to subscribe to macOS AMI notifications, see [Subscribe to macOS AMI notifications](macos-subscribe-notifications.md). Mac instances can run one of the following operating systems: + macOS Mojave (version 10.14) (x86 Mac instances only) + macOS Catalina (version 10.15) (x86 Mac instances only) + macOS Big Sur (version 11) (x86 and M1 Mac instances) + macOS Monterey (version 12) (x86 and M1 Mac instances) + macOS Ventura (version 13) (all Mac instances, M2 and M2 Pro Mac instances support macOS Ventura version 13.2 or later) + macOS Sonoma (version 14) (all Mac instances) + macOS Sequoia (version 15) (all Mac instances) **Note** M4 and M4 Pro Mac instances support macOS Sequoia version 15.6 or later. ## Approve Local Network Privacy policies for macOS Sequoia Approve Local Network Privacy policies macOS Sequoia (version 15) has a new Local Network Privacy feature that impacts users of local IP-based services, including Amazon EC2 Instance Metadata Service (IMDS). **Important** To make sure that you have uninterrupted access to local IP-based services, use the following steps to approve the Local Network Privacy policies. **To approve Local Network Privacy policies** 1. [Connect to your instance's graphical user interface (GUI)](connect-to-mac-instance.md#mac-instance-vnc). 1. Follow the prompts on the screen to approve the Local Network Privacy policies. 1. After you have approved the policies, create an AMI of your EC2 Mac instance. For more information, see [Create an Amazon EBS-backed AMI](creating-an-ami-ebs.md). Any EC2 Mac instances that are launched from the newly created AMI will retain the Local Network Privacy permissions. ## Default packages included in Amazon EC2 macOS AMIs The following table describes packages that are included by default in the EC2 macOS AMIs. | Packages | Release notes | | --- | --- | | EC2 macOS Init | [https://github.com/aws/ec2-macos-init/tags](https://github.com/aws/ec2-macos-init/tags) | | EC2 macOS Utils | [https://github.com/aws/ec2-macos-utils/tags](https://github.com/aws/ec2-macos-utils/tags) | | Amazon SSM Agent | [https://github.com/aws/amazon-ssm-agent/releases](https://github.com/aws/amazon-ssm-agent/releases) | | AWS Command Line Interface (AWS CLI) version 2 | [https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst](https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst) | | Command Line Tools for Xcode | [https://developer.apple.com/documentation/xcode-release-notes](https://developer.apple.com/documentation/xcode-release-notes) | | Homebrew | [https://github.com/Homebrew/brew/releases](https://github.com/Homebrew/brew/releases) | | EC2 Instance Connect | [https://github.com/aws/aws-ec2-instance-connect-config/releases](https://github.com/aws/aws-ec2-instance-connect-config/releases) | | Safari | [https://developer.apple.com/documentation/safari-release-notes](https://developer.apple.com/documentation/safari-release-notes) | ## Amazon EC2 macOS AMI updates EC2 macOS AMI updates The following table describes changes included in the EC2 macOS AMI releases. Note that some changes apply to all EC2 macOS AMIs, whereas others apply to only a subset of these AMIs. ### EC2 macOS AMI updates | Release | Changes | | --- | --- | | 2026.03.17 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2026.03.03 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.12.26 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.12.17 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.11.18 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.09.04 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.08.05 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.06.27 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.05.21 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.05.05 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.03.18 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2025.01.24 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2024.12.20 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2024.10.28 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2024.08.20 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2024.06.07 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | | 2024.04.12 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/macos-ami-overview.html) | # Amazon EBS-optimized instance types EBS optimization Amazon EBS–optimized instances use an optimized configuration stack and provide additional, dedicated bandwidth for Amazon EBS I/O. This optimization provides the best performance for your EBS volumes by minimizing contention between Amazon EBS I/O and other traffic from your instance. When attached to an EBS–optimized instance, General Purpose SSD (`gp2` and `gp3`) volumes are designed to deliver at least 90 percent of their provisioned IOPS performance 99 percent of the time in a given year, and Provisioned IOPS SSD (`io1` and `io2`) volumes are designed to deliver at least 90 percent of their provisioned IOPS performance 99.9 percent of the time in a given year. Throughput Optimized HDD (`st1`) and Cold HDD (`sc1`) deliver at least 90 percent of their expected throughput performance 99 percent of the time in a given year. Non-compliant periods are approximately uniformly distributed, targeting 99 percent of expected total throughput each hour. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide*. Some instance types are **EBS-optimized by default**, and there is no need to enable it and no effect if you attempt to disable it. Other instance types optionally **support EBS optimization** and you can enable it during or after launch for an [ additional hourly fee](https://aws.amazon.com/ec2/previous-generation/#EBS-optimized_instances). Some instance types do not support EBS optimization. For detailed instance type specifications and features, see the [Amazon EC2 Instance Types Guide](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-types.html). **Considerations** + An instance's EBS performance is bounded by the instance type's performance limits, or the aggregated performance of its attached volumes, whichever is smaller. To achieve maximum EBS performance, an instance must have attached volumes that provide a combined performance equal to or greater than the maximum instance performance. For example, to achieve `80,000` IOPS for `r6i.16xlarge`, the instance must have at least `5` `gp2` volumes provisioned with `16,000` IOPS each (`5` volumes x `16,000` IOPS = `80,000` IOPS), or it can have `1` `gp3` volume provisioned with `80,000` IOPS. We recommend that you choose an instance type that provides more dedicated Amazon EBS throughput than your application needs; otherwise, the connection between Amazon EBS and Amazon EC2 can become a performance bottleneck. + The maximum number of Amazon EBS volumes that you can attach to an instance depends on the instance type and instance size. For more information, see [Amazon EBS volume limits for Amazon EC2 instances](volume_limits.md). + The maximum IOPS and throughput limits are interdependent. Depending on your I/O size, you might reach one limit before the other, which can affect overall performance. For optimal results, consider both limits when planning your workload. ## EBS-optimized by default The following instance types are EBS–optimized by default. There is no need to enable EBS optimization and no effect if you disable EBS optimization. **Topics** + [ ### General purpose ](#current-general-purpose) + [ ### Compute optimized ](#current-compute-optimized) + [ ### Memory optimized ](#current-memory-optimized) + [ ### Storage optimized ](#current-storage-optimized) + [ ### Accelerated computing ](#current-accelerated-computing) + [ ### High-performance computing ](#current-high-performance-computing) ### General purpose **Note** M8a, M8g, M8gd, M8i, M8id, M8i-flex instance types support configurable bandwidth weightings. With these instance types, you can optimize an instance's bandwidth for either networking performance or Amazon EBS performance. The following table shows the default Amazon EBS bandwidth performance for these instance types. For more information, see [EC2 instance bandwidth weighting configuration](configure-bandwidth-weighting.md). | Instance size | Baseline bandwidth (Mbps) | Maximum bandwidth (Mbps) | Baseline throughput (MB/s, 128 KiB I/O) | Maximum throughput (MB/s, 128 KiB I/O) | Baseline IOPS (16 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | --- | --- | --- | | a1.medium 1 | 300 | 3500 | 37.50 | 437.50 | 2500 | 20000 | | a1.large 1 | 525 | 3500 | 65.62 | 437.50 | 4000 | 20000 | | a1.xlarge 1 | 800 | 3500 | 100.00 | 437.50 | 6000 | 20000 | | a1.2xlarge 1 | 1750 | 3500 | 218.75 | 437.50 | 10000 | 20000 | | a1.4xlarge 2 | 3500 | 437.5 | 20000 | | a1.metal 2 | 3500 | 437.5 | 20000 | | m4.large 2 | 450 | 56.25 | 3600 | | m4.xlarge 2 | 750 | 93.75 | 6000 | | m4.2xlarge 2 | 1000 | 125.0 | 8000 | | m4.4xlarge 2 | 2000 | 250.0 | 16000 | | m4.10xlarge 2 | 4000 | 500.0 | 32000 | | m4.16xlarge 2 | 10000 | 1250.0 | 65000 | | m5.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | m5.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | m5.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | m5.4xlarge 2 | 4750 | 593.75 | 18750 | | m5.8xlarge 2 | 6800 | 850.0 | 30000 | | m5.12xlarge 2 | 9500 | 1187.5 | 40000 | | m5.16xlarge 2 | 13600 | 1700.0 | 60000 | | m5.24xlarge 2 | 19000 | 2375.0 | 80000 | | m5.metal 2 | 19000 | 2375.0 | 80000 | | m5a.large 1 | 650 | 2880 | 81.25 | 360.00 | 3600 | 16000 | | m5a.xlarge 1 | 1085 | 2880 | 135.62 | 360.00 | 6000 | 16000 | | m5a.2xlarge 1 | 1580 | 2880 | 197.50 | 360.00 | 8333 | 16000 | | m5a.4xlarge 2 | 2880 | 360.0 | 16000 | | m5a.8xlarge 2 | 4750 | 593.75 | 20000 | | m5a.12xlarge 2 | 6780 | 847.5 | 30000 | | m5a.16xlarge 2 | 9500 | 1187.5 | 40000 | | m5a.24xlarge 2 | 13750 | 1718.75 | 60000 | | m5ad.large 1 | 650 | 2880 | 81.25 | 360.00 | 3600 | 16000 | | m5ad.xlarge 1 | 1085 | 2880 | 135.62 | 360.00 | 6000 | 16000 | | m5ad.2xlarge 1 | 1580 | 2880 | 197.50 | 360.00 | 8333 | 16000 | | m5ad.4xlarge 2 | 2880 | 360.0 | 16000 | | m5ad.8xlarge 2 | 4750 | 593.75 | 20000 | | m5ad.12xlarge 2 | 6780 | 847.5 | 30000 | | m5ad.16xlarge 2 | 9500 | 1187.5 | 40000 | | m5ad.24xlarge 2 | 13750 | 1718.75 | 60000 | | m5d.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | m5d.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | m5d.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | m5d.4xlarge 2 | 4750 | 593.75 | 18750 | | m5d.8xlarge 2 | 6800 | 850.0 | 30000 | | m5d.12xlarge 2 | 9500 | 1187.5 | 40000 | | m5d.16xlarge 2 | 13600 | 1700.0 | 60000 | | m5d.24xlarge 2 | 19000 | 2375.0 | 80000 | | m5d.metal 2 | 19000 | 2375.0 | 80000 | | m5dn.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | m5dn.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | m5dn.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | m5dn.4xlarge 2 | 4750 | 593.75 | 18750 | | m5dn.8xlarge 2 | 6800 | 850.0 | 30000 | | m5dn.12xlarge 2 | 9500 | 1187.5 | 40000 | | m5dn.16xlarge 2 | 13600 | 1700.0 | 60000 | | m5dn.24xlarge 2 | 19000 | 2375.0 | 80000 | | m5dn.metal 2 | 19000 | 2375.0 | 80000 | | m5n.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | m5n.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | m5n.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | m5n.4xlarge 2 | 4750 | 593.75 | 18750 | | m5n.8xlarge 2 | 6800 | 850.0 | 30000 | | m5n.12xlarge 2 | 9500 | 1187.5 | 40000 | | m5n.16xlarge 2 | 13600 | 1700.0 | 60000 | | m5n.24xlarge 2 | 19000 | 2375.0 | 80000 | | m5n.metal 2 | 19000 | 2375.0 | 80000 | | m5zn.large 1 | 800 | 3170 | 100.00 | 396.25 | 3333 | 13333 | | m5zn.xlarge 1 | 1564 | 3170 | 195.50 | 396.25 | 6667 | 13333 | | m5zn.2xlarge 2 | 3170 | 396.25 | 13333 | | m5zn.3xlarge 2 | 4750 | 593.75 | 20000 | | m5zn.6xlarge 2 | 9500 | 1187.5 | 40000 | | m5zn.12xlarge 2 | 19000 | 2375.0 | 80000 | | m5zn.metal 2 | 19000 | 2375.0 | 80000 | | m6a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m6a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m6a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m6a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m6a.8xlarge 2 | 10000 | 1250.0 | 40000 | | m6a.12xlarge 2 | 15000 | 1875.0 | 60000 | | m6a.16xlarge 2 | 20000 | 2500.0 | 80000 | | m6a.24xlarge 2 | 30000 | 3750.0 | 120000 | | m6a.32xlarge 2 | 40000 | 5000.0 | 160000 | | m6a.48xlarge 2 | 40000 | 5000.0 | 240000 | | m6a.metal 2 | 40000 | 5000.0 | 240000 | | m6g.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | m6g.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | m6g.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | m6g.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | m6g.4xlarge 2 | 4750 | 593.75 | 20000 | | m6g.8xlarge 2 | 9500 | 1187.5 | 40000 | | m6g.12xlarge 2 | 14250 | 1781.25 | 50000 | | m6g.16xlarge 2 | 19000 | 2375.0 | 80000 | | m6g.metal 2 | 19000 | 2375.0 | 80000 | | m6gd.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | m6gd.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | m6gd.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | m6gd.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | m6gd.4xlarge 2 | 4750 | 593.75 | 20000 | | m6gd.8xlarge 2 | 9500 | 1187.5 | 40000 | | m6gd.12xlarge 2 | 14250 | 1781.25 | 50000 | | m6gd.16xlarge 2 | 19000 | 2375.0 | 80000 | | m6gd.metal 2 | 19000 | 2375.0 | 80000 | | m6i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m6i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m6i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m6i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m6i.8xlarge 2 | 10000 | 1250.0 | 40000 | | m6i.12xlarge 2 | 15000 | 1875.0 | 60000 | | m6i.16xlarge 2 | 20000 | 2500.0 | 80000 | | m6i.24xlarge 2 | 30000 | 3750.0 | 120000 | | m6i.32xlarge 2 | 40000 | 5000.0 | 160000 | | m6i.metal 2 | 40000 | 5000.0 | 160000 | | m6id.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m6id.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m6id.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m6id.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m6id.8xlarge 2 | 10000 | 1250.0 | 40000 | | m6id.12xlarge 2 | 15000 | 1875.0 | 60000 | | m6id.16xlarge 2 | 20000 | 2500.0 | 80000 | | m6id.24xlarge 2 | 30000 | 3750.0 | 120000 | | m6id.32xlarge 2 | 40000 | 5000.0 | 160000 | | m6id.metal 2 | 40000 | 5000.0 | 160000 | | m6idn.large 1 | 1562 | 25000 | 195.31 | 3125.00 | 6250 | 100000 | | m6idn.xlarge 1 | 3125 | 25000 | 390.62 | 3125.00 | 12500 | 100000 | | m6idn.2xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 25000 | 100000 | | m6idn.4xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 50000 | 100000 | | m6idn.8xlarge 2 | 25000 | 3125.0 | 100000 | | m6idn.12xlarge 2 | 37500 | 4687.5 | 150000 | | m6idn.16xlarge 2 | 50000 | 6250.0 | 200000 | | m6idn.24xlarge 2 | 75000 | 9375.0 | 300000 | | m6idn.32xlarge 2 | 100000 | 12500.0 | 400000 | | m6idn.metal 2 | 100000 | 12500.0 | 400000 | | m6in.large 1 | 1562 | 25000 | 195.31 | 3125.00 | 6250 | 100000 | | m6in.xlarge 1 | 3125 | 25000 | 390.62 | 3125.00 | 12500 | 100000 | | m6in.2xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 25000 | 100000 | | m6in.4xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 50000 | 100000 | | m6in.8xlarge 2 | 25000 | 3125.0 | 100000 | | m6in.12xlarge 2 | 37500 | 4687.5 | 150000 | | m6in.16xlarge 2 | 50000 | 6250.0 | 200000 | | m6in.24xlarge 2 | 75000 | 9375.0 | 300000 | | m6in.32xlarge 2 | 100000 | 12500.0 | 400000 | | m6in.metal 2 | 100000 | 12500.0 | 400000 | | m7a.medium 1 | 325 | 10000 | 40.62 | 1250.00 | 2500 | 40000 | | m7a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m7a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m7a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m7a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m7a.8xlarge 2 | 10000 | 1250.0 | 40000 | | m7a.12xlarge 2 | 15000 | 1875.0 | 60000 | | m7a.16xlarge 2 | 20000 | 2500.0 | 80000 | | m7a.24xlarge 2 | 30000 | 3750.0 | 120000 | | m7a.32xlarge 2 | 40000 | 5000.0 | 160000 | | m7a.48xlarge 2 | 40000 | 5000.0 | 240000 | | m7a.metal-48xl 2 | 40000 | 5000.0 | 240000 | | m7g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | m7g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | m7g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m7g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m7g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m7g.8xlarge 2 | 10000 | 1250.0 | 40000 | | m7g.12xlarge 2 | 15000 | 1875.0 | 60000 | | m7g.16xlarge 2 | 20000 | 2500.0 | 80000 | | m7g.metal 2 | 20000 | 2500.0 | 80000 | | m7gd.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | m7gd.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | m7gd.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m7gd.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m7gd.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m7gd.8xlarge 2 | 10000 | 1250.0 | 40000 | | m7gd.12xlarge 2 | 15000 | 1875.0 | 60000 | | m7gd.16xlarge 2 | 20000 | 2500.0 | 80000 | | m7gd.metal 2 | 20000 | 2500.0 | 80000 | | m7i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m7i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m7i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m7i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m7i.8xlarge 2 | 10000 | 1250.0 | 40000 | | m7i.12xlarge 2 | 15000 | 1875.0 | 60000 | | m7i.16xlarge 2 | 20000 | 2500.0 | 80000 | | m7i.24xlarge 2 | 30000 | 3750.0 | 120000 | | m7i.48xlarge 2 | 40000 | 5000.0 | 240000 | | m7i.metal-24xl 2 | 30000 | 3750.0 | 120000 | | m7i.metal-48xl 2 | 40000 | 5000.0 | 240000 | | m7i-flex.large 1 | 312 | 10000 | 39.06 | 1250.00 | 2500 | 40000 | | m7i-flex.xlarge 1 | 625 | 10000 | 78.12 | 1250.00 | 3600 | 40000 | | m7i-flex.2xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m7i-flex.4xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m7i-flex.8xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m7i-flex.12xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | m7i-flex.16xlarge 1 | 10000 | 20000 | 1250.00 | 2500.00 | 40000 | 80000 | | m8a.medium 1 | 325 | 10000 | 40.62 | 1250.00 | 2500 | 40000 | | m8a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m8a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m8a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m8a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8a.8xlarge 2 | 10000 | 1250.0 | 40000 | | m8a.12xlarge 2 | 15000 | 1875.0 | 60000 | | m8a.16xlarge 2 | 20000 | 2500.0 | 80000 | | m8a.24xlarge 2 | 30000 | 3750.0 | 120000 | | m8a.48xlarge 2 | 60000 | 7500.0 | 240000 | | m8a.metal-24xl 2 | 30000 | 3750.0 | 120000 | | m8a.metal-48xl 2 | 60000 | 7500.0 | 240000 | | m8azn.medium 1 | 625 | 15000 | 78.12 | 1875.00 | 2500 | 60000 | | m8azn.large 1 | 1250 | 15000 | 156.25 | 1875.00 | 5000 | 60000 | | m8azn.xlarge 1 | 2500 | 15000 | 312.50 | 1875.00 | 10000 | 60000 | | m8azn.3xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | m8azn.6xlarge 2 | 15000 | 1875.0 | 60000 | | m8azn.12xlarge 2 | 30000 | 3750.0 | 120000 | | m8azn.24xlarge 2 | 60000 | 7500.0 | 240000 | | m8azn.metal-12xl 2 | 30000 | 3750.0 | 120000 | | m8azn.metal-24xl 2 | 60000 | 7500.0 | 240000 | | m8g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | m8g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | m8g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m8g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m8g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8g.8xlarge 2 | 10000 | 1250.0 | 40000 | | m8g.12xlarge 2 | 15000 | 1875.0 | 60000 | | m8g.16xlarge 2 | 20000 | 2500.0 | 80000 | | m8g.24xlarge 2 | 30000 | 3750.0 | 120000 | | m8g.48xlarge 2 | 40000 | 5000.0 | 240000 | | m8g.metal-24xl 2 | 30000 | 3750.0 | 120000 | | m8g.metal-48xl 2 | 40000 | 5000.0 | 240000 | | m8gb.medium 1 | 1562 | 25000 | 195.31 | 3125.00 | 7500 | 120000 | | m8gb.large 1 | 3125 | 25000 | 390.62 | 3125.00 | 15000 | 120000 | | m8gb.xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 30000 | 120000 | | m8gb.2xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 60000 | 120000 | | m8gb.4xlarge 2 | 25000 | 3125.0 | 120000 | | m8gb.8xlarge 2 | 50000 | 6250.0 | 240000 | | m8gb.12xlarge 2 | 75000 | 9375.0 | 360000 | | m8gb.16xlarge 2 | 100000 | 12500.0 | 480000 | | m8gb.24xlarge 2 | 150000 | 18750.0 | 720000 | | m8gb.48xlarge 2 | 300000 | 37500.0 | 1440000 | | m8gb.metal-24xl 2 | 150000 | 18750.0 | 720000 | | m8gb.metal-48xl 2 | 300000 | 37500.0 | 1440000 | | m8gd.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | m8gd.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | m8gd.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m8gd.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m8gd.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8gd.8xlarge 2 | 10000 | 1250.0 | 40000 | | m8gd.12xlarge 2 | 15000 | 1875.0 | 60000 | | m8gd.16xlarge 2 | 20000 | 2500.0 | 80000 | | m8gd.24xlarge 2 | 30000 | 3750.0 | 120000 | | m8gd.48xlarge 2 | 40000 | 5000.0 | 240000 | | m8gd.metal-24xl 2 | 30000 | 3750.0 | 120000 | | m8gd.metal-48xl 2 | 40000 | 5000.0 | 240000 | | m8gn.medium 1 | 760 | 10000 | 95.00 | 1250.00 | 2500 | 40000 | | m8gn.large 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | m8gn.xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | m8gn.2xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8gn.4xlarge 2 | 10000 | 1250.0 | 40000 | | m8gn.8xlarge 2 | 20000 | 2500.0 | 80000 | | m8gn.12xlarge 2 | 30000 | 3750.0 | 120000 | | m8gn.16xlarge 2 | 40000 | 5000.0 | 160000 | | m8gn.24xlarge 2 | 60000 | 7500.0 | 240000 | | m8gn.48xlarge 2 | 120000 | 15000.0 | 480000 | | m8gn.metal-24xl 2 | 60000 | 7500.0 | 240000 | | m8gn.metal-48xl 2 | 120000 | 15000.0 | 480000 | | m8i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m8i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m8i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m8i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8i.8xlarge 2 | 10000 | 1250.0 | 40000 | | m8i.12xlarge 2 | 15000 | 1875.0 | 60000 | | m8i.16xlarge 2 | 20000 | 2500.0 | 80000 | | m8i.24xlarge 2 | 30000 | 3750.0 | 120000 | | m8i.32xlarge 2 | 40000 | 5000.0 | 160000 | | m8i.48xlarge 2 | 60000 | 7500.0 | 240000 | | m8i.96xlarge 2 | 80000 | 10000.0 | 480000 | | m8i.metal-48xl 2 | 60000 | 7500.0 | 240000 | | m8i.metal-96xl 2 | 80000 | 10000.0 | 480000 | | m8id.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | m8id.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m8id.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m8id.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8id.8xlarge 2 | 10000 | 1250.0 | 40000 | | m8id.12xlarge 2 | 15000 | 1875.0 | 60000 | | m8id.16xlarge 2 | 20000 | 2500.0 | 80000 | | m8id.24xlarge 2 | 30000 | 3750.0 | 120000 | | m8id.32xlarge 2 | 40000 | 5000.0 | 160000 | | m8id.48xlarge 2 | 60000 | 7500.0 | 240000 | | m8id.96xlarge 2 | 80000 | 10000.0 | 480000 | | m8id.metal-48xl 2 | 60000 | 7500.0 | 240000 | | m8id.metal-96xl 2 | 80000 | 10000.0 | 480000 | | m8i-flex.large 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | m8i-flex.xlarge 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | m8i-flex.2xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | m8i-flex.4xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | m8i-flex.8xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | m8i-flex.12xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | m8i-flex.16xlarge 1 | 10000 | 20000 | 1250.00 | 2500.00 | 40000 | 80000 | | mac1.metal 2 | 14000 | 1750.0 | 80000 | | mac2.metal 2 | 10000 | 1250.0 | 55000 | | mac2-m1ultra.metal 2 | 10000 | 1250.0 | 55000 | | mac2-m2.metal 2 | 8000 | 1000.0 | 55000 | | mac2-m2pro.metal 2 | 8000 | 1000.0 | 55000 | | mac-m4.metal 2 | 8000 | 1000.0 | 55000 | | mac-m4pro.metal 2 | 8000 | 1000.0 | 55000 | | mac-m4max.metal 2 | 10000 | 1250.0 | 55000 | | t3.nano 1 | 43 | 2085 | 5.38 | 260.62 | 250 | 11800 | | t3.micro 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11800 | | t3.small 1 | 174 | 2085 | 21.75 | 260.62 | 1000 | 11800 | | t3.medium 1 | 347 | 2085 | 43.38 | 260.62 | 2000 | 11800 | | t3.large 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t3.xlarge 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t3.2xlarge 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t3a.nano 1 | 45 | 2085 | 5.62 | 260.62 | 250 | 11800 | | t3a.micro 1 | 90 | 2085 | 11.25 | 260.62 | 500 | 11800 | | t3a.small 1 | 175 | 2085 | 21.88 | 260.62 | 1000 | 11800 | | t3a.medium 1 | 350 | 2085 | 43.75 | 260.62 | 2000 | 11800 | | t3a.large 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t3a.xlarge 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t3a.2xlarge 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t4g.nano 1 | 43 | 2085 | 5.38 | 260.62 | 250 | 11800 | | t4g.micro 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11800 | | t4g.small 1 | 174 | 2085 | 21.75 | 260.62 | 1000 | 11800 | | t4g.medium 1 | 347 | 2085 | 43.38 | 260.62 | 2000 | 11800 | | t4g.large 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t4g.xlarge 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | | t4g.2xlarge 1 | 695 | 2780 | 86.88 | 347.50 | 4000 | 15700 | 1 These instances can sustain the maximum performance for 30 minutes at least once every 24 hours, after which they revert to their baseline performance. 2 These instances can sustain their stated performance indefinitely. If your workload requires sustained maximum performance for longer than 30 minutes, use one of these instances. ### Compute optimized **Note** C8a, C8g, C8gd, C8i, C8id, C8i-flex instance types support configurable bandwidth weightings. With these instance types, you can optimize an instance's bandwidth for either networking performance or Amazon EBS performance. The following table shows the default Amazon EBS bandwidth performance for these instance types. For more information, see [EC2 instance bandwidth weighting configuration](configure-bandwidth-weighting.md). | Instance size | Baseline bandwidth (Mbps) | Maximum bandwidth (Mbps) | Baseline throughput (MB/s, 128 KiB I/O) | Maximum throughput (MB/s, 128 KiB I/O) | Baseline IOPS (16 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | --- | --- | --- | | c4.large 2 | 500 | 62.5 | 4000 | | c4.xlarge 2 | 750 | 93.75 | 6000 | | c4.2xlarge 2 | 1000 | 125.0 | 8000 | | c4.4xlarge 2 | 2000 | 250.0 | 16000 | | c4.8xlarge 2 | 4000 | 500.0 | 32000 | | c5.large 1 | 650 | 4750 | 81.25 | 593.75 | 4000 | 20000 | | c5.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 20000 | | c5.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 10000 | 20000 | | c5.4xlarge 2 | 4750 | 593.75 | 20000 | | c5.9xlarge 2 | 9500 | 1187.5 | 40000 | | c5.12xlarge 2 | 9500 | 1187.5 | 40000 | | c5.18xlarge 2 | 19000 | 2375.0 | 80000 | | c5.24xlarge 2 | 19000 | 2375.0 | 80000 | | c5.metal 2 | 19000 | 2375.0 | 80000 | | c5a.large 1 | 200 | 3170 | 25.00 | 396.25 | 800 | 13300 | | c5a.xlarge 1 | 400 | 3170 | 50.00 | 396.25 | 1600 | 13300 | | c5a.2xlarge 1 | 800 | 3170 | 100.00 | 396.25 | 3200 | 13300 | | c5a.4xlarge 1 | 1580 | 3170 | 197.50 | 396.25 | 6600 | 13300 | | c5a.8xlarge 2 | 3170 | 396.25 | 13300 | | c5a.12xlarge 2 | 4750 | 593.75 | 20000 | | c5a.16xlarge 2 | 6300 | 787.5 | 26700 | | c5a.24xlarge 2 | 9500 | 1187.5 | 40000 | | c5ad.large 1 | 200 | 3170 | 25.00 | 396.25 | 800 | 13300 | | c5ad.xlarge 1 | 400 | 3170 | 50.00 | 396.25 | 1600 | 13300 | | c5ad.2xlarge 1 | 800 | 3170 | 100.00 | 396.25 | 3200 | 13300 | | c5ad.4xlarge 1 | 1580 | 3170 | 197.50 | 396.25 | 6600 | 13300 | | c5ad.8xlarge 2 | 3170 | 396.25 | 13300 | | c5ad.12xlarge 2 | 4750 | 593.75 | 20000 | | c5ad.16xlarge 2 | 6300 | 787.5 | 26700 | | c5ad.24xlarge 2 | 9500 | 1187.5 | 40000 | | c5d.large 1 | 650 | 4750 | 81.25 | 593.75 | 4000 | 20000 | | c5d.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 20000 | | c5d.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 10000 | 20000 | | c5d.4xlarge 2 | 4750 | 593.75 | 20000 | | c5d.9xlarge 2 | 9500 | 1187.5 | 40000 | | c5d.12xlarge 2 | 9500 | 1187.5 | 40000 | | c5d.18xlarge 2 | 19000 | 2375.0 | 80000 | | c5d.24xlarge 2 | 19000 | 2375.0 | 80000 | | c5d.metal 2 | 19000 | 2375.0 | 80000 | | c5n.large 1 | 650 | 4750 | 81.25 | 593.75 | 4000 | 20000 | | c5n.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 20000 | | c5n.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 10000 | 20000 | | c5n.4xlarge 2 | 4750 | 593.75 | 20000 | | c5n.9xlarge 2 | 9500 | 1187.5 | 40000 | | c5n.18xlarge 2 | 19000 | 2375.0 | 80000 | | c5n.metal 2 | 19000 | 2375.0 | 80000 | | c6a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c6a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c6a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c6a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c6a.8xlarge 2 | 10000 | 1250.0 | 40000 | | c6a.12xlarge 2 | 15000 | 1875.0 | 60000 | | c6a.16xlarge 2 | 20000 | 2500.0 | 80000 | | c6a.24xlarge 2 | 30000 | 3750.0 | 120000 | | c6a.32xlarge 2 | 40000 | 5000.0 | 160000 | | c6a.48xlarge 2 | 40000 | 5000.0 | 240000 | | c6a.metal 2 | 40000 | 5000.0 | 240000 | | c6g.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | c6g.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | c6g.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | c6g.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | c6g.4xlarge 2 | 4750 | 593.75 | 20000 | | c6g.8xlarge 2 | 9500 | 1187.5 | 40000 | | c6g.12xlarge 2 | 14250 | 1781.25 | 50000 | | c6g.16xlarge 2 | 19000 | 2375.0 | 80000 | | c6g.metal 2 | 19000 | 2375.0 | 80000 | | c6gd.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | c6gd.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | c6gd.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | c6gd.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | c6gd.4xlarge 2 | 4750 | 593.75 | 20000 | | c6gd.8xlarge 2 | 9500 | 1187.5 | 40000 | | c6gd.12xlarge 2 | 14250 | 1781.25 | 50000 | | c6gd.16xlarge 2 | 19000 | 2375.0 | 80000 | | c6gd.metal 2 | 19000 | 2375.0 | 80000 | | c6gn.medium 1 | 760 | 9500 | 95.00 | 1187.50 | 2500 | 40000 | | c6gn.large 1 | 1235 | 9500 | 154.38 | 1187.50 | 5000 | 40000 | | c6gn.xlarge 1 | 2375 | 9500 | 296.88 | 1187.50 | 10000 | 40000 | | c6gn.2xlarge 1 | 4750 | 9500 | 593.75 | 1187.50 | 20000 | 40000 | | c6gn.4xlarge 2 | 9500 | 1187.5 | 40000 | | c6gn.8xlarge 2 | 19000 | 2375.0 | 80000 | | c6gn.12xlarge 2 | 28500 | 3562.5 | 120000 | | c6gn.16xlarge 2 | 38000 | 4750.0 | 160000 | | c6i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c6i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c6i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c6i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c6i.8xlarge 2 | 10000 | 1250.0 | 40000 | | c6i.12xlarge 2 | 15000 | 1875.0 | 60000 | | c6i.16xlarge 2 | 20000 | 2500.0 | 80000 | | c6i.24xlarge 2 | 30000 | 3750.0 | 120000 | | c6i.32xlarge 2 | 40000 | 5000.0 | 160000 | | c6i.metal 2 | 40000 | 5000.0 | 160000 | | c6id.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c6id.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c6id.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c6id.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c6id.8xlarge 2 | 10000 | 1250.0 | 40000 | | c6id.12xlarge 2 | 15000 | 1875.0 | 60000 | | c6id.16xlarge 2 | 20000 | 2500.0 | 80000 | | c6id.24xlarge 2 | 30000 | 3750.0 | 120000 | | c6id.32xlarge 2 | 40000 | 5000.0 | 160000 | | c6id.metal 2 | 40000 | 5000.0 | 160000 | | c6in.large 1 | 1562 | 25000 | 195.31 | 3125.00 | 6250 | 100000 | | c6in.xlarge 1 | 3125 | 25000 | 390.62 | 3125.00 | 12500 | 100000 | | c6in.2xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 25000 | 100000 | | c6in.4xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 50000 | 100000 | | c6in.8xlarge 2 | 25000 | 3125.0 | 100000 | | c6in.12xlarge 2 | 37500 | 4687.5 | 150000 | | c6in.16xlarge 2 | 50000 | 6250.0 | 200000 | | c6in.24xlarge 2 | 75000 | 9375.0 | 300000 | | c6in.32xlarge 2 | 100000 | 12500.0 | 400000 | | c6in.metal 2 | 100000 | 12500.0 | 400000 | | c7a.medium 1 | 325 | 10000 | 40.62 | 1250.00 | 2500 | 40000 | | c7a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c7a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c7a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c7a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c7a.8xlarge 2 | 10000 | 1250.0 | 40000 | | c7a.12xlarge 2 | 15000 | 1875.0 | 60000 | | c7a.16xlarge 2 | 20000 | 2500.0 | 80000 | | c7a.24xlarge 2 | 30000 | 3750.0 | 120000 | | c7a.32xlarge 2 | 40000 | 5000.0 | 160000 | | c7a.48xlarge 2 | 40000 | 5000.0 | 240000 | | c7a.metal-48xl 2 | 40000 | 5000.0 | 240000 | | c7g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | c7g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | c7g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c7g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c7g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c7g.8xlarge 2 | 10000 | 1250.0 | 40000 | | c7g.12xlarge 2 | 15000 | 1875.0 | 60000 | | c7g.16xlarge 2 | 20000 | 2500.0 | 80000 | | c7g.metal 2 | 20000 | 2500.0 | 80000 | | c7gd.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | c7gd.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | c7gd.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c7gd.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c7gd.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c7gd.8xlarge 2 | 10000 | 1250.0 | 40000 | | c7gd.12xlarge 2 | 15000 | 1875.0 | 60000 | | c7gd.16xlarge 2 | 20000 | 2500.0 | 80000 | | c7gd.metal 2 | 20000 | 2500.0 | 80000 | | c7gn.medium 1 | 521 | 10000 | 65.12 | 1250.00 | 2083 | 40000 | | c7gn.large 1 | 1042 | 10000 | 130.25 | 1250.00 | 4167 | 40000 | | c7gn.xlarge 1 | 2083 | 10000 | 260.38 | 1250.00 | 8333 | 40000 | | c7gn.2xlarge 1 | 4167 | 10000 | 520.88 | 1250.00 | 16667 | 40000 | | c7gn.4xlarge 1 | 8333 | 10000 | 1041.62 | 1250.00 | 33333 | 40000 | | c7gn.8xlarge 1 | 16667 | 20000 | 2083.38 | 2500.00 | 66667 | 80000 | | c7gn.12xlarge 1 | 25000 | 30000 | 3125.00 | 3750.00 | 100000 | 120000 | | c7gn.16xlarge 1 | 33333 | 40000 | 4166.62 | 5000.00 | 133333 | 160000 | | c7gn.metal 1 | 33333 | 40000 | 4166.62 | 5000.00 | 133333 | 160000 | | c7i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c7i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c7i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c7i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c7i.8xlarge 2 | 10000 | 1250.0 | 40000 | | c7i.12xlarge 2 | 15000 | 1875.0 | 60000 | | c7i.16xlarge 2 | 20000 | 2500.0 | 80000 | | c7i.24xlarge 2 | 30000 | 3750.0 | 120000 | | c7i.48xlarge 2 | 40000 | 5000.0 | 240000 | | c7i.metal-24xl 2 | 30000 | 3750.0 | 120000 | | c7i.metal-48xl 2 | 40000 | 5000.0 | 240000 | | c7i-flex.large 1 | 312 | 10000 | 39.06 | 1250.00 | 2500 | 40000 | | c7i-flex.xlarge 1 | 625 | 10000 | 78.12 | 1250.00 | 3600 | 40000 | | c7i-flex.2xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c7i-flex.4xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c7i-flex.8xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c7i-flex.12xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | c7i-flex.16xlarge 1 | 10000 | 20000 | 1250.00 | 2500.00 | 40000 | 80000 | | c8a.medium 1 | 325 | 10000 | 40.62 | 1250.00 | 2500 | 40000 | | c8a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c8a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c8a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c8a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8a.8xlarge 2 | 10000 | 1250.0 | 40000 | | c8a.12xlarge 2 | 15000 | 1875.0 | 60000 | | c8a.16xlarge 2 | 20000 | 2500.0 | 80000 | | c8a.24xlarge 2 | 30000 | 3750.0 | 120000 | | c8a.48xlarge 2 | 60000 | 7500.0 | 240000 | | c8a.metal-24xl 2 | 30000 | 3750.0 | 120000 | | c8a.metal-48xl 2 | 60000 | 7500.0 | 240000 | | c8g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | c8g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | c8g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c8g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c8g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8g.8xlarge 2 | 10000 | 1250.0 | 40000 | | c8g.12xlarge 2 | 15000 | 1875.0 | 60000 | | c8g.16xlarge 2 | 20000 | 2500.0 | 80000 | | c8g.24xlarge 2 | 30000 | 3750.0 | 120000 | | c8g.48xlarge 2 | 40000 | 5000.0 | 240000 | | c8g.metal-24xl 2 | 30000 | 3750.0 | 120000 | | c8g.metal-48xl 2 | 40000 | 5000.0 | 240000 | | c8gb.medium 1 | 1562 | 25000 | 195.31 | 3125.00 | 7500 | 120000 | | c8gb.large 1 | 3125 | 25000 | 390.62 | 3125.00 | 15000 | 120000 | | c8gb.xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 30000 | 120000 | | c8gb.2xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 60000 | 120000 | | c8gb.4xlarge 2 | 25000 | 3125.0 | 120000 | | c8gb.8xlarge 2 | 50000 | 6250.0 | 240000 | | c8gb.12xlarge 2 | 75000 | 9375.0 | 360000 | | c8gb.16xlarge 2 | 100000 | 12500.0 | 480000 | | c8gb.24xlarge 2 | 150000 | 18750.0 | 720000 | | c8gb.48xlarge 2 | 300000 | 37500.0 | 1440000 | | c8gb.metal-24xl 2 | 150000 | 18750.0 | 720000 | | c8gb.metal-48xl 2 | 300000 | 37500.0 | 1440000 | | c8gd.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | c8gd.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | c8gd.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c8gd.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c8gd.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8gd.8xlarge 2 | 10000 | 1250.0 | 40000 | | c8gd.12xlarge 2 | 15000 | 1875.0 | 60000 | | c8gd.16xlarge 2 | 20000 | 2500.0 | 80000 | | c8gd.24xlarge 2 | 30000 | 3750.0 | 120000 | | c8gd.48xlarge 2 | 40000 | 5000.0 | 240000 | | c8gd.metal-24xl 2 | 30000 | 3750.0 | 120000 | | c8gd.metal-48xl 2 | 40000 | 5000.0 | 240000 | | c8gn.medium 1 | 760 | 10000 | 95.00 | 1250.00 | 2500 | 40000 | | c8gn.large 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | c8gn.xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | c8gn.2xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8gn.4xlarge 2 | 10000 | 1250.0 | 40000 | | c8gn.8xlarge 2 | 20000 | 2500.0 | 80000 | | c8gn.12xlarge 2 | 30000 | 3750.0 | 120000 | | c8gn.16xlarge 2 | 40000 | 5000.0 | 160000 | | c8gn.24xlarge 2 | 60000 | 7500.0 | 240000 | | c8gn.48xlarge 2 | 120000 | 15000.0 | 480000 | | c8gn.metal-24xl 2 | 60000 | 7500.0 | 240000 | | c8gn.metal-48xl 2 | 120000 | 15000.0 | 480000 | | c8i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c8i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c8i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c8i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8i.8xlarge 2 | 10000 | 1250.0 | 40000 | | c8i.12xlarge 2 | 15000 | 1875.0 | 60000 | | c8i.16xlarge 2 | 20000 | 2500.0 | 80000 | | c8i.24xlarge 2 | 30000 | 3750.0 | 120000 | | c8i.32xlarge 2 | 40000 | 5000.0 | 160000 | | c8i.48xlarge 2 | 60000 | 7500.0 | 240000 | | c8i.96xlarge 2 | 80000 | 10000.0 | 480000 | | c8i.metal-48xl 2 | 60000 | 7500.0 | 240000 | | c8i.metal-96xl 2 | 80000 | 10000.0 | 480000 | | c8id.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | c8id.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c8id.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c8id.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8id.8xlarge 2 | 10000 | 1250.0 | 40000 | | c8id.12xlarge 2 | 15000 | 1875.0 | 60000 | | c8id.16xlarge 2 | 20000 | 2500.0 | 80000 | | c8id.24xlarge 2 | 30000 | 3750.0 | 120000 | | c8id.32xlarge 2 | 40000 | 5000.0 | 160000 | | c8id.48xlarge 2 | 60000 | 7500.0 | 240000 | | c8id.96xlarge 2 | 80000 | 10000.0 | 480000 | | c8id.metal-48xl 2 | 60000 | 7500.0 | 240000 | | c8id.metal-96xl 2 | 80000 | 10000.0 | 480000 | | c8i-flex.large 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | c8i-flex.xlarge 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | c8i-flex.2xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | c8i-flex.4xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | c8i-flex.8xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | c8i-flex.12xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | c8i-flex.16xlarge 1 | 10000 | 20000 | 1250.00 | 2500.00 | 40000 | 80000 | 1 These instances can sustain the maximum performance for 30 minutes at least once every 24 hours, after which they revert to their baseline performance. 2 These instances can sustain their stated performance indefinitely. If your workload requires sustained maximum performance for longer than 30 minutes, use one of these instances. ### Memory optimized **Note** R8a, R8g, R8gd, R8i, R8id, R8i-flex, X8g, X8aedz, X8i instance types support configurable bandwidth weightings. With these instance types, you can optimize an instance's bandwidth for either networking performance or Amazon EBS performance. The following table shows the default Amazon EBS bandwidth performance for these instance types. For more information, see [EC2 instance bandwidth weighting configuration](configure-bandwidth-weighting.md). For maximum IOPS performance with U7i instances, we recommend that you use io2 BlockExpress volumes. | Instance size | Baseline bandwidth (Mbps) | Maximum bandwidth (Mbps) | Baseline throughput (MB/s, 128 KiB I/O) | Maximum throughput (MB/s, 128 KiB I/O) | Baseline IOPS (16 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | --- | --- | --- | | r4.large 2 | 425 | 53.125 | 3000 | | r4.xlarge 2 | 850 | 106.25 | 6000 | | r4.2xlarge 2 | 1700 | 212.5 | 12000 | | r4.4xlarge 2 | 3500 | 437.5 | 18750 | | r4.8xlarge 2 | 7000 | 875.0 | 37500 | | r4.16xlarge 2 | 14000 | 1750.0 | 75000 | | r5.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | r5.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | r5.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | r5.4xlarge 2 | 4750 | 593.75 | 18750 | | r5.8xlarge 2 | 6800 | 850.0 | 30000 | | r5.12xlarge 2 | 9500 | 1187.5 | 40000 | | r5.16xlarge 2 | 13600 | 1700.0 | 60000 | | r5.24xlarge 2 | 19000 | 2375.0 | 80000 | | r5.metal 2 | 19000 | 2375.0 | 80000 | | r5a.large 1 | 650 | 2880 | 81.25 | 360.00 | 3600 | 16000 | | r5a.xlarge 1 | 1085 | 2880 | 135.62 | 360.00 | 6000 | 16000 | | r5a.2xlarge 1 | 1580 | 2880 | 197.50 | 360.00 | 8333 | 16000 | | r5a.4xlarge 2 | 2880 | 360.0 | 16000 | | r5a.8xlarge 2 | 4750 | 593.75 | 20000 | | r5a.12xlarge 2 | 6780 | 847.5 | 30000 | | r5a.16xlarge 2 | 9500 | 1187.5 | 40000 | | r5a.24xlarge 2 | 13570 | 1696.25 | 60000 | | r5ad.large 1 | 650 | 2880 | 81.25 | 360.00 | 3600 | 16000 | | r5ad.xlarge 1 | 1085 | 2880 | 135.62 | 360.00 | 6000 | 16000 | | r5ad.2xlarge 1 | 1580 | 2880 | 197.50 | 360.00 | 8333 | 16000 | | r5ad.4xlarge 2 | 2880 | 360.0 | 16000 | | r5ad.8xlarge 2 | 4750 | 593.75 | 20000 | | r5ad.12xlarge 2 | 6780 | 847.5 | 30000 | | r5ad.16xlarge 2 | 9500 | 1187.5 | 40000 | | r5ad.24xlarge 2 | 13570 | 1696.25 | 60000 | | r5b.large 1 | 1250 | 10000 | 156.25 | 1250.00 | 5417 | 43333 | | r5b.xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10833 | 43333 | | r5b.2xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 21667 | 43333 | | r5b.4xlarge 2 | 10000 | 1250.0 | 43333 | | r5b.8xlarge 2 | 20000 | 2500.0 | 86667 | | r5b.12xlarge 2 | 30000 | 3750.0 | 130000 | | r5b.16xlarge 2 | 40000 | 5000.0 | 173333 | | r5b.24xlarge 2 | 60000 | 7500.0 | 260000 | | r5b.metal 2 | 60000 | 7500.0 | 260000 | | r5d.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | r5d.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | r5d.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | r5d.4xlarge 2 | 4750 | 593.75 | 18750 | | r5d.8xlarge 2 | 6800 | 850.0 | 30000 | | r5d.12xlarge 2 | 9500 | 1187.5 | 40000 | | r5d.16xlarge 2 | 13600 | 1700.0 | 60000 | | r5d.24xlarge 2 | 19000 | 2375.0 | 80000 | | r5d.metal 2 | 19000 | 2375.0 | 80000 | | r5dn.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | r5dn.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | r5dn.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | r5dn.4xlarge 2 | 4750 | 593.75 | 18750 | | r5dn.8xlarge 2 | 6800 | 850.0 | 30000 | | r5dn.12xlarge 2 | 9500 | 1187.5 | 40000 | | r5dn.16xlarge 2 | 13600 | 1700.0 | 60000 | | r5dn.24xlarge 2 | 19000 | 2375.0 | 80000 | | r5dn.metal 2 | 19000 | 2375.0 | 80000 | | r5n.large 1 | 650 | 4750 | 81.25 | 593.75 | 3600 | 18750 | | r5n.xlarge 1 | 1150 | 4750 | 143.75 | 593.75 | 6000 | 18750 | | r5n.2xlarge 1 | 2300 | 4750 | 287.50 | 593.75 | 12000 | 18750 | | r5n.4xlarge 2 | 4750 | 593.75 | 18750 | | r5n.8xlarge 2 | 6800 | 850.0 | 30000 | | r5n.12xlarge 2 | 9500 | 1187.5 | 40000 | | r5n.16xlarge 2 | 13600 | 1700.0 | 60000 | | r5n.24xlarge 2 | 19000 | 2375.0 | 80000 | | r5n.metal 2 | 19000 | 2375.0 | 80000 | | r6a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r6a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r6a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r6a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r6a.8xlarge 2 | 10000 | 1250.0 | 40000 | | r6a.12xlarge 2 | 15000 | 1875.0 | 60000 | | r6a.16xlarge 2 | 20000 | 2500.0 | 80000 | | r6a.24xlarge 2 | 30000 | 3750.0 | 120000 | | r6a.32xlarge 2 | 40000 | 5000.0 | 160000 | | r6a.48xlarge 2 | 40000 | 5000.0 | 240000 | | r6a.metal 2 | 40000 | 5000.0 | 240000 | | r6g.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | r6g.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | r6g.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | r6g.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | r6g.4xlarge 2 | 4750 | 593.75 | 20000 | | r6g.8xlarge 2 | 9500 | 1187.5 | 40000 | | r6g.12xlarge 2 | 14250 | 1781.25 | 50000 | | r6g.16xlarge 2 | 19000 | 2375.0 | 80000 | | r6g.metal 2 | 19000 | 2375.0 | 80000 | | r6gd.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | r6gd.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | r6gd.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | r6gd.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | r6gd.4xlarge 2 | 4750 | 593.75 | 20000 | | r6gd.8xlarge 2 | 9500 | 1187.5 | 40000 | | r6gd.12xlarge 2 | 14250 | 1781.25 | 50000 | | r6gd.16xlarge 2 | 19000 | 2375.0 | 80000 | | r6gd.metal 2 | 19000 | 2375.0 | 80000 | | r6i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r6i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r6i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r6i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r6i.8xlarge 2 | 10000 | 1250.0 | 40000 | | r6i.12xlarge 2 | 15000 | 1875.0 | 60000 | | r6i.16xlarge 2 | 20000 | 2500.0 | 80000 | | r6i.24xlarge 2 | 30000 | 3750.0 | 120000 | | r6i.32xlarge 2 | 40000 | 5000.0 | 160000 | | r6i.metal 2 | 40000 | 5000.0 | 160000 | | r6id.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r6id.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r6id.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r6id.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r6id.8xlarge 2 | 10000 | 1250.0 | 40000 | | r6id.12xlarge 2 | 15000 | 1875.0 | 60000 | | r6id.16xlarge 2 | 20000 | 2500.0 | 80000 | | r6id.24xlarge 2 | 30000 | 3750.0 | 120000 | | r6id.32xlarge 2 | 40000 | 5000.0 | 160000 | | r6id.metal 2 | 40000 | 5000.0 | 160000 | | r6idn.large 1 | 1562 | 25000 | 195.31 | 3125.00 | 6250 | 100000 | | r6idn.xlarge 1 | 3125 | 25000 | 390.62 | 3125.00 | 12500 | 100000 | | r6idn.2xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 25000 | 100000 | | r6idn.4xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 50000 | 100000 | | r6idn.8xlarge 2 | 25000 | 3125.0 | 100000 | | r6idn.12xlarge 2 | 37500 | 4687.5 | 150000 | | r6idn.16xlarge 2 | 50000 | 6250.0 | 200000 | | r6idn.24xlarge 2 | 75000 | 9375.0 | 300000 | | r6idn.32xlarge 2 | 100000 | 12500.0 | 400000 | | r6idn.metal 2 | 100000 | 12500.0 | 400000 | | r6in.large 1 | 1562 | 25000 | 195.31 | 3125.00 | 6250 | 100000 | | r6in.xlarge 1 | 3125 | 25000 | 390.62 | 3125.00 | 12500 | 100000 | | r6in.2xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 25000 | 100000 | | r6in.4xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 50000 | 100000 | | r6in.8xlarge 2 | 25000 | 3125.0 | 100000 | | r6in.12xlarge 2 | 37500 | 4687.5 | 150000 | | r6in.16xlarge 2 | 50000 | 6250.0 | 200000 | | r6in.24xlarge 2 | 75000 | 9375.0 | 300000 | | r6in.32xlarge 2 | 100000 | 12500.0 | 400000 | | r6in.metal 2 | 100000 | 12500.0 | 400000 | | r7a.medium 1 | 325 | 10000 | 40.62 | 1250.00 | 2500 | 40000 | | r7a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r7a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r7a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r7a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r7a.8xlarge 2 | 10000 | 1250.0 | 40000 | | r7a.12xlarge 2 | 15000 | 1875.0 | 60000 | | r7a.16xlarge 2 | 20000 | 2500.0 | 80000 | | r7a.24xlarge 2 | 30000 | 3750.0 | 120000 | | r7a.32xlarge 2 | 40000 | 5000.0 | 160000 | | r7a.48xlarge 2 | 40000 | 5000.0 | 240000 | | r7a.metal-48xl 2 | 40000 | 5000.0 | 240000 | | r7g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | r7g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | r7g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r7g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r7g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r7g.8xlarge 2 | 10000 | 1250.0 | 40000 | | r7g.12xlarge 2 | 15000 | 1875.0 | 60000 | | r7g.16xlarge 2 | 20000 | 2500.0 | 80000 | | r7g.metal 2 | 20000 | 2500.0 | 80000 | | r7gd.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | r7gd.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | r7gd.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r7gd.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r7gd.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r7gd.8xlarge 2 | 10000 | 1250.0 | 40000 | | r7gd.12xlarge 2 | 15000 | 1875.0 | 60000 | | r7gd.16xlarge 2 | 20000 | 2500.0 | 80000 | | r7gd.metal 2 | 20000 | 2500.0 | 80000 | | r7i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r7i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r7i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r7i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r7i.8xlarge 2 | 10000 | 1250.0 | 40000 | | r7i.12xlarge 2 | 15000 | 1875.0 | 60000 | | r7i.16xlarge 2 | 20000 | 2500.0 | 80000 | | r7i.24xlarge 2 | 30000 | 3750.0 | 120000 | | r7i.48xlarge 2 | 40000 | 5000.0 | 240000 | | r7i.metal-24xl 2 | 30000 | 3750.0 | 120000 | | r7i.metal-48xl 2 | 40000 | 5000.0 | 240000 | | r7iz.large 1 | 792 | 10000 | 99.00 | 1250.00 | 3600 | 40000 | | r7iz.xlarge 1 | 1584 | 10000 | 198.00 | 1250.00 | 6667 | 40000 | | r7iz.2xlarge 1 | 3168 | 10000 | 396.00 | 1250.00 | 13333 | 40000 | | r7iz.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r7iz.8xlarge 2 | 10000 | 1250.0 | 40000 | | r7iz.12xlarge 2 | 19000 | 2375.0 | 76000 | | r7iz.16xlarge 2 | 20000 | 2500.0 | 80000 | | r7iz.32xlarge 2 | 40000 | 5000.0 | 160000 | | r7iz.metal-16xl 2 | 20000 | 2500.0 | 80000 | | r7iz.metal-32xl 2 | 40000 | 5000.0 | 160000 | | r8a.medium 1 | 325 | 10000 | 40.62 | 1250.00 | 2500 | 40000 | | r8a.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r8a.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r8a.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r8a.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8a.8xlarge 2 | 10000 | 1250.0 | 40000 | | r8a.12xlarge 2 | 15000 | 1875.0 | 60000 | | r8a.16xlarge 2 | 20000 | 2500.0 | 80000 | | r8a.24xlarge 2 | 30000 | 3750.0 | 120000 | | r8a.48xlarge 2 | 60000 | 7500.0 | 240000 | | r8a.metal-24xl 2 | 30000 | 3750.0 | 120000 | | r8a.metal-48xl 2 | 60000 | 7500.0 | 240000 | | r8g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | r8g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | r8g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r8g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r8g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8g.8xlarge 2 | 10000 | 1250.0 | 40000 | | r8g.12xlarge 2 | 15000 | 1875.0 | 60000 | | r8g.16xlarge 2 | 20000 | 2500.0 | 80000 | | r8g.24xlarge 2 | 30000 | 3750.0 | 120000 | | r8g.48xlarge 2 | 40000 | 5000.0 | 240000 | | r8g.metal-24xl 2 | 30000 | 3750.0 | 120000 | | r8g.metal-48xl 2 | 40000 | 5000.0 | 240000 | | r8gb.medium 1 | 1562 | 25000 | 195.31 | 3125.00 | 7500 | 120000 | | r8gb.large 1 | 3125 | 25000 | 390.62 | 3125.00 | 15000 | 120000 | | r8gb.xlarge 1 | 6250 | 25000 | 781.25 | 3125.00 | 30000 | 120000 | | r8gb.2xlarge 1 | 12500 | 25000 | 1562.50 | 3125.00 | 60000 | 120000 | | r8gb.4xlarge 2 | 25000 | 3125.0 | 120000 | | r8gb.8xlarge 2 | 50000 | 6250.0 | 240000 | | r8gb.12xlarge 2 | 75000 | 9375.0 | 360000 | | r8gb.16xlarge 2 | 100000 | 12500.0 | 480000 | | r8gb.24xlarge 2 | 150000 | 18750.0 | 720000 | | r8gb.48xlarge 2 | 300000 | 37500.0 | 1440000 | | r8gb.metal-24xl 2 | 150000 | 18750.0 | 720000 | | r8gb.metal-48xl 2 | 300000 | 37500.0 | 1440000 | | r8gd.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | r8gd.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | r8gd.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r8gd.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r8gd.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8gd.8xlarge 2 | 10000 | 1250.0 | 40000 | | r8gd.12xlarge 2 | 15000 | 1875.0 | 60000 | | r8gd.16xlarge 2 | 20000 | 2500.0 | 80000 | | r8gd.24xlarge 2 | 30000 | 3750.0 | 120000 | | r8gd.48xlarge 2 | 40000 | 5000.0 | 240000 | | r8gd.metal-24xl 2 | 30000 | 3750.0 | 120000 | | r8gd.metal-48xl 2 | 40000 | 5000.0 | 240000 | | r8gn.medium 1 | 760 | 10000 | 95.00 | 1250.00 | 2500 | 40000 | | r8gn.large 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | r8gn.xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | r8gn.2xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8gn.4xlarge 2 | 10000 | 1250.0 | 40000 | | r8gn.8xlarge 2 | 20000 | 2500.0 | 80000 | | r8gn.12xlarge 2 | 30000 | 3750.0 | 120000 | | r8gn.16xlarge 2 | 40000 | 5000.0 | 160000 | | r8gn.24xlarge 2 | 60000 | 7500.0 | 240000 | | r8gn.48xlarge 2 | 120000 | 15000.0 | 480000 | | r8gn.metal-24xl 2 | 60000 | 7500.0 | 240000 | | r8gn.metal-48xl 2 | 120000 | 15000.0 | 480000 | | r8i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r8i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r8i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r8i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8i.8xlarge 2 | 10000 | 1250.0 | 40000 | | r8i.12xlarge 2 | 15000 | 1875.0 | 60000 | | r8i.16xlarge 2 | 20000 | 2500.0 | 80000 | | r8i.24xlarge 2 | 30000 | 3750.0 | 120000 | | r8i.32xlarge 2 | 40000 | 5000.0 | 160000 | | r8i.48xlarge 2 | 60000 | 7500.0 | 240000 | | r8i.96xlarge 2 | 80000 | 10000.0 | 480000 | | r8i.metal-48xl 2 | 60000 | 7500.0 | 240000 | | r8i.metal-96xl 2 | 80000 | 10000.0 | 480000 | | r8id.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | r8id.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r8id.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r8id.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8id.8xlarge 2 | 10000 | 1250.0 | 40000 | | r8id.12xlarge 2 | 15000 | 1875.0 | 60000 | | r8id.16xlarge 2 | 20000 | 2500.0 | 80000 | | r8id.24xlarge 2 | 30000 | 3750.0 | 120000 | | r8id.32xlarge 2 | 40000 | 5000.0 | 160000 | | r8id.48xlarge 2 | 60000 | 7500.0 | 240000 | | r8id.96xlarge 2 | 80000 | 10000.0 | 480000 | | r8id.metal-48xl 2 | 60000 | 7500.0 | 240000 | | r8id.metal-96xl 2 | 80000 | 10000.0 | 480000 | | r8i-flex.large 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | r8i-flex.xlarge 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | r8i-flex.2xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | r8i-flex.4xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | r8i-flex.8xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | r8i-flex.12xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | r8i-flex.16xlarge 1 | 10000 | 20000 | 1250.00 | 2500.00 | 40000 | 80000 | | u-3tb1.56xlarge 2 | 19000 | 2375.0 | 80000 | | u-6tb1.56xlarge 2 | 38000 | 4750.0 | 160000 | | u-6tb1.112xlarge 2 | 38000 | 4750.0 | 160000 | | u-6tb1.metal 2 | 38000 | 4750.0 | 160000 | | u-9tb1.112xlarge 2 | 38000 | 4750.0 | 160000 | | u-9tb1.metal 2 | 38000 | 4750.0 | 160000 | | u-12tb1.112xlarge 2 | 38000 | 4750.0 | 160000 | | u-12tb1.metal 2 | 38000 | 4750.0 | 160000 | | u-18tb1.112xlarge 2 | 38000 | 4750.0 | 160000 | | u-18tb1.metal 2 | 38000 | 4750.0 | 160000 | | u-24tb1.112xlarge 2 | 38000 | 4750.0 | 160000 | | u-24tb1.metal 2 | 38000 | 4750.0 | 160000 | | u7i-6tb.112xlarge 2 | 100000 | 12500.0 | 560000 | | u7i-8tb.112xlarge 2 | 100000 | 12500.0 | 560000 | | u7i-12tb.224xlarge 2 | 100000 | 12500.0 | 560000 | | u7in-16tb.224xlarge 2 | 100000 | 12500.0 | 560000 | | u7in-24tb.224xlarge 2 | 100000 | 12500.0 | 560000 | | u7in-32tb.224xlarge 2 | 100000 | 12500.0 | 560000 | | u7inh-32tb.480xlarge 2 | 160000 | 20000.0 | 840000 | | x1.16xlarge 2 | 7000 | 875.0 | 40000 | | x1.32xlarge 2 | 14000 | 1750.0 | 80000 | | x1e.xlarge 2 | 500 | 62.5 | 3700 | | x1e.2xlarge 2 | 1000 | 125.0 | 7400 | | x1e.4xlarge 2 | 1750 | 218.75 | 10000 | | x1e.8xlarge 2 | 3500 | 437.5 | 20000 | | x1e.16xlarge 2 | 7000 | 875.0 | 40000 | | x1e.32xlarge 2 | 14000 | 1750.0 | 80000 | | x2gd.medium 1 | 315 | 4750 | 39.38 | 593.75 | 2500 | 20000 | | x2gd.large 1 | 630 | 4750 | 78.75 | 593.75 | 3600 | 20000 | | x2gd.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | x2gd.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | x2gd.4xlarge 2 | 4750 | 593.75 | 20000 | | x2gd.8xlarge 2 | 9500 | 1187.5 | 40000 | | x2gd.12xlarge 2 | 14250 | 1781.25 | 60000 | | x2gd.16xlarge 2 | 19000 | 2375.0 | 80000 | | x2gd.metal 2 | 19000 | 2375.0 | 80000 | | x2idn.16xlarge 2 | 40000 | 5000.0 | 173333 | | x2idn.24xlarge 2 | 60000 | 7500.0 | 260000 | | x2idn.32xlarge 2 | 80000 | 10000.0 | 260000 | | x2idn.metal 2 | 80000 | 10000.0 | 260000 | | x2iedn.xlarge 1 | 2500 | 20000 | 312.50 | 2500.00 | 8125 | 65000 | | x2iedn.2xlarge 1 | 5000 | 20000 | 625.00 | 2500.00 | 16250 | 65000 | | x2iedn.4xlarge 1 | 10000 | 20000 | 1250.00 | 2500.00 | 32500 | 65000 | | x2iedn.8xlarge 2 | 20000 | 2500.0 | 65000 | | x2iedn.16xlarge 2 | 40000 | 5000.0 | 130000 | | x2iedn.24xlarge 2 | 60000 | 7500.0 | 195000 | | x2iedn.32xlarge 2 | 80000 | 10000.0 | 260000 | | x2iedn.metal 2 | 80000 | 10000.0 | 260000 | | x2iezn.2xlarge 2 | 3170 | 396.25 | 13333 | | x2iezn.4xlarge 2 | 4750 | 593.75 | 20000 | | x2iezn.6xlarge 2 | 9500 | 1187.5 | 40000 | | x2iezn.8xlarge 2 | 12000 | 1500.0 | 55000 | | x2iezn.12xlarge 2 | 19000 | 2375.0 | 80000 | | x2iezn.metal 2 | 19000 | 2375.0 | 80000 | | x8g.medium 1 | 315 | 10000 | 39.38 | 1250.00 | 2500 | 40000 | | x8g.large 1 | 630 | 10000 | 78.75 | 1250.00 | 3600 | 40000 | | x8g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | x8g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | x8g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | x8g.8xlarge 2 | 10000 | 1250.0 | 40000 | | x8g.12xlarge 2 | 15000 | 1875.0 | 60000 | | x8g.16xlarge 2 | 20000 | 2500.0 | 80000 | | x8g.24xlarge 2 | 30000 | 3750.0 | 120000 | | x8g.48xlarge 2 | 40000 | 5000.0 | 240000 | | x8g.metal-24xl 2 | 30000 | 3750.0 | 120000 | | x8g.metal-48xl 2 | 40000 | 5000.0 | 240000 | | x8aedz.large 1 | 1250 | 15000 | 156.25 | 1875.00 | 5000 | 60000 | | x8aedz.xlarge 1 | 2500 | 15000 | 312.50 | 1875.00 | 10000 | 60000 | | x8aedz.3xlarge 1 | 7500 | 15000 | 937.50 | 1875.00 | 30000 | 60000 | | x8aedz.6xlarge 2 | 15000 | 1875.0 | 60000 | | x8aedz.12xlarge 2 | 30000 | 3750.0 | 120000 | | x8aedz.24xlarge 2 | 60000 | 7500.0 | 240000 | | x8aedz.metal-12xl 2 | 30000 | 3750.0 | 120000 | | x8aedz.metal-24xl 2 | 60000 | 7500.0 | 240000 | | x8i.large 1 | 650 | 10000 | 81.25 | 1250.00 | 3600 | 40000 | | x8i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | x8i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 12000 | 40000 | | x8i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | x8i.8xlarge 2 | 10000 | 1250.0 | 40000 | | x8i.12xlarge 2 | 15000 | 1875.0 | 60000 | | x8i.16xlarge 2 | 20000 | 2500.0 | 80000 | | x8i.24xlarge 2 | 30000 | 3750.0 | 120000 | | x8i.32xlarge 2 | 40000 | 5000.0 | 160000 | | x8i.48xlarge 2 | 60000 | 7500.0 | 240000 | | x8i.64xlarge 2 | 70000 | 8750.0 | 320000 | | x8i.96xlarge 2 | 80000 | 10000.0 | 480000 | | x8i.metal-48xl 2 | 60000 | 7500.0 | 240000 | | x8i.metal-96xl 2 | 80000 | 10000.0 | 480000 | | z1d.large 1 | 800 | 3170 | 100.00 | 396.25 | 3333 | 13333 | | z1d.xlarge 1 | 1580 | 3170 | 197.50 | 396.25 | 6667 | 13333 | | z1d.2xlarge 2 | 3170 | 396.25 | 13333 | | z1d.3xlarge 2 | 4750 | 593.75 | 20000 | | z1d.6xlarge 2 | 9500 | 1187.5 | 40000 | | z1d.12xlarge 2 | 19000 | 2375.0 | 80000 | | z1d.metal 2 | 19000 | 2375.0 | 80000 | 1 These instances can sustain the maximum performance for 30 minutes at least once every 24 hours, after which they revert to their baseline performance. 2 These instances can sustain their stated performance indefinitely. If your workload requires sustained maximum performance for longer than 30 minutes, use one of these instances. ### Storage optimized | Instance size | Baseline bandwidth (Mbps) | Maximum bandwidth (Mbps) | Baseline throughput (MB/s, 128 KiB I/O) | Maximum throughput (MB/s, 128 KiB I/O) | Baseline IOPS (16 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | --- | --- | --- | | d2.xlarge 2 | 750 | 93.75 | 6000 | | d2.2xlarge 2 | 1000 | 125.0 | 8000 | | d2.4xlarge 2 | 2000 | 250.0 | 16000 | | d2.8xlarge 2 | 4000 | 500.0 | 32000 | | d3.xlarge 1 | 850 | 2800 | 106.25 | 350.00 | 5000 | 15000 | | d3.2xlarge 1 | 1700 | 2800 | 212.50 | 350.00 | 10000 | 15000 | | d3.4xlarge 2 | 2800 | 350.0 | 15000 | | d3.8xlarge 2 | 5000 | 625.0 | 30000 | | d3en.xlarge 1 | 850 | 2800 | 106.25 | 350.00 | 5000 | 15000 | | d3en.2xlarge 1 | 1700 | 2800 | 212.50 | 350.00 | 10000 | 15000 | | d3en.4xlarge 2 | 2800 | 350.0 | 15000 | | d3en.6xlarge 2 | 4000 | 500.0 | 25000 | | d3en.8xlarge 2 | 5000 | 625.0 | 30000 | | d3en.12xlarge 2 | 7000 | 875.0 | 40000 | | h1.2xlarge 2 | 1750 | 218.75 | 12000 | | h1.4xlarge 2 | 3500 | 437.5 | 20000 | | h1.8xlarge 2 | 7000 | 875.0 | 40000 | | h1.16xlarge 2 | 14000 | 1750.0 | 80000 | | i3.large 2 | 425 | 53.125 | 3000 | | i3.xlarge 2 | 850 | 106.25 | 6000 | | i3.2xlarge 2 | 1700 | 212.5 | 12000 | | i3.4xlarge 2 | 3500 | 437.5 | 16000 | | i3.8xlarge 2 | 7000 | 875.0 | 32500 | | i3.16xlarge 2 | 14000 | 1750.0 | 65000 | | i3.metal 2 | 19000 | 2375.0 | 80000 | | i3en.large 1 | 576 | 4750 | 72.10 | 593.75 | 3000 | 20000 | | i3en.xlarge 1 | 1153 | 4750 | 144.20 | 593.75 | 6000 | 20000 | | i3en.2xlarge 1 | 2307 | 4750 | 288.39 | 593.75 | 12000 | 20000 | | i3en.3xlarge 1 | 3800 | 4750 | 475.00 | 593.75 | 15000 | 20000 | | i3en.6xlarge 2 | 4750 | 593.75 | 20000 | | i3en.12xlarge 2 | 9500 | 1187.5 | 40000 | | i3en.24xlarge 2 | 19000 | 2375.0 | 80000 | | i3en.metal 2 | 19000 | 2375.0 | 80000 | | i4g.large 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | i4g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | i4g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | i4g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | i4g.8xlarge 2 | 10000 | 1250.0 | 40000 | | i4g.16xlarge 2 | 20000 | 2500.0 | 80000 | | i4i.large 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | i4i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | i4i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | i4i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | i4i.8xlarge 2 | 10000 | 1250.0 | 40000 | | i4i.12xlarge 2 | 15000 | 1875.0 | 60000 | | i4i.16xlarge 2 | 20000 | 2500.0 | 80000 | | i4i.24xlarge 2 | 30000 | 3750.0 | 120000 | | i4i.32xlarge 2 | 40000 | 5000.0 | 160000 | | i4i.metal 2 | 40000 | 5000.0 | 160000 | | i7i.large 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | i7i.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | i7i.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | i7i.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | i7i.8xlarge 2 | 10000 | 1250.0 | 40000 | | i7i.12xlarge 2 | 15000 | 1875.0 | 60000 | | i7i.16xlarge 2 | 20000 | 2500.0 | 80000 | | i7i.24xlarge 2 | 30000 | 3750.0 | 120000 | | i7i.48xlarge 2 | 60000 | 7500.0 | 240000 | | i7i.metal-24xl 2 | 30000 | 3750.0 | 120000 | | i7i.metal-48xl 2 | 60000 | 7500.0 | 240000 | | i7ie.large 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | i7ie.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | i7ie.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | i7ie.3xlarge 1 | 3750 | 10000 | 468.75 | 1250.00 | 15000 | 40000 | | i7ie.6xlarge 1 | 7500 | 10000 | 937.50 | 1250.00 | 30000 | 40000 | | i7ie.12xlarge 2 | 15000 | 1875.0 | 60000 | | i7ie.18xlarge 2 | 22500 | 2812.5 | 90000 | | i7ie.24xlarge 2 | 30000 | 3750.0 | 120000 | | i7ie.48xlarge 2 | 60000 | 7500.0 | 240000 | | i7ie.metal-24xl 2 | 30000 | 3750.0 | 120000 | | i7ie.metal-48xl 2 | 60000 | 7500.0 | 240000 | | i8g.large 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | i8g.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | i8g.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | i8g.4xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | i8g.8xlarge 2 | 10000 | 1250.0 | 40000 | | i8g.12xlarge 2 | 15000 | 1875.0 | 60000 | | i8g.16xlarge 2 | 20000 | 2500.0 | 80000 | | i8g.24xlarge 2 | 30000 | 3750.0 | 120000 | | i8g.48xlarge 2 | 60000 | 7500.0 | 240000 | | i8g.metal-24xl 2 | 30000 | 3750.0 | 120000 | | i8g.metal-48xl 2 | 60000 | 7500.0 | 240000 | | i8ge.large 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | i8ge.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | i8ge.2xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | i8ge.3xlarge 1 | 3750 | 10000 | 468.75 | 1250.00 | 15000 | 40000 | | i8ge.6xlarge 1 | 7500 | 10000 | 937.50 | 1250.00 | 30000 | 40000 | | i8ge.12xlarge 2 | 15000 | 1875.0 | 60000 | | i8ge.18xlarge 2 | 22500 | 2812.5 | 90000 | | i8ge.24xlarge 2 | 30000 | 3750.0 | 120000 | | i8ge.48xlarge 2 | 60000 | 7500.0 | 240000 | | i8ge.metal-24xl 2 | 30000 | 3750.0 | 120000 | | i8ge.metal-48xl 2 | 60000 | 7500.0 | 240000 | | im4gn.large 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | im4gn.xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | im4gn.2xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | im4gn.4xlarge 2 | 10000 | 1250.0 | 40000 | | im4gn.8xlarge 2 | 20000 | 2500.0 | 80000 | | im4gn.16xlarge 2 | 40000 | 5000.0 | 160000 | | is4gen.medium 1 | 625 | 10000 | 78.12 | 1250.00 | 2500 | 40000 | | is4gen.large 1 | 1250 | 10000 | 156.25 | 1250.00 | 5000 | 40000 | | is4gen.xlarge 1 | 2500 | 10000 | 312.50 | 1250.00 | 10000 | 40000 | | is4gen.2xlarge 1 | 5000 | 10000 | 625.00 | 1250.00 | 20000 | 40000 | | is4gen.4xlarge 2 | 10000 | 1250.0 | 40000 | | is4gen.8xlarge 2 | 20000 | 2500.0 | 80000 | 1 These instances can sustain the maximum performance for 30 minutes at least once every 24 hours, after which they revert to their baseline performance. 2 These instances can sustain their stated performance indefinitely. If your workload requires sustained maximum performance for longer than 30 minutes, use one of these instances. ### Accelerated computing | Instance size | Baseline bandwidth (Mbps) | Maximum bandwidth (Mbps) | Baseline throughput (MB/s, 128 KiB I/O) | Maximum throughput (MB/s, 128 KiB I/O) | Baseline IOPS (16 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | --- | --- | --- | | dl1.24xlarge 2 | 19000 | 2375.0 | 80000 | | dl2q.24xlarge 2 | 19000 | 2375.0 | 80000 | | f1.2xlarge 2 | 1700 | 212.5 | 12000 | | f1.4xlarge 2 | 3500 | 437.5 | 44000 | | f1.16xlarge 2 | 14000 | 1750.0 | 75000 | | f2.6xlarge 2 | 7500 | 937.5 | 30000 | | f2.12xlarge 2 | 15000 | 1875.0 | 60000 | | f2.48xlarge 2 | 60000 | 7500.0 | 240000 | | g3.4xlarge 2 | 3500 | 437.5 | 20000 | | g3.8xlarge 2 | 7000 | 875.0 | 40000 | | g3.16xlarge 2 | 14000 | 1750.0 | 80000 | | g4ad.xlarge 1 | 400 | 3170 | 50.00 | 396.25 | 1700 | 13333 | | g4ad.2xlarge 1 | 800 | 3170 | 100.00 | 396.25 | 3400 | 13333 | | g4ad.4xlarge 1 | 1580 | 3170 | 197.50 | 396.25 | 6700 | 13333 | | g4ad.8xlarge 2 | 3170 | 396.25 | 13333 | | g4ad.16xlarge 2 | 6300 | 787.5 | 26667 | | g4dn.xlarge 1 | 950 | 3500 | 118.75 | 437.50 | 3000 | 20000 | | g4dn.2xlarge 1 | 1150 | 3500 | 143.75 | 437.50 | 6000 | 20000 | | g4dn.4xlarge 2 | 4750 | 593.75 | 20000 | | g4dn.8xlarge 2 | 9500 | 1187.5 | 40000 | | g4dn.12xlarge 2 | 9500 | 1187.5 | 40000 | | g4dn.16xlarge 2 | 9500 | 1187.5 | 40000 | | g4dn.metal 2 | 19000 | 2375.0 | 80000 | | g5.xlarge 1 | 700 | 3500 | 87.50 | 437.50 | 3000 | 15000 | | g5.2xlarge 1 | 850 | 3500 | 106.25 | 437.50 | 3500 | 15000 | | g5.4xlarge 2 | 4750 | 593.75 | 20000 | | g5.8xlarge 2 | 16000 | 2000.0 | 65000 | | g5.12xlarge 2 | 16000 | 2000.0 | 65000 | | g5.16xlarge 2 | 16000 | 2000.0 | 65000 | | g5.24xlarge 2 | 19000 | 2375.0 | 80000 | | g5.48xlarge 2 | 19000 | 2375.0 | 80000 | | g5g.xlarge 1 | 1188 | 4750 | 148.50 | 593.75 | 6000 | 20000 | | g5g.2xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 12000 | 20000 | | g5g.4xlarge 2 | 4750 | 593.75 | 20000 | | g5g.8xlarge 2 | 9500 | 1187.5 | 40000 | | g5g.16xlarge 2 | 19000 | 2375.0 | 80000 | | g5g.metal 2 | 19000 | 2375.0 | 80000 | | g6.xlarge 1 | 1000 | 5000 | 125.00 | 625.00 | 4000 | 20000 | | g6.2xlarge 1 | 2000 | 5000 | 250.00 | 625.00 | 8000 | 20000 | | g6.4xlarge 2 | 8000 | 1000.0 | 32000 | | g6.8xlarge 2 | 16000 | 2000.0 | 64000 | | g6.12xlarge 2 | 20000 | 2500.0 | 80000 | | g6.16xlarge 2 | 20000 | 2500.0 | 80000 | | g6.24xlarge 2 | 30000 | 3750.0 | 120000 | | g6.48xlarge 2 | 60000 | 7500.0 | 240000 | | g6e.xlarge 1 | 1000 | 5000 | 125.00 | 625.00 | 4000 | 20000 | | g6e.2xlarge 1 | 2000 | 5000 | 250.00 | 625.00 | 8000 | 20000 | | g6e.4xlarge 2 | 8000 | 1000.0 | 32000 | | g6e.8xlarge 2 | 16000 | 2000.0 | 64000 | | g6e.12xlarge 2 | 20000 | 2500.0 | 80000 | | g6e.16xlarge 2 | 20000 | 2500.0 | 80000 | | g6e.24xlarge 2 | 30000 | 3750.0 | 120000 | | g6e.48xlarge 2 | 60000 | 7500.0 | 240000 | | g6f.large 1 | 936 | 5000 | 117.00 | 625.00 | 3750 | 20000 | | g6f.xlarge 1 | 1000 | 5000 | 125.00 | 625.00 | 4000 | 20000 | | g6f.2xlarge 1 | 2000 | 5000 | 250.00 | 625.00 | 8000 | 20000 | | g6f.4xlarge 2 | 6000 | 750.0 | 24000 | | gr6.4xlarge 2 | 8000 | 1000.0 | 32000 | | gr6.8xlarge 2 | 16000 | 2000.0 | 64000 | | gr6f.4xlarge 2 | 8000 | 1000.0 | 32000 | | g7e.2xlarge 1 | 2000 | 5000 | 250.00 | 625.00 | 8000 | 20000 | | g7e.4xlarge 2 | 8000 | 1000.0 | 32000 | | g7e.8xlarge 2 | 16000 | 2000.0 | 64000 | | g7e.12xlarge 2 | 25000 | 3125.0 | 100000 | | g7e.24xlarge 2 | 50000 | 6250.0 | 200000 | | g7e.48xlarge 2 | 100000 | 12500.0 | 400000 | | inf1.xlarge 1 | 1190 | 4750 | 148.75 | 593.75 | 4000 | 20000 | | inf1.2xlarge 1 | 1190 | 4750 | 148.75 | 593.75 | 6000 | 20000 | | inf1.6xlarge 2 | 4750 | 593.75 | 20000 | | inf1.24xlarge 2 | 19000 | 2375.0 | 80000 | | inf2.xlarge 1 | 1250 | 10000 | 156.25 | 1250.00 | 6000 | 40000 | | inf2.8xlarge 2 | 10000 | 1250.0 | 40000 | | inf2.24xlarge 2 | 30000 | 3750.0 | 120000 | | inf2.48xlarge 2 | 60000 | 7500.0 | 240000 | | p3.2xlarge 2 | 1750 | 218.75 | 10000 | | p3.8xlarge 2 | 7000 | 875.0 | 40000 | | p3.16xlarge 2 | 14000 | 1750.0 | 80000 | | p3dn.24xlarge 2 | 19000 | 2375.0 | 80000 | | p4d.24xlarge 2 | 19000 | 2375.0 | 80000 | | p4de.24xlarge 2 | 19000 | 2375.0 | 80000 | | p5.4xlarge 2 | 10000 | 1250.0 | 32500 | | p5.48xlarge 2 | 80000 | 10000.0 | 260000 | | p5e.48xlarge 2 | 80000 | 10000.0 | 260000 | | p5en.48xlarge 2 | 100000 | 12500.0 | 400000 | | p6-b200.48xlarge 2 | 100000 | 12500.0 | 400000 | | p6-b300.48xlarge 2 | 100000 | 12500.0 | 400000 | | p6e-gb200.36xlarge 2 | 60000 | 7500.0 | 240000 | | trn1.2xlarge 1 | 5000 | 20000 | 625.00 | 2500.00 | 16250 | 65000 | | trn1.32xlarge 2 | 80000 | 10000.0 | 260000 | | trn1n.32xlarge 2 | 80000 | 10000.0 | 260000 | | trn2.3xlarge 2 | 5000 | 625.0 | 16250 | | trn2.48xlarge 2 | 80000 | 10000.0 | 260000 | | trn2u.48xlarge 2 | 80000 | 10000.0 | 260000 | | vt1.3xlarge 1 | 2375 | 4750 | 296.88 | 593.75 | 10000 | 20000 | | vt1.6xlarge 2 | 4750 | 593.75 | 20000 | | vt1.24xlarge 2 | 19000 | 2375.0 | 80000 | 1 These instances can sustain the maximum performance for 30 minutes at least once every 24 hours, after which they revert to their baseline performance. 2 These instances can sustain their stated performance indefinitely. If your workload requires sustained maximum performance for longer than 30 minutes, use one of these instances. ### High-performance computing | Instance size | Baseline bandwidth (Mbps) | Maximum bandwidth (Mbps) | Baseline throughput (MB/s, 128 KiB I/O) | Maximum throughput (MB/s, 128 KiB I/O) | Baseline IOPS (16 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | --- | --- | --- | | hpc6a.48xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc6id.32xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7a.12xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7a.24xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7a.48xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7a.96xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7g.4xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7g.8xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc7g.16xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | | hpc8a.96xlarge 1 | 87 | 2085 | 10.88 | 260.62 | 500 | 11000 | 1 These instances can sustain the maximum performance for 30 minutes at least once every 24 hours, after which they revert to their baseline performance. 2 These instances can sustain their stated performance indefinitely. If your workload requires sustained maximum performance for longer than 30 minutes, use one of these instances. ## EBS optimization supported The following instance types support EBS optimization but EBS optimization is not enabled by default. You must enable EBS optimization, at an [additional hourly fee](https://aws.amazon.com/ec2/previous-generation/#EBS-optimized_instances), during or after launch to achieve the level of EBS performance described. | Instance size | Maximum bandwidth (Mbps) | Maximum throughput (MB/s, 128 KiB I/O) | Maximum IOPS (16 KiB I/O) | | --- | --- | --- | --- | | c1.xlarge | 1000 | 125.0 | 8000 | | c3.xlarge | 500 | 62.5 | 4000 | | c3.2xlarge | 1000 | 125.0 | 8000 | | c3.4xlarge | 2000 | 250.0 | 16000 | | i2.xlarge | 500 | 62.5 | 4000 | | i2.2xlarge | 1000 | 125.0 | 8000 | | i2.4xlarge | 2000 | 250.0 | 16000 | | m1.large | 500 | 62.5 | 4000 | | m1.xlarge | 1000 | 125.0 | 8000 | | m2.2xlarge | 500 | 62.5 | 4000 | | m2.4xlarge | 1000 | 125.0 | 8000 | | m3.xlarge | 500 | 62.5 | 4000 | | m3.2xlarge | 1000 | 125.0 | 8000 | | r3.xlarge | 500 | 62.5 | 4000 | | r3.2xlarge | 1000 | 125.0 | 8000 | | r3.4xlarge | 2000 | 250.0 | 16000 | **Note** The `i2.8xlarge`, `c3.8xlarge`, and `r3.8xlarge` instances do not have dedicated EBS bandwidth and therefore do not offer EBS optimization. On these instances, network traffic and Amazon EBS traffic share the same 10-gigabit network interface. # Get the maximum Amazon EBS optimized performance Get maximum EBS performance An instance's EBS performance is bounded by the instance type's performance limits, or the aggregated performance of its attached volumes, whichever is smaller. To achieve maximum EBS performance, an instance must have attached volumes that provide a combined performance equal to or greater than the maximum instance performance. For example, to achieve `80,000` IOPS for `r6i.16xlarge`, the instance must have at least `5` `gp2` volumes provisioned with `16,000` IOPS each (`5` volumes x `16,000` IOPS = `80,000` IOPS), or it can have `1` `gp3` volume provisioned with `80,000` IOPS. We recommend that you choose an instance type that provides more dedicated Amazon EBS throughput than your application needs; otherwise, the connection between Amazon EBS and Amazon EC2 can become a performance bottleneck. **Important** When using configurable bandwidth weightings, the EBS bandwidth limits for your instance might change. For instances with the `VPC-1` weighting configuration, which increases networking bandwidth, you might experience lower than expected IOPS for EBS volumes due to reaching the EBS bandwidth limit before the IOPS limit. This is particularly noticeable with larger I/O sizes. Always test your specific workload to ensure it meets your performance requirements with your selected bandwidth weighting. For more information, see [EC2 instance bandwidth weighting configuration](configure-bandwidth-weighting.md). You can use the `EBSIOBalance%` and `EBSByteBalance%` metrics to help you determine whether your instances are sized correctly. You can view these metrics in the CloudWatch console and set an alarm that is triggered based on a threshold you specify. These metrics are expressed as a percentage. Instances with a consistently low balance percentage are candidates to size up. Instances where the balance percentage never drops below 100% are candidates for downsizing. For more information, see [Monitor your instances using CloudWatch](using-cloudwatch.md). The high memory instances are designed to run large in-memory databases, including production deployments of the SAP HANA in-memory database, in the cloud. To maximize EBS performance, use high memory instances with an even number of `io1` or `io2` volumes with identical provisioned performance. For example, for IOPS heavy workloads, use four `io1` or `io2` volumes with 40,000 provisioned IOPS to get the maximum 160,000 instance IOPS. Similarly, for throughput heavy workloads, use six `io1` or `io2` volumes with 48,000 provisioned IOPS to get the maximum 4,750 MB/s throughput. For additional recommendations, see [Storage Configuration for SAP HANA](https://docs.aws.amazon.com/sap/latest/sap-hana/hana-ops-storage-config.html). **Considerations** + G4dn, I3en, Inf1, M5a, M5ad, R5a, R5ad, T3, T3a, and Z1d instances launched after February 26, 2020 provide the maximum EBS optimized performance. To get the maximum performance from an instance launched before February 26, 2020, stop and start it. + C5, C5d, C5n, M5, M5d, M5n, M5dn, R5, R5d, R5n, R5dn, and P3dn instances launched after December 3, 2019 provide the maximum EBS optimized performance. To get the maximum performance from an instance launched before December 3, 2019, stop and start it. + `u-6tb1.metal`, `u-9tb1.metal`, and `u-12tb1.metal` instances launched after March 12, 2020 provide the maximum EBS optimized performance. Instances of these types launched before March 12, 2020 might provide lower performance. To get the maximum performance from an instance launched before March 12, 2020, contact your account team to upgrade the instance at no additional cost. # Find EBS-optimized EC2 instance types Find EBS-optimized instance types You can view the instances types that support EBS optimization in each Region. ------ #### [ Console ] **To find instance types that are EBS-optimized by default** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instance Types**. 1. Add the filter **EBS optimization support = default**. 1. (Optional) Click the **Preferences** icon and then turn on the relevant columns, such as **EBS Maximum IOPS** and **EBS Baseline IOPS**. 1. (Optional) Add filters to further scope to specific instance types of interest. ------ #### [ AWS CLI ] **To find instance types that are EBS-optimized by default** Use the following [ describe-instance-types](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html) command. ``` aws ec2 describe-instance-types \ --filters Name=ebs-info.ebs-optimized-support,Values=default \ --query 'InstanceTypes[].{InstanceType:InstanceType, "MaxBandwidth(Mb/s)":EbsInfo.EbsOptimizedInfo.MaximumBandwidthInMbps, MaxIOPS:EbsInfo.EbsOptimizedInfo.MaximumIops, "MaxThroughput(MB/s)":EbsInfo.EbsOptimizedInfo.MaximumThroughputInMBps}' \ --output=table ``` **To find instance types that optionally support EBS optimization** Use the following [describe-instance-types](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html) command. ``` aws ec2 describe-instance-types \ --filters Name=ebs-info.ebs-optimized-support,Values=supported \ --query 'InstanceTypes[].{InstanceType:InstanceType, "MaxBandwidth(Mb/s)":EbsInfo.EbsOptimizedInfo.MaximumBandwidthInMbps, MaxIOPS:EbsInfo.EbsOptimizedInfo.MaximumIops, "MaxThroughput(MB/s)":EbsInfo.EbsOptimizedInfo.MaximumThroughputInMBps}' \ --output=table ``` The following is example output for `eu-west-1`. ``` -------------------------------------------------------------------------- | DescribeInstanceTypes | +--------------+----------------------+----------+-----------------------+ | InstanceType | MaxBandwidth(Mb/s) | MaxIOPS | MaxThroughput(MB/s) | +--------------+----------------------+----------+-----------------------+ | i2.2xlarge | 1000 | 8000 | 125.0 | | m2.4xlarge | 1000 | 8000 | 125.0 | | m2.2xlarge | 500 | 4000 | 62.5 | | c1.xlarge | 1000 | 8000 | 125.0 | | i2.xlarge | 500 | 4000 | 62.5 | | m3.xlarge | 500 | 4000 | 62.5 | | m1.xlarge | 1000 | 8000 | 125.0 | | r3.4xlarge | 2000 | 16000 | 250.0 | | r3.2xlarge | 1000 | 8000 | 125.0 | | c3.xlarge | 500 | 4000 | 62.5 | | m3.2xlarge | 1000 | 8000 | 125.0 | | r3.xlarge | 500 | 4000 | 62.5 | | i2.4xlarge | 2000 | 16000 | 250.0 | | c3.4xlarge | 2000 | 16000 | 250.0 | | c3.2xlarge | 1000 | 8000 | 125.0 | | m1.large | 500 | 4000 | 62.5 | +--------------+----------------------+----------+-----------------------+ ``` ------ #### [ PowerShell ] **To find instance types that are EBS-optimized by default** Use the [Get-EC2InstanceType](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceType.html) cmdlet. ``` Get-EC2InstanceType ` -Filter @{Name="ebs-info.ebs-optimized-support"; Values="default"} | ` Select InstanceType, ` @{Name="MaxBandwidth(Mb/s)"; Expression={($_.EbsInfo.EbsOptimizedInfo.MaximumBandwidthInMbps)}}, ` @{Name="MaxIOPS"; Expression={($_.EbsInfo.EbsOptimizedInfo.MaximumIops)}}, ` @{Name="MaxThroughput (MB/s)"; Expression={($_.EbsInfo.EbsOptimizedInfo.MaximumThroughputInMBps)}} ``` **To find instance types that optionally support EBS optimization** Use the [Get-EC2InstanceType](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceType.html) cmdlet. ``` Get-EC2InstanceType ` -Filter @{Name="ebs-info.ebs-optimized-support"; Values="supported"} | ` Select InstanceType, ` @{Name="MaxBandwidth(Mb/s)"; Expression={($_.EbsInfo.EbsOptimizedInfo.MaximumBandwidthInMbps)}}, ` @{Name="MaxIOPS"; Expression={($_.EbsInfo.EbsOptimizedInfo.MaximumIops)}}, ` @{Name="MaxThroughput (MB/s)"; Expression={($_.EbsInfo.EbsOptimizedInfo.MaximumThroughputInMBps)}} ``` The following is example output for `eu-west-1`. ``` InstanceType MaxBandwidth(Mb/s) MaxIOPS MaxThroughput (MB/s) ------------ ------------------ ------- -------------------- m2.4xlarge 1000 8000 125.000 i2.2xlarge 1000 8000 125.000 c1.xlarge 1000 8000 125.000 m2.2xlarge 500 4000 62.500 r3.2xlarge 1000 8000 125.000 m3.xlarge 500 4000 62.500 r3.4xlarge 2000 16000 250.000 m1.xlarge 1000 8000 125.000 i2.xlarge 500 4000 62.500 c3.xlarge 500 4000 62.500 c3.4xlarge 2000 16000 250.000 c3.2xlarge 1000 8000 125.000 i2.4xlarge 2000 16000 250.000 r3.xlarge 500 4000 62.500 m3.2xlarge 1000 8000 125.000 m1.large 500 4000 62.500 ``` ------ # Enable EBS optimization for an Amazon EC2 instance Enable EBS optimization You can manually enable EBS optimization only for previous generation instances types that optionally support EBS optimization. If you enable EBS optimization for these instance types, there is an [additional hourly fee](https://aws.amazon.com/ec2/previous-generation/#EBS-optimized_instances) **Prerequisites** + Verify that the instance type requires that you enable EBS optimization. For more information, see [EBS optimization supported](ebs-optimized.md#previous). + To enable EBS optimization after launch, you must stop the instance. **Warning** When you stop an instance, the data on instance store volumes is lost. To preserve this data, back it up to persistent storage. ------ #### [ Console ] **To enable Amazon EBS optimization during launch** In the Launch instances wizard, select the required instance type. Expand the **Advanced details** section, then for **EBS-optimized instance**, select **Enable**. If the selected instance type does not support Amazon EBS optimization, the drop-down is disabled. If the instance type is Amazon EBS-optimized by default, Enable is already selected. **To enable Amazon EBS optimization after launch** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**, and select the instance. 1. Stop the instance. Choose **Actions**, **Instance state**, **Stop instance**. 1. With the instance still selected, choose **Actions**, **Instance settings**, **Change instance type**. 1. Select **EBS-optimized** and then choose **Apply**. If the instance type is Amazon EBS-optimized by default, or if it does not support Amazon EBS optimization, the checkbox is disabled. 1. Restart the instance. Choose **Instance state**, **Start instance**. ------ #### [ AWS CLI ] **To enable Amazon EBS optimization during launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command with the `--ebs-optimized` option. **To enable Amazon EBS optimization after launch** 1. If the instance is running, stop it by using the [stop-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/stop-instances.html) command. ``` aws ec2 stop-instances --instance-ids i-1234567890abcdef0 ``` 1. Enable EBS optimization by using the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command with the `--ebs-optimized` option. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --ebs-optimized ``` ------ #### [ PowerShell ] **To enable Amazon EBS optimization during launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet with the `-EbsOptimized` option. **To enable Amazon EBS optimization after launch** 1. If the instance is running, stop it by using the [Stop-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2Instance.html) cmdlet. ``` Stop-EC2Instance -InstanceId i-1234567890abcdef0 ``` 1. Enable EBS optimization by using the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet with the `-EbsOptimized` option. ``` Edit-EC2InstanceAttribute ` -InstanceId i-1234567890abcdef0 ` -EbsOptimized $true ``` ------ # CPU options for Amazon EC2 instances CPU options Many Amazon EC2 instances support simultaneous multithreading (SMT), which enables multiple threads to run concurrently on a single CPU core. Each thread is represented as a virtual CPU (vCPU) on the instance. An instance has a default number of CPU cores, which varies according to instance type. For example, an `m5.xlarge` instance type has two CPU cores and two threads per core by default—four vCPUs in total. In most cases, there is an Amazon EC2 instance type that has a combination of memory and number of vCPUs to suit your workloads. However, to optimize your instance for specific workloads or business needs, you can specify the following CPU options during and after instance launch: + **Number of CPU cores**: You can customize the number of CPU cores for the instance. You might do this to potentially optimize the licensing costs of your software with an instance that has sufficient amounts of RAM for memory-intensive workloads but fewer CPU cores. + **Threads per core**: You can disable SMT by specifying a single thread per CPU core. You might do this for certain workloads, such as high performance computing (HPC) workloads. **Considerations** + You can't modify the number of threads per core for T2, C7a, M7a, R7a, and Apple silicon Mac instances, and instances based on the AWS Graviton processor. + The [number of instances that you can run](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-quotas.html) is based on the default vCPUs for the instance types used. How we calculate the vCPUs consumed by an instance is not affected by changing its CPU options. **Pricing** There is no additional charge for specifying CPU options. For EC2 instances that are launched from license-included Windows and SQL Server AMIs, you can customize the CPU options to take advantage of the EC2 Optimize CPUs feature to pay licensing fees based on the number of vCPUs that are configured for your instance. For other EC2 instances, you're charged the same as instances that are launched with the default CPU options. **Topics** + [Rules for specifying CPU options](instance-cpu-options-rules.md) + [Supported CPU options](cpu-options-supported-instances-values.md) + [Specify CPU options](instance-specify-cpu-options.md) + [View CPU options](view-cpu-options.md) + [Optimize CPUs](optimize-cpu.md) # Rules for specifying CPU options for an Amazon EC2 instance Rules for specifying CPU options To specify the CPU options for your instance, be aware of the following rules: + You can't specify CPU options for bare metal instances. + You can specify CPU options both during and after instance launch. + To configure CPU options, you must specify both the number of CPU cores and threads per core in the request. For example requests, see [Specify CPU options for an Amazon EC2 instance](instance-specify-cpu-options.md). + The number of vCPUs for the instance is the number of CPU cores multiplied by the threads per core. To specify a custom number of vCPUs, you must specify a valid number of CPU cores and threads per core for the instance type. You cannot exceed the default number of vCPUs for the instance. For more information, see [Supported CPU options for Amazon EC2 instance types](cpu-options-supported-instances-values.md). + To disable simultaneous multithreading (SMT), also referred to as hyper-threading, specify one thread per core. + In the console, when you [change the instance type](ec2-instance-resize.md) of an existing instance, Amazon EC2 applies the CPU option settings from the existing instance to the new instance, if possible. If the new instance type doesn't support those settings, the CPU options are reset to **Use default CPU options**. This option uses the default number of vCPUs for the new instance type. To update settings for the new instance, select **Specify CPU options** under **Advanced details** in the **Change instance type** view. + The specified CPU options persist after you stop, start, or reboot an instance. + If you use Reserved Instances, discounts may not be applied when you configure Optimize CPUs for instances launched from license-included Windows AMIs in the same payer account. We recommend that you use Savings Plans to reduce vCPU-based licensing costs and provide comparable savings on your compute costs. + To save on licensing costs for instances launched from Windows and SQL Server license-included AMIs, you must configure a minimum of four vCPUs. If you configure fewer than four vCPUs, default billing is applied. + Optimize CPUs for License-Included instances is not supported on T3 instance types. # Supported CPU options for Amazon EC2 instance types Supported CPU options The following tables list the instance types that support specifying CPU options. **Topics** + [ ## General purpose instances ](#cpu-options-gen-purpose) + [ ## Compute optimized instances ](#cpu-options-compute-optimized) + [ ## Memory optimized instances ](#cpu-options-mem-optimized) + [ ## Storage optimized instances ](#cpu-options-storage-optimized) + [ ## Accelerated computing instances ](#cpu-options-accelerated) + [ ## High-performance computing instances ](#cpu-options-high-performance) ## General purpose instances | Instance type | Default vCPUs | Default CPU cores | Default threads per core | Valid CPU cores | Valid threads per core | | --- | --- | --- | --- | --- | --- | | m2.xlarge | 2 | 2 | 1 | 1, 2 | 1 | | m2.2xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m2.4xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m3.large | 2 | 1 | 2 | 1 | 1, 2 | | m3.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m3.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m4.large | 2 | 1 | 2 | 1 | 1, 2 | | m4.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m4.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m4.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m4.10xlarge | 40 | 20 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20 | 1, 2 | | m4.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5.large | 2 | 1 | 2 | 1 | 1, 2 | | m5.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | m5.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m5.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m5.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m5.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m5a.large | 2 | 1 | 2 | 1 | 1, 2 | | m5a.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | m5a.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5a.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m5a.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m5a.12xlarge | 48 | 24 | 2 | 6, 12, 18, 24 | 1, 2 | | m5a.16xlarge | 64 | 32 | 2 | 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5a.24xlarge | 96 | 48 | 2 | 12, 18, 24, 36, 48 | 1, 2 | | m5ad.large | 2 | 1 | 2 | 1 | 1, 2 | | m5ad.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | m5ad.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5ad.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m5ad.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m5ad.12xlarge | 48 | 24 | 2 | 6, 12, 18, 24 | 1, 2 | | m5ad.16xlarge | 64 | 32 | 2 | 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5ad.24xlarge | 96 | 48 | 2 | 12, 18, 24, 36, 48 | 1, 2 | | m5d.large | 2 | 1 | 2 | 1 | 1, 2 | | m5d.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | m5d.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5d.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m5d.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m5d.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m5d.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5d.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m5dn.large | 2 | 1 | 2 | 1 | 1, 2 | | m5dn.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m5dn.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5dn.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m5dn.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m5dn.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m5dn.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5dn.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m5n.large | 2 | 1 | 2 | 1 | 1, 2 | | m5n.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m5n.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5n.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m5n.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m5n.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m5n.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m5n.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m5zn.large | 2 | 1 | 2 | 1 | 1, 2 | | m5zn.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m5zn.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m5zn.3xlarge | 12 | 6 | 2 | 2, 4, 6 | 1, 2 | | m5zn.6xlarge | 24 | 12 | 2 | 2, 4, 6, 8, 10, 12 | 1, 2 | | m5zn.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m6a.large | 2 | 1 | 2 | 1 | 1, 2 | | m6a.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m6a.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m6a.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m6a.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m6a.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24 | 1, 2 | | m6a.16xlarge | 64 | 32 | 2 | 4, 6, 8, 10, 12, 14, 16, 32 | 1, 2 | | m6a.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 32, 48 | 1, 2 | | m6a.32xlarge | 128 | 64 | 2 | 8, 12, 16, 20, 24, 28, 32, 64 | 1, 2 | | m6a.48xlarge | 192 | 96 | 2 | 8, 12, 16, 20, 24, 28, 32, 64, 96 | 1, 2 | | m6g.large | 2 | 2 | 1 | 1, 2 | 1 | | m6g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m6g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m6g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m6g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m6g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m6g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m6gd.large | 2 | 2 | 1 | 1, 2 | 1 | | m6gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m6gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m6gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m6gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m6gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m6gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m6i.large | 2 | 1 | 2 | 1 | 1, 2 | | m6i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m6i.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m6i.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m6i.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m6i.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m6i.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m6i.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m6i.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | m6id.large | 2 | 1 | 2 | 1 | 1, 2 | | m6id.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m6id.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | m6id.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | m6id.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | m6id.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | m6id.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | m6id.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m6id.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | m6idn.large | 2 | 1 | 2 | 1 | 1, 2 | | m6idn.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m6idn.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m6idn.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m6idn.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m6idn.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m6idn.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | m6idn.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m6idn.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | m6in.large | 2 | 1 | 2 | 1 | 1, 2 | | m6in.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m6in.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m6in.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m6in.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m6in.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m6in.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | m6in.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m6in.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | m7a.large | 2 | 2 | 1 | 1, 2 | 1 | | m7a.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m7a.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m7a.4xlarge | 16 | 16 | 1 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1 | | m7a.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1 | | m7a.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1 | | m7a.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48, 56, 64 | 1 | | m7a.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36, 48, 60, 72, 84, 96 | 1 | | m7a.32xlarge | 128 | 128 | 1 | 4, 6, 8, 10, 12, 14, 16, 32, 48, 64, 80, 96, 112, 128 | 1 | | m7a.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 48, 72, 96, 120, 144, 168, 192 | 1 | | m7g.large | 2 | 2 | 1 | 1, 2 | 1 | | m7g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m7g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m7g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m7g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m7g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m7g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m7gd.large | 2 | 2 | 1 | 1, 2 | 1 | | m7gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m7gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m7gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m7gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m7gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m7gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m7i.large | 2 | 1 | 2 | 1 | 1, 2 | | m7i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m7i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m7i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m7i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m7i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m7i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | m7i.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1, 2 | | m7i.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | m7i-flex.large | 2 | 1 | 2 | 1 | 1, 2 | | m7i-flex.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m7i-flex.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m7i-flex.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m7i-flex.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m7i-flex.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m7i-flex.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | m8a.medium | 1 | 1 | 1 | 1 | 1 | | m8a.large | 2 | 2 | 1 | 1, 2 | 1 | | m8a.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m8a.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m8a.4xlarge | 16 | 16 | 1 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1 | | m8a.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1 | | m8a.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1 | | m8a.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48, 56, 64 | 1 | | m8a.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36, 48, 60, 72, 84, 96 | 1 | | m8a.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 48, 72, 96, 120, 144, 168, 192 | 1 | | m8azn.medium | 1 | 1 | 1 | 1 | 1 | | m8azn.large | 2 | 2 | 1 | 1, 2 | 1 | | m8azn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m8azn.3xlarge | 12 | 12 | 1 | 1, 2, 4, 6, 8, 10, 12 | 1 | | m8azn.6xlarge | 24 | 24 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24 | 1 | | m8azn.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48 | 1 | | m8azn.24xlarge | 96 | 96 | 1 | 4, 6, 8, 10, 12, 14, 16, 32, 48, 64, 80, 96 | 1 | | m8g.large | 2 | 2 | 1 | 1, 2 | 1 | | m8g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m8g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m8g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m8g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m8g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m8g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m8g.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | m8g.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | m8gb.large | 2 | 2 | 1 | 1, 2 | 1 | | m8gb.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m8gb.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m8gb.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m8gb.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m8gb.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m8gb.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m8gb.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | m8gb.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | m8gd.large | 2 | 2 | 1 | 1, 2 | 1 | | m8gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m8gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m8gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m8gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m8gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m8gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m8gd.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | m8gd.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | m8gn.large | 2 | 2 | 1 | 1, 2 | 1 | | m8gn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | m8gn.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | m8gn.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | m8gn.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | m8gn.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | m8gn.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | m8gn.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | m8gn.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | m8i.large | 2 | 1 | 2 | 1 | 1, 2 | | m8i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m8i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m8i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m8i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m8i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m8i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | m8i.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m8i.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | m8i.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | m8i.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | m8id.large | 2 | 1 | 2 | 1 | 1, 2 | | m8id.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m8id.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m8id.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m8id.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m8id.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m8id.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | m8id.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | m8id.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | m8id.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | m8id.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | m8i-flex.large | 2 | 1 | 2 | 1 | 1, 2 | | m8i-flex.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | m8i-flex.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | m8i-flex.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | m8i-flex.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | m8i-flex.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | m8i-flex.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | t3.nano | 2 | 1 | 2 | 1 | 1, 2 | | t3.micro | 2 | 1 | 2 | 1 | 1, 2 | | t3.small | 2 | 1 | 2 | 1 | 1, 2 | | t3.medium | 2 | 1 | 2 | 1 | 1, 2 | | t3.large | 2 | 1 | 2 | 1 | 1, 2 | | t3.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | t3.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | t3a.nano | 2 | 1 | 2 | 1 | 1, 2 | | t3a.micro | 2 | 1 | 2 | 1 | 1, 2 | | t3a.small | 2 | 1 | 2 | 1 | 1, 2 | | t3a.medium | 2 | 1 | 2 | 1 | 1, 2 | | t3a.large | 2 | 1 | 2 | 1 | 1, 2 | | t3a.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | t3a.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | t4g.nano | 2 | 2 | 1 | 1, 2 | 1 | | t4g.micro | 2 | 2 | 1 | 1, 2 | 1 | | t4g.small | 2 | 2 | 1 | 1, 2 | 1 | | t4g.medium | 2 | 2 | 1 | 1, 2 | 1 | | t4g.large | 2 | 2 | 1 | 1, 2 | 1 | | t4g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | t4g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | ## Compute optimized instances | Instance type | Default vCPUs | Default CPU cores | Default threads per core | Valid CPU cores | Valid threads per core | | --- | --- | --- | --- | --- | --- | | c3.large | 2 | 1 | 2 | 1 | 1, 2 | | c3.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c3.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c3.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c3.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | c4.large | 2 | 1 | 2 | 1 | 1, 2 | | c4.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c4.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c4.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c4.8xlarge | 36 | 18 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18 | 1, 2 | | c5.large | 2 | 1 | 2 | 1 | 1, 2 | | c5.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | c5.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | c5.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | c5.9xlarge | 36 | 18 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18 | 1, 2 | | c5.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | c5.18xlarge | 72 | 36 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36 | 1, 2 | | c5.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c5a.large | 2 | 1 | 2 | 1 | 1, 2 | | c5a.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c5a.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c5a.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 8 | 1, 2 | | c5a.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 8, 12, 16 | 1, 2 | | c5a.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24 | 1, 2 | | c5a.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1, 2 | | c5a.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48 | 1, 2 | | c5ad.large | 2 | 1 | 2 | 1 | 1, 2 | | c5ad.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c5ad.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c5ad.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 8 | 1, 2 | | c5ad.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 8, 12, 16 | 1, 2 | | c5ad.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24 | 1, 2 | | c5ad.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1, 2 | | c5ad.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48 | 1, 2 | | c5d.large | 2 | 1 | 2 | 1 | 1, 2 | | c5d.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | c5d.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | c5d.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | c5d.9xlarge | 36 | 18 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18 | 1, 2 | | c5d.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | c5d.18xlarge | 72 | 36 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36 | 1, 2 | | c5d.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c5n.large | 2 | 1 | 2 | 1 | 1, 2 | | c5n.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | c5n.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | c5n.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | c5n.9xlarge | 36 | 18 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18 | 1, 2 | | c5n.18xlarge | 72 | 36 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36 | 1, 2 | | c6a.large | 2 | 1 | 2 | 1 | 1, 2 | | c6a.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c6a.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c6a.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c6a.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | c6a.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24 | 1, 2 | | c6a.16xlarge | 64 | 32 | 2 | 4, 6, 8, 10, 12, 14, 16, 32 | 1, 2 | | c6a.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 32, 48 | 1, 2 | | c6a.32xlarge | 128 | 64 | 2 | 8, 12, 16, 20, 24, 28, 32, 64 | 1, 2 | | c6a.48xlarge | 192 | 96 | 2 | 8, 12, 16, 20, 24, 28, 32, 64, 96 | 1, 2 | | c6g.large | 2 | 2 | 1 | 1, 2 | 1 | | c6g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c6g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c6g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c6g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c6g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c6g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c6gd.large | 2 | 2 | 1 | 1, 2 | 1 | | c6gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c6gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c6gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c6gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c6gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c6gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c6gn.medium | 1 | 1 | 1 | 1 | 1 | | c6gn.large | 2 | 2 | 1 | 1, 2 | 1 | | c6gn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c6gn.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c6gn.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c6gn.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c6gn.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c6gn.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c6i.large | 2 | 1 | 2 | 1 | 1, 2 | | c6i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c6i.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | c6i.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | c6i.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | c6i.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | c6i.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | c6i.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c6i.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | c6id.large | 2 | 1 | 2 | 1 | 1, 2 | | c6id.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c6id.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | c6id.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | c6id.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | c6id.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | c6id.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | c6id.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c6id.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | c6in.large | 2 | 1 | 2 | 1 | 1, 2 | | c6in.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c6in.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c6in.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c6in.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | c6in.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | c6in.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | c6in.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c6in.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | c7a.large | 2 | 2 | 1 | 1, 2 | 1 | | c7a.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c7a.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c7a.4xlarge | 16 | 16 | 1 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1 | | c7a.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1 | | c7a.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1 | | c7a.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48, 56, 64 | 1 | | c7a.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36, 48, 60, 72, 84, 96 | 1 | | c7a.32xlarge | 128 | 128 | 1 | 4, 6, 8, 10, 12, 14, 16, 32, 48, 64, 80, 96, 112, 128 | 1 | | c7a.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 48, 72, 96, 120, 144, 168, 192 | 1 | | c7g.large | 2 | 2 | 1 | 1, 2 | 1 | | c7g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c7g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c7g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c7g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c7g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c7g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c7gd.large | 2 | 2 | 1 | 1, 2 | 1 | | c7gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c7gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c7gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c7gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c7gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c7gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c7gn.large | 2 | 2 | 1 | 1, 2 | 1 | | c7gn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c7gn.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c7gn.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c7gn.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c7gn.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c7gn.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c7i.large | 2 | 1 | 2 | 1 | 1, 2 | | c7i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c7i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c7i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c7i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | c7i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | c7i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | c7i.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1, 2 | | c7i.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | c7i-flex.large | 2 | 1 | 2 | 1 | 1, 2 | | c7i-flex.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c7i-flex.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c7i-flex.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c7i-flex.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | c7i-flex.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | c7i-flex.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | c8a.medium | 1 | 1 | 1 | 1 | 1 | | c8a.large | 2 | 2 | 1 | 1, 2 | 1 | | c8a.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c8a.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c8a.4xlarge | 16 | 16 | 1 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1 | | c8a.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1 | | c8a.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1 | | c8a.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48, 56, 64 | 1 | | c8a.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36, 48, 60, 72, 84, 96 | 1 | | c8a.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 48, 72, 96, 120, 144, 168, 192 | 1 | | c8g.large | 2 | 2 | 1 | 1, 2 | 1 | | c8g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c8g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c8g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c8g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c8g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c8g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c8g.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | c8g.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | c8gb.large | 2 | 2 | 1 | 1, 2 | 1 | | c8gb.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c8gb.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c8gb.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c8gb.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c8gb.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c8gb.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c8gb.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | c8gb.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | c8gd.large | 2 | 2 | 1 | 1, 2 | 1 | | c8gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c8gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c8gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c8gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c8gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c8gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c8gd.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | c8gd.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | c8gn.large | 2 | 2 | 1 | 1, 2 | 1 | | c8gn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | c8gn.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | c8gn.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | c8gn.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | c8gn.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | c8gn.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | c8gn.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | c8gn.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | c8i.large | 2 | 1 | 2 | 1 | 1, 2 | | c8i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c8i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c8i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c8i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | c8i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | c8i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | c8i.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c8i.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | c8i.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | c8i.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | c8id.large | 2 | 1 | 2 | 1 | 1, 2 | | c8id.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c8id.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c8id.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c8id.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | c8id.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | c8id.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | c8id.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | c8id.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | c8id.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | c8id.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | c8i-flex.large | 2 | 1 | 2 | 1 | 1, 2 | | c8i-flex.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | c8i-flex.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | c8i-flex.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | c8i-flex.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | c8i-flex.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | c8i-flex.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | ## Memory optimized instances | Instance type | Default vCPUs | Default CPU cores | Default threads per core | Valid CPU cores | Valid threads per core | | --- | --- | --- | --- | --- | --- | | r3.large | 2 | 1 | 2 | 1 | 1, 2 | | r3.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r3.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r3.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r3.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r4.large | 2 | 1 | 2 | 1 | 1, 2 | | r4.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r4.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r4.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r4.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r4.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5.large | 2 | 1 | 2 | 1 | 1, 2 | | r5.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | r5.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r5.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r5a.large | 2 | 1 | 2 | 1 | 1, 2 | | r5a.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | r5a.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5a.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5a.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5a.12xlarge | 48 | 24 | 2 | 6, 12, 18, 24 | 1, 2 | | r5a.16xlarge | 64 | 32 | 2 | 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5a.24xlarge | 96 | 48 | 2 | 12, 18, 24, 36, 48 | 1, 2 | | r5ad.large | 2 | 1 | 2 | 1 | 1, 2 | | r5ad.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | r5ad.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5ad.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5ad.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5ad.12xlarge | 48 | 24 | 2 | 6, 12, 18, 24 | 1, 2 | | r5ad.16xlarge | 64 | 32 | 2 | 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5ad.24xlarge | 96 | 48 | 2 | 12, 18, 24, 36, 48 | 1, 2 | | r5b.large | 2 | 1 | 2 | 1 | 1, 2 | | r5b.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r5b.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5b.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5b.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5b.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r5b.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5b.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r5d.large | 2 | 1 | 2 | 1 | 1, 2 | | r5d.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | r5d.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5d.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5d.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5d.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r5d.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5d.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r5dn.large | 2 | 1 | 2 | 1 | 1, 2 | | r5dn.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r5dn.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5dn.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5dn.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5dn.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r5dn.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5dn.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r5n.large | 2 | 1 | 2 | 1 | 1, 2 | | r5n.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r5n.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r5n.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r5n.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r5n.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r5n.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r5n.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r6a.large | 2 | 1 | 2 | 1 | 1, 2 | | r6a.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r6a.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r6a.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r6a.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r6a.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24 | 1, 2 | | r6a.16xlarge | 64 | 32 | 2 | 4, 6, 8, 10, 12, 14, 16, 32 | 1, 2 | | r6a.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 32, 48 | 1, 2 | | r6a.32xlarge | 128 | 64 | 2 | 8, 12, 16, 20, 24, 28, 32, 64 | 1, 2 | | r6a.48xlarge | 192 | 96 | 2 | 8, 12, 16, 20, 24, 28, 32, 64, 96 | 1, 2 | | r6g.large | 2 | 2 | 1 | 1, 2 | 1 | | r6g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r6g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r6g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r6g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r6g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r6g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r6gd.large | 2 | 2 | 1 | 1, 2 | 1 | | r6gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r6gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r6gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r6gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r6gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r6gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r6i.large | 2 | 1 | 2 | 1 | 1, 2 | | r6i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r6i.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r6i.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r6i.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r6i.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r6i.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r6i.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r6i.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r6id.large | 2 | 1 | 2 | 1 | 1, 2 | | r6id.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r6id.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | r6id.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | r6id.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | r6id.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | r6id.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | r6id.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r6id.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r6idn.large | 2 | 1 | 2 | 1 | 1, 2 | | r6idn.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r6idn.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r6idn.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r6idn.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r6idn.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r6idn.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | r6idn.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r6idn.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r6in.large | 2 | 1 | 2 | 1 | 1, 2 | | r6in.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r6in.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r6in.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r6in.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r6in.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r6in.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | r6in.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r6in.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r7a.large | 2 | 2 | 1 | 1, 2 | 1 | | r7a.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r7a.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r7a.4xlarge | 16 | 16 | 1 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1 | | r7a.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1 | | r7a.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1 | | r7a.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48, 56, 64 | 1 | | r7a.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36, 48, 60, 72, 84, 96 | 1 | | r7a.32xlarge | 128 | 128 | 1 | 4, 6, 8, 10, 12, 14, 16, 32, 48, 64, 80, 96, 112, 128 | 1 | | r7a.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 48, 72, 96, 120, 144, 168, 192 | 1 | | r7g.large | 2 | 2 | 1 | 1, 2 | 1 | | r7g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r7g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r7g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r7g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r7g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r7g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r7gd.large | 2 | 2 | 1 | 1, 2 | 1 | | r7gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r7gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r7gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r7gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r7gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r7gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r7i.large | 2 | 1 | 2 | 1 | 1, 2 | | r7i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r7i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r7i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r7i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r7i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r7i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | r7i.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1, 2 | | r7i.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | r7iz.large | 2 | 1 | 2 | 1 | 1, 2 | | r7iz.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r7iz.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r7iz.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r7iz.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r7iz.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r7iz.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | r7iz.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r8a.medium | 1 | 1 | 1 | 1 | 1 | | r8a.large | 2 | 2 | 1 | 1, 2 | 1 | | r8a.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r8a.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r8a.4xlarge | 16 | 16 | 1 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1 | | r8a.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1 | | r8a.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1 | | r8a.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48, 56, 64 | 1 | | r8a.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 36, 48, 60, 72, 84, 96 | 1 | | r8a.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 48, 72, 96, 120, 144, 168, 192 | 1 | | r8g.large | 2 | 2 | 1 | 1, 2 | 1 | | r8g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r8g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r8g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r8g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r8g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r8g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r8g.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | r8g.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | r8gb.large | 2 | 2 | 1 | 1, 2 | 1 | | r8gb.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r8gb.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r8gb.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r8gb.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r8gb.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r8gb.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r8gb.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | r8gb.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | r8gd.large | 2 | 2 | 1 | 1, 2 | 1 | | r8gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r8gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r8gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r8gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r8gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r8gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r8gd.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | r8gd.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | r8gn.large | 2 | 2 | 1 | 1, 2 | 1 | | r8gn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | r8gn.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | r8gn.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | r8gn.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | r8gn.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | r8gn.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | r8gn.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | r8gn.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | r8i.large | 2 | 1 | 2 | 1 | 1, 2 | | r8i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r8i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r8i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r8i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r8i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r8i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | r8i.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r8i.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r8i.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | r8i.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | r8id.large | 2 | 1 | 2 | 1 | 1, 2 | | r8id.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r8id.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r8id.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r8id.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r8id.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r8id.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | r8id.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | r8id.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | r8id.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | r8id.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | r8i-flex.large | 2 | 1 | 2 | 1 | 1, 2 | | r8i-flex.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | r8i-flex.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | r8i-flex.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | r8i-flex.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | r8i-flex.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | r8i-flex.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | u-3tb1.56xlarge | 224 | 112 | 2 | 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112 | 1, 2 | | u-6tb1.56xlarge | 224 | 224 | 1 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224 | 1 | | u-6tb1.112xlarge | 448 | 224 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224 | 1, 2 | | u-9tb1.112xlarge | 448 | 224 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224 | 1, 2 | | u-12tb1.112xlarge | 448 | 224 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224 | 1, 2 | | u-18tb1.112xlarge | 448 | 224 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224 | 1, 2 | | u-24tb1.112xlarge | 448 | 224 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224 | 1, 2 | | u7i-6tb.112xlarge | 448 | 224 | 2 | 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 148, 152, 156, 160, 164, 168, 172, 176, 180, 184, 188, 192, 196, 200, 204, 208, 212, 216, 220, 224 | 1, 2 | | u7i-8tb.112xlarge | 448 | 224 | 2 | 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 144, 148, 152, 156, 160, 164, 168, 172, 176, 180, 184, 188, 192, 196, 200, 204, 208, 212, 216, 220, 224 | 1, 2 | | u7i-12tb.224xlarge | 896 | 448 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248, 256, 264, 272, 280, 288, 296, 304, 312, 320, 328, 336, 344, 352, 360, 368, 376, 384, 392, 400, 408, 416, 424, 432, 440, 448 | 1, 2 | | u7in-16tb.224xlarge | 896 | 448 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248, 256, 264, 272, 280, 288, 296, 304, 312, 320, 328, 336, 344, 352, 360, 368, 376, 384, 392, 400, 408, 416, 424, 432, 440, 448 | 1, 2 | | u7in-24tb.224xlarge | 896 | 448 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248, 256, 264, 272, 280, 288, 296, 304, 312, 320, 328, 336, 344, 352, 360, 368, 376, 384, 392, 400, 408, 416, 424, 432, 440, 448 | 1, 2 | | u7in-32tb.224xlarge | 896 | 448 | 2 | 16, 24, 32, 40, 48, 56, 64, 72, 80, 88, 96, 104, 112, 120, 128, 136, 144, 152, 160, 168, 176, 184, 192, 200, 208, 216, 224, 232, 240, 248, 256, 264, 272, 280, 288, 296, 304, 312, 320, 328, 336, 344, 352, 360, 368, 376, 384, 392, 400, 408, 416, 424, 432, 440, 448 | 1, 2 | | u7inh-32tb.480xlarge | 1920 | 960 | 2 | 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240, 256, 272, 288, 304, 320, 336, 352, 368, 384, 400, 416, 432, 448, 464, 480, 496, 512, 528, 544, 560, 576, 592, 608, 624, 640, 656, 672, 688, 704, 720, 736, 752, 768, 784, 800, 816, 832, 848, 864, 880, 896, 912, 928, 944, 960 | 1, 2 | | x1.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | x1.32xlarge | 128 | 64 | 2 | 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64 | 1, 2 | | x1e.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | x1e.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | x1e.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | x1e.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | x1e.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | x1e.32xlarge | 128 | 64 | 2 | 4, 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64 | 1, 2 | | x2gd.large | 2 | 2 | 1 | 1, 2 | 1 | | x2gd.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | x2gd.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | x2gd.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | x2gd.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | x2gd.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | x2gd.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | x2idn.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | x2idn.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | x2idn.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | x2iedn.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | x2iedn.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | x2iedn.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | x2iedn.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | x2iedn.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | x2iedn.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | x2iedn.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | x2iezn.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | x2iezn.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | x2iezn.6xlarge | 24 | 12 | 2 | 2, 4, 6, 8, 10, 12 | 1, 2 | | x2iezn.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | x2iezn.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | x8g.large | 2 | 2 | 1 | 1, 2 | 1 | | x8g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | x8g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | x8g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | x8g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | x8g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | x8g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | x8g.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | x8g.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | x8aedz.large | 2 | 2 | 1 | 1, 2 | 1 | | x8aedz.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | x8aedz.3xlarge | 12 | 12 | 1 | 1, 2, 4, 6, 8, 10, 12 | 1 | | x8aedz.6xlarge | 24 | 24 | 1 | 1, 2, 3, 4, 8, 12, 16, 20, 24 | 1 | | x8aedz.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 16, 24, 32, 40, 48 | 1 | | x8aedz.24xlarge | 96 | 96 | 1 | 4, 6, 8, 10, 12, 14, 16, 32, 48, 64, 80, 96 | 1 | | x8i.large | 2 | 1 | 2 | 1 | 1, 2 | | x8i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | x8i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | x8i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | x8i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | x8i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | x8i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | x8i.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | x8i.32xlarge | 128 | 64 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | x8i.48xlarge | 192 | 96 | 2 | 6, 9, 12, 15, 18, 21, 24, 27, 30, 33, 36, 39, 42, 45, 48, 51, 54, 57, 60, 63, 66, 69, 72, 75, 78, 81, 84, 87, 90, 93, 96 | 1, 2 | | x8i.64xlarge | 256 | 128 | 2 | 8, 12, 16, 20, 24, 28, 32, 36, 40, 44, 48, 52, 56, 60, 64, 68, 72, 76, 80, 84, 88, 92, 96, 100, 104, 108, 112, 116, 120, 124, 128 | 1, 2 | | x8i.96xlarge | 384 | 192 | 2 | 12, 18, 24, 30, 36, 42, 48, 54, 60, 66, 72, 78, 84, 90, 96, 102, 108, 114, 120, 126, 132, 138, 144, 150, 156, 162, 168, 174, 180, 186, 192 | 1, 2 | | z1d.large | 2 | 1 | 2 | 1 | 1, 2 | | z1d.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | z1d.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | z1d.3xlarge | 12 | 6 | 2 | 2, 4, 6 | 1, 2 | | z1d.6xlarge | 24 | 12 | 2 | 2, 4, 6, 8, 10, 12 | 1, 2 | | z1d.12xlarge | 48 | 24 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | ## Storage optimized instances | Instance type | Default vCPUs | Default CPU cores | Default threads per core | Valid CPU cores | Valid threads per core | | --- | --- | --- | --- | --- | --- | | d2.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | d2.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | d2.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | d2.8xlarge | 36 | 18 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18 | 1, 2 | | d3.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | d3.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | d3.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | d3.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | d3en.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | d3en.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | d3en.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | d3en.6xlarge | 24 | 12 | 2 | 2, 4, 6, 8, 10, 12 | 1, 2 | | d3en.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | d3en.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | h1.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | h1.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | h1.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | h1.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | i2.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | i2.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | i2.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | i2.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | i3.large | 2 | 1 | 2 | 1 | 1, 2 | | i3.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | i3.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | i3.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | i3.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | i3.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | i3en.large | 2 | 1 | 2 | 1 | 1, 2 | | i3en.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | i3en.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | i3en.3xlarge | 12 | 6 | 2 | 2, 4, 6 | 1, 2 | | i3en.6xlarge | 24 | 12 | 2 | 2, 4, 6, 8, 10, 12 | 1, 2 | | i3en.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | i3en.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | i4g.large | 2 | 2 | 1 | 1, 2 | 1 | | i4g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | i4g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | i4g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | i4g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | i4g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | i4i.large | 2 | 1 | 2 | 1 | 1, 2 | | i4i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | i4i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | i4i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | i4i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | i4i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | i4i.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | i4i.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | i4i.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | i7i.large | 2 | 1 | 2 | 1 | 1, 2 | | i7i.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | i7i.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | i7i.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | i7i.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | i7i.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | i7i.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1, 2 | | i7i.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1, 2 | | i7i.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | i7ie.large | 2 | 1 | 2 | 1 | 1, 2 | | i7ie.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | i7ie.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | i7ie.3xlarge | 12 | 6 | 2 | 1, 2, 3, 4, 5, 6 | 1, 2 | | i7ie.6xlarge | 24 | 12 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 | 1, 2 | | i7ie.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | i7ie.18xlarge | 72 | 36 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36 | 1, 2 | | i7ie.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1, 2 | | i7ie.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | i8g.large | 2 | 2 | 1 | 1, 2 | 1 | | i8g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | i8g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | i8g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | i8g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | i8g.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | i8g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | i8g.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | i8g.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | i8ge.large | 2 | 2 | 1 | 1, 2 | 1 | | i8ge.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | i8ge.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | i8ge.3xlarge | 12 | 12 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 | 1 | | i8ge.6xlarge | 24 | 24 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1 | | i8ge.12xlarge | 48 | 48 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1 | | i8ge.18xlarge | 72 | 72 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72 | 1 | | i8ge.24xlarge | 96 | 96 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 | 1 | | i8ge.48xlarge | 192 | 192 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, 100, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 122, 124, 126, 128, 130, 132, 134, 136, 138, 140, 142, 144, 146, 148, 150, 152, 154, 156, 158, 160, 162, 164, 166, 168, 170, 172, 174, 176, 178, 180, 182, 184, 186, 188, 190, 192 | 1 | | im4gn.large | 2 | 2 | 1 | 1, 2 | 1 | | im4gn.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | im4gn.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | im4gn.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | im4gn.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | im4gn.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | is4gen.medium | 1 | 1 | 1 | 1 | 1 | | is4gen.large | 2 | 2 | 1 | 1, 2 | 1 | | is4gen.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | is4gen.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | is4gen.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | is4gen.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | ## Accelerated computing instances | Instance type | Default vCPUs | Default CPU cores | Default threads per core | Valid CPU cores | Valid threads per core | | --- | --- | --- | --- | --- | --- | | dl1.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | dl2q.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | f1.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | f1.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | f1.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | f2.6xlarge | 24 | 12 | 2 | 1, 2, 3, 6, 9, 12 | 1, 2 | | f2.12xlarge | 48 | 24 | 2 | 1, 2, 3, 6, 9, 12, 15, 18, 21, 24 | 1, 2 | | f2.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 24, 36, 48, 60, 72, 84, 96 | 1, 2 | | g3.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | g3.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | g3.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | g4ad.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | g4ad.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | g4ad.4xlarge | 16 | 8 | 2 | 2, 4, 8 | 1, 2 | | g4ad.8xlarge | 32 | 16 | 2 | 2, 4, 8, 16 | 1, 2 | | g4ad.16xlarge | 64 | 32 | 2 | 2, 4, 8, 16, 32 | 1, 2 | | g4dn.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | g4dn.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | g4dn.4xlarge | 16 | 8 | 2 | 2, 4, 6, 8 | 1, 2 | | g4dn.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | g4dn.12xlarge | 48 | 24 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24 | 1, 2 | | g4dn.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | g5g.xlarge | 4 | 4 | 1 | 1, 2, 3, 4 | 1 | | g5g.2xlarge | 8 | 8 | 1 | 1, 2, 3, 4, 5, 6, 7, 8 | 1 | | g5g.4xlarge | 16 | 16 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1 | | g5g.8xlarge | 32 | 32 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | 1 | | g5g.16xlarge | 64 | 64 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64 | 1 | | g6.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | g6.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | g6.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | g6.8xlarge | 32 | 16 | 2 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | g6.12xlarge | 48 | 24 | 2 | 1, 2, 3, 6, 9, 12, 15, 18, 21, 24 | 1, 2 | | g6.16xlarge | 64 | 32 | 2 | 1, 2, 3, 4, 8, 12, 16, 20, 24, 28, 32 | 1, 2 | | g6.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 12, 18, 24, 30, 36, 42, 48 | 1, 2 | | g6.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 24, 36, 48, 60, 72, 84, 96 | 1, 2 | | g6e.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | g6e.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | g6e.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | g6e.8xlarge | 32 | 16 | 2 | 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | g6e.12xlarge | 48 | 24 | 2 | 3, 6, 9, 12, 15, 18, 21, 24 | 1, 2 | | g6e.16xlarge | 64 | 32 | 2 | 4, 8, 12, 16, 20, 24, 28, 32 | 1, 2 | | g6e.24xlarge | 96 | 48 | 2 | 6, 12, 18, 24, 30, 36, 42, 48 | 1, 2 | | g6e.48xlarge | 192 | 96 | 2 | 12, 24, 36, 48, 60, 72, 84, 96 | 1, 2 | | g6f.large | 2 | 1 | 2 | 1 | 1, 2 | | g6f.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | g6f.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | g6f.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | gr6.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | gr6.8xlarge | 32 | 16 | 2 | 1, 2, 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | gr6f.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | g7e.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | g7e.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | g7e.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | g7e.12xlarge | 48 | 24 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24 | 1, 2 | | g7e.24xlarge | 96 | 48 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48 | 1, 2 | | g7e.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | inf1.xlarge | 4 | 2 | 2 | 2 | 1, 2 | | inf1.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | inf1.6xlarge | 24 | 12 | 2 | 2, 4, 6, 8, 10, 12 | 1, 2 | | inf1.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | inf2.xlarge | 4 | 2 | 2 | 1, 2 | 1, 2 | | inf2.8xlarge | 32 | 16 | 2 | 4, 6, 8, 10, 12, 14, 16 | 1, 2 | | inf2.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 32, 48 | 1, 2 | | inf2.48xlarge | 192 | 96 | 2 | 4, 8, 12, 16, 20, 24, 28, 32, 64, 96 | 1, 2 | | p3.2xlarge | 8 | 4 | 2 | 1, 2, 3, 4 | 1, 2 | | p3.8xlarge | 32 | 16 | 2 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 | 1, 2 | | p3.16xlarge | 64 | 32 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32 | 1, 2 | | p3dn.24xlarge | 96 | 48 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | p4d.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | p4de.24xlarge | 96 | 48 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48 | 1, 2 | | p5.4xlarge | 16 | 8 | 2 | 1, 2, 3, 4, 5, 6, 7, 8 | 1, 2 | | p5.48xlarge | 192 | 96 | 2 | 12, 24, 36, 48, 60, 72, 84, 96 | 1, 2 | | p5e.48xlarge | 192 | 96 | 2 | 12, 24, 36, 48, 60, 72, 84, 96 | 1, 2 | | p5en.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | p6-b200.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | p6-b300.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | p6e-gb200.36xlarge | 144 | 144 | 1 | 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144 | 1 | | trn1.2xlarge | 8 | 4 | 2 | 2, 4 | 1, 2 | | trn1.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | trn1n.32xlarge | 128 | 64 | 2 | 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1, 2 | | trn2.3xlarge | 12 | 6 | 2 | 1, 2, 3, 4, 5, 6 | 1, 2 | | trn2.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | trn2u.48xlarge | 192 | 96 | 2 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94, 96 | 1, 2 | | vt1.3xlarge | 12 | 6 | 2 | 6 | 1, 2 | | vt1.6xlarge | 24 | 12 | 2 | 6, 12 | 1, 2 | | vt1.24xlarge | 96 | 48 | 2 | 6, 12, 48 | 1, 2 | ## High-performance computing instances | Instance type | Default vCPUs | Default CPU cores | Default threads per core | Valid CPU cores | Valid threads per core | | --- | --- | --- | --- | --- | --- | | hpc6id.32xlarge | 64 | 64 | 1 | 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62, 64 | 1 | | hpc8a.96xlarge | 192 | 192 | 1 | 24, 48, 72, 96, 120, 144, 168, 192 | 1 | # Specify CPU options for an Amazon EC2 instance Specify CPU options You can specify CPU options during or after instance launch. **Topics** + [ ## Disable simultaneous multithreading ](#cpu-options-disable-simultaneous-multithreading) + [ ## Specify a custom number of vCPUs at launch ](#cpu-options-customize-vCPUs-launch) + [ ## Specify a custom number of vCPUs in a launch template ](#cpu-options-customize-vCPUs-launch-template) + [ ## Change CPU options for your EC2 instance ](#change-vCPUs-after-launch) ## Disable simultaneous multithreading To disable simultaneous multithreading (SMT), also known as hyper-threading, specify 1 thread per core. ------ #### [ Console ] **To disable SMT during instance launch** 1. Follow the [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md) procedure and configure your instance as needed. 1. Expand **Advanced details**, and select the **Specify CPU options** checkbox. 1. For **Core count**, choose the number of required CPU cores. In this example, to specify the default CPU core count for an `r5.4xlarge` instance, choose `8`. 1. To disable SMT, for **Threads per core**, choose **1**. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ------ #### [ AWS CLI ] **To disable SMT during instance launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) AWS CLI command and specify a value of `1` for `ThreadsPerCore` for the `--cpu-options` parameter. For `CoreCount`, specify the number of CPU cores. In this example, to specify the default CPU core count for an `r7i.4xlarge` instance, specify a value of `8`. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type r7i.4xlarge \ --cpu-options "CoreCount=8,ThreadsPerCore=1" \ --key-name my-key-pair ``` ------ #### [ PowerShell ] **To disable SMT during instance launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) command and specify a value of `1` for `ThreadsPerCore` for the `-CpuOptions` parameter. For `CoreCount`, specify the number of CPU cores. In this example, to specify the default CPU core count for an `r7i.4xlarge` instance, specify a value of `8`. ``` New-EC2Instance ` -ImageId 'ami-0abcdef1234567890' ` -InstanceType 'r7i.4xlarge' ` -CpuOptions @{CoreCount=8; ThreadsPerCore=1} ` -KeyName 'my-key-pair' ``` ------ **Note** To disable SMT for an existing instance, follow the process shown in [Change CPU options for your EC2 instance](#change-vCPUs-after-launch), and change the number of threads that run per core to `1`. ## Specify a custom number of vCPUs at launch You can customize the number of CPU cores and threads per core when you launch an instance from the EC2 console or AWS CLI. The examples in this section use an `r5.4xlarge` instance type, which has the following default settings: + CPU cores: 8 + Threads per core: 2 Instances launch with the maximum number of vCPUs available for the instance type by default. For this instance type, that's 16 total vCPUs (8 cores running 2 threads each). For more information about this instance type, see [Memory optimized instances](cpu-options-supported-instances-values.md#cpu-options-mem-optimized). The following example launches an `r5.4xlarge` instance with 4 vCPUs. ------ #### [ Console ] **To specify a custom number of vCPUs during instance launch** 1. Follow the [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md) procedure and configure your instance as needed. 1. Expand **Advanced details**, and select the **Specify CPU options** checkbox. 1. To get 4 vCPUs, specify 2 CPU cores and 2 threads per core, as follows: + For **Core count**, choose **2**. + For **Threads per core**, choose **2**. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ------ #### [ AWS CLI ] **To specify a custom number of vCPUs during instance launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) AWS CLI command and specify the number of CPU cores and number of threads in the `--cpu-options` parameter. You can specify 2 CPU cores and 2 threads per core to get 4 vCPUs. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type r7i.4xlarge \ --cpu-options "CoreCount=2,ThreadsPerCore=2" \ --key-name my-key-pair ``` Alternatively, specify 4 CPU cores and 1 thread per core (disable SMT) to get 4 vCPUs: ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type r7i.4xlarge \ --cpu-options "CoreCount=4,ThreadsPerCore=1" \ --key-name my-key-pair ``` ------ #### [ PowerShell ] **To specify a custom number of vCPUs during instance launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) command and specify the number of CPU cores and number of threads in the `-CpuOptions` parameter. You can specify 2 CPU cores and 2 threads per core to get 4 vCPUs. ``` New-EC2Instance ` -ImageId 'ami-0abcdef1234567890' ` -InstanceType 'r7i.4xlarge' ` -CpuOptions @{CoreCount=2; ThreadsPerCore=2} ` -KeyName 'my-key-pair' ``` Alternatively, specify 4 CPU cores and 1 thread per core (disable SMT) to get 4 vCPUs: ``` New-EC2Instance ` -ImageId 'ami-0abcdef1234567890' ` -InstanceType 'r7i.4xlarge' ` -CpuOptions @{CoreCount=4; ThreadsPerCore=1} ` -KeyName 'my-key-pair' ``` ------ ## Specify a custom number of vCPUs in a launch template You can customize the number of CPU cores and threads per core for the instance in a launch template. The examples in this section use an `r5.4xlarge` instance type, which has the following default settings: + CPU cores: 8 + Threads per core: 2 Instances launch with the maximum number of vCPUs available for the instance type by default. For this instance type, that's 16 total vCPUs (8 cores running 2 threads each). For more information about this instance type, see [Memory optimized instances](cpu-options-supported-instances-values.md#cpu-options-mem-optimized). The following example creates a launch template that specifies the configuration for an `r5.4xlarge` instance with 4 vCPUs. ------ #### [ Console ] **To specify a custom number of vCPUs in a launch template** 1. Follow the [Create a launch template by specifying parameters](create-launch-template.md#create-launch-template-define-parameters) procedure and configure your launch template as needed. 1. Expand **Advanced details**, and select the **Specify CPU options** checkbox. 1. To get 4 vCPUs, specify 2 CPU cores and 2 threads per core, as follows: + For **Core count**, choose **2**. + For **Threads per core**, choose **2**. 1. In the **Summary** panel, review your instance configuration, and then choose **Create launch template**. For more information, see [Store instance launch parameters in Amazon EC2 launch templates](ec2-launch-templates.md). ------ #### [ AWS CLI ] **To specify a custom number of vCPUs in a launch template** Use the [create-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html) AWS CLI command and specify the number of CPU cores and number of threads in the `CpuOptions` parameter. You can specify 2 CPU cores and 2 threads per core to get 4 vCPUs. ``` aws ec2 create-launch-template \ --launch-template-name TemplateForCPUOptions \ --version-description CPUOptionsVersion1 \ --launch-template-data file://template-data.json ``` The following is an example JSON file that contains the launch template data, which includes the CPU options, for the instance configuration for this example. ``` { "NetworkInterfaces": [{ "AssociatePublicIpAddress": true, "DeviceIndex": 0, "Ipv6AddressCount": 1, "SubnetId": "subnet-0abcdef1234567890" }], "ImageId": "ami-0abcdef1234567890", "InstanceType": "r5.4xlarge", "TagSpecifications": [{ "ResourceType": "instance", "Tags": [{ "Key":"Name", "Value":"webserver" }] }], "CpuOptions": { "CoreCount":2, "ThreadsPerCore":2 } } ``` Alternatively, specify 4 CPU cores and 1 thread per core (disable SMT) to get 4 vCPUs: ``` { "NetworkInterfaces": [{ "AssociatePublicIpAddress": true, "DeviceIndex": 0, "Ipv6AddressCount": 1, "SubnetId": "subnet-0abcdef1234567890" }], "ImageId": "ami-0abcdef1234567890", "InstanceType": "r5.4xlarge", "TagSpecifications": [{ "ResourceType": "instance", "Tags": [{ "Key":"Name", "Value":"webserver" }] }], "CpuOptions": { "CoreCount":4, "ThreadsPerCore":1 } } ``` ------ #### [ PowerShell ] **To specify a custom number of vCPUs in a launch template** Use the [New-EC2LaunchTemplate](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2LaunchTemplate.html). ``` New-EC2LaunchTemplate ` -LaunchTemplateName 'TemplateForCPUOptions' ` -VersionDescription 'CPUOptionsVersion1' ` -LaunchTemplateData (Get-Content -Path 'template-data.json' | ConvertFrom-Json) ``` ------ ## Change CPU options for your EC2 instance Change CPU options As your needs change over time, you might want to change the configuration of CPU options for an existing instance. Each thread that runs on your instance is known as a virtual CPU (vCPU). You can change the number of vCPUs that run for an existing instance in the Amazon EC2 console, AWS CLI, API, or SDKs. The instance state must be `Stopped` before you can make this change. To view console or command line steps, select the tab that matches your environment. For API request and response information, see [ModifyInstanceCpuOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCpuOptions.html) in the *Amazon EC2 API Reference*. ------ #### [ Console ] Follow this procedure to change the number of active vCPUs for your instance from the AWS Management Console. 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances**. This opens the list of instances that are defined for the current AWS Region. 1. Select the instance from the **Instances** list. Alternatively, you can select the instance link to open the instance detail page. 1. If the instance is running, you must stop it before you proceed. Choose **Stop instance** from the **Instance state** menu. 1. To change the vCPU configuration, choose **Change CPU options** from **Instance settings** in the **Actions** menu. This opens the **Change CPU options** page. 1. Choose one of the following CPU options to change the configuration for your instance. **Use default CPU options** This option resets your instance to the default number of vCPUs for the instance type. The default is to run all threads for all CPU cores. **Specify CPU options** This option enables configuration of the number of vCPUs that are running on your instance. 1. If you chose **Specify CPU options**, the **Active vCPUs** fields are displayed. + Use the first selector to configure the number of threads for each CPU core. To disable simultaneous multithreading, choose `1`. + Use the second selector to configure the number of CPUs that run on your instance. The following fields dynamically update as you make changes to the CPU option selectors. + **Active vCPUs**: The number of CPU cores multiplied by the threads per core, based on the selections that you made. For example, if you selected 2 threads and 4 cores, that would equal 8 vCPUs. + **Total vCPUs**: The maximum number of vCPUs for the instance type. For example, for an `m6i.4xlarge` instance type, this is 16 vCPUs (8 cores running 2 threads each). 1. To apply your updates, choose **Change**. ------ #### [ AWS CLI ] Follow this procedure to change the number of active vCPUs for your instance from the AWS CLI. Use the [modify-instance-cpu-options](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-cpu-options.html) command and specify the number of CPU cores that run in the `--core-count` parameter, and the number of threads that run per core in the `--threads-per-core` parameter. The following examples show two possible configurations on an `m6i.4xlarge` instance type to run 8 vCPUs on the specified instance. The default for this instance type is 16 vCPUs (8 cores running 2 threads each). **Example 1:** Run 4 CPU cores with 2 threads per core, for a total of 8 vCPU. ``` aws ec2 modify-instance-cpu-options \ --instance-id i-1234567890abcdef0 \ --core-count=4 \ --threads-per-core=2 ``` **Example 2:** Disable simultaneous multi-threading by changing the number of threads that run per core to `1`. The resulting configuration also runs a total of 8 vCPUs (8 CPU cores with 1 thread per core). ``` aws ec2 modify-instance-cpu-options \ --instance-id 1234567890abcdef0 \ --core-count=8 \ --threads-per-core=1 ``` ------ #### [ PowerShell ] **To change the number of active vCPUs for an instance** Use the [Edit-EC2InstanceCpuOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceCpuOption.html) cmdlet and specify the number of CPU cores that run in the `-CoreCount` parameter, and the number of threads that run per core in the `ThreadsPerCore` parameter. **Example 1:** Run 4 CPU cores with 2 threads per core, for a total of 8 vCPU. ``` Edit-EC2InstanceCpuOption ` -InstanceId 'i-1234567890abcdef0' ` -CoreCount 4 ` -ThreadsPerCore 2 ``` **Example 2:** Disable simultaneous multi-threading by changing the number of threads that run per core to `1`. The resulting configuration also runs a total of 8 vCPUs (8 CPU cores with 1 thread per core). ``` Edit-EC2InstanceCpuOption ` -InstanceId 'i-1234567890abcdef0' ` -CoreCount 8 ` -ThreadsPerCore 1 ``` ------ # View CPU threads and cores for an Amazon EC2 instance View CPU options You can view the CPU options for an existing instance by describing the instance. ------ #### [ Console ] **To view the CPU options for an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances** and select the instance. 1. On the **Details** tab, under **Host and placement group**, find **Number of vCPUs**. ------ #### [ AWS CLI ] **To view the CPU options for an instance** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. ``` aws ec2 describe-instances \ --instance-ids i-1234567890abcdef0 \ --query Reservations[].Instances[].CpuOptions ``` The following is example output. The `CoreCount` field indicates the number of cores for the instance. The `ThreadsPerCore` field indicates the number of threads per core. ``` [ { "CoreCount": 24, "ThreadsPerCore": 2 }, ] ``` ------ #### [ PowerShell ] **To view the CPU options for an instance** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance ` -InstanceId 'i-1234567890abcdef0').Instances.CpuOptions ``` The following is example output. ``` AmdSevSnp CoreCount ThreadsPerCore --------- --------- -------------- 24 2 ``` ------ Alternatively, to view CPU information, you can connect to your instance and use one of the following system tools: + Windows `Task Manager` on your Windows instance + The **lscpu** command on your Linux instance You can use AWS Config to record, assess, audit, and evaluate configuration changes for instances, including terminated instances. For more information, see [Getting Started with AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/getting-started.html) in the *AWS Config Developer Guide*. # Optimize CPUs for License-Included instances Optimize CPUs Workloads such as Microsoft SQL Server often require high levels of memory and IOPS but a low vCPU count. AWS provides a broad set of instance types that can cover most of your infrastructure needs. However, to reduce vCPU-based licensing costs for Windows and Microsoft SQL Server, you can customize the number of vCPUs running on your EC2 instance while maintaining the same memory, storage, and network specifications. This approach can save on vCPU-based licensing costs for both license-included and Bring-Your-Own-License (BYOL) workloads. You can specify CPU options when you launch or modify an instance by using the console or the Amazon EC2 API. For instructions, see [Specify CPU options for an Amazon EC2 instance](instance-specify-cpu-options.md). For more information, see this [blog post](https://aws.amazon.com/blogs/modernizing-with-aws/optimize-cpus-best-practices-for-sql-server-workloads-continued/) about best practices to optimize CPUs for SQL Server workloads. ## Supported license types Optimize CPUs supports billing based on the number of active CPUs for the following types of license configurations for instances launched from a license-included AMI. For more information about license types, see [AMI billing information fields](billing-info-fields.md). **License-included AMI instance billing** | Licenses included | Usage operation | Price per vCPU hour | | --- | --- | --- | | Windows Server | RunInstances:0002 | \$10.046 | | Windows Server with SQL Server Enterprise | RunInstances:0102 | \$10.421 | | Windows Server with SQL Server Standard | RunInstances:0006 | \$10.166 | | Windows Server with SQL Server Web | RunInstances:0202 | \$10.063 | ## Supported purchasing options Optimize CPUs supports the following purchasing options for license included instances: + On-Demand + Savings Plans **Warning** If you use Reserved Instances, discounts may not be applied when you configure Optimize CPUs for license included instances in the same payer account. We recommend that you use Savings Plans to reduce vCPU-based licensing costs and provide comparable savings on your compute costs. Accounts that used both Optimize CPUs and Reserved Instances for Windows and SQL Server on the same instance type before October 15, 2025, were added to an opt-out list to maintain their current billing experience. To take advantage of Optimize CPU license savings, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) to be removed from the opt-out list. ## How Optimize CPUs works to save on licensing fees The following examples help to illustrate the cost savings that are possible when you configure your CPU usage. **Example 1: Default billing** This example shows an r7i.8xlarge instance launched from a license-included Windows and SQL Server Enterprise AMI that ran for 100 hours with the default CPU configuration of 32 vCPUs for the instance type (3200 vCPU hours). The bill shows one line item with a combined rate that includes both usage and licensing fees. ![\[Sample bill with default billing for license-included Windows and SQL Server Enterprise instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/optimize-cpus-sample-bill-default.png) **Example 2: Optimize CPUs billing** This example shows an r7i.8xlarge instance launched from a license-included Windows and SQL Server Enterprise AMI. To save on license fees, the number of CPUs that are active was reduced to 16 vCPUs. Then the instance ran for 100 hours with the new configuration. The bill shows the following two line items. Billing description: **Elastic Compute Cloud** The first line item shows the baseline cost of the Windows and SQL Server instance that ran for 100 hours (\$1211.68). Billing description: **Amazon EC2 Optimize CPU License Included Third Party Fees** The second line item covers licensing fees based on the number of vCPUs that were active for the billing period (\$1673.60). ![\[Sample bill with Optimize CPUs billing for a license-included Windows and SQL Server Enterprise instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/optimize-cpus-sample-bill-optimized.png) **Example 3: Optimize CPUs billing with Savings Plans** This example shows an r7i.8xlarge instance launched from a license-included Windows and SQL Server Enterprise AMI. To save on license fees, the number of CPUs that are active was reduced to 16 vCPUs. Then the instance ran for 100 hours with the new configuration. A one year *No Upfront Compute Savings Plan* with a \$11.60/hour (rounded) commitment provides further cost savings that reduce the baseline cost of the Windows and SQL Server instance. The Savings Plan commitment covers the full 100 hour usage of the r7i.8xlarge instance for a Savings Plans rate of \$11.53362/hour. The bill shows the following line items. Billing description: **Savings Plans for Compute usage** The first line item shows the Savings Plan commitment for the full 100 hour usage (\$1160.00). Billing description: **Elastic Compute Cloud** The second line item contains two entries. The first entry shows what the baseline cost of the Windows and SQL Server instance that ran for 100 hours would have been without the Savings Plan (\$1211.68). The second entry shows that the full baseline cost was covered by the Compute Savings Plan (-\$1211.68), which yields a net cost of zero for this line item. Billing description: **Amazon EC2 Optimize CPU License Included Third Party Fees** The third line item covers licensing fees based on the number of vCPUs that were active for the billing period (\$1673.60). ![\[Sample bill with a Savings Plan and Optimize CPUs billing for a license-included Windows and SQL Server Enterprise instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/optimize-cpus-sample-bill-savings-plan.png) # AMD SEV-SNP for Amazon EC2 instances AMD SEV-SNP AMD Secure Encrypted Virtualization-Secure Nested Paging (AMD SEV-SNP) is a CPU feature that provides the following properties: + **Attestation** – AMD SEV-SNP enables you to retrieve a signed attestation report that contains a cryptographic measure that can be used to validate the instance’s state and identity, and that it is running on genuine AMD hardware. For more information, see [Attest an Amazon EC2 instance with AMD SEV-SNP](snp-attestation.md). + **Memory encryption** – Starting with AMD EPYC (Milan), AWS Graviton2, and Intel Xeon Scalable (Ice Lake) processors, instance memory is always encrypted. Instances that are enabled for AMD SEV-SNP use an instance-specific key for their memory encryption. **Topics** + [ ## Concepts and terminology ](#snp-concepts) + [ ## Requirements ](#snp-requirements) + [ ## Considerations ](#snp-considerations) + [ ## Pricing ](#snp-pricing) + [Find supported instance types](snp-find-instance-types.md) + [Enable AMD SEV-SNP](snp-work-launch.md) + [Attestation with AMD SEV-SNP](snp-attestation.md) ## Concepts and terminology Before you begin using AMD SEV-SNP, ensure that you are familiar with the following concepts and terminology. **AMD SEV-SNP attestation report** The AMD SEV-SNP attestation report is a document that an instance can request from the CPU. The AMD SEV-SNP attestation report can be used to validate the state and identity of an instance, and to verify that it is running in a sanctioned AMD environment. The report includes a launch measurement, which is a cryptographic hash of the initial boot state of an instance, including its initial instance memory contents and initial state of the vCPUs. The AMD SEV-SNP attestation report is signed with a VLEK signature that chains back to an AMD root of trust. **VLEK** The Versioned Loaded Endorsement Key (VLEK) is a versioned signing key that is certified by AMD and used by the AMD CPU to sign the AMD SEV-SNP attestation reports. VLEK signatures can be validated using certificates provided by AMD. **OVMF binary** The Open Virtual Machine Firmware (OVMF) is the early-boot code that is used to provide a UEFI environment for the instance. The early-boot code is run before the code in the AMI is booted. The OVMF also finds and runs the boot loader provided in the AMI. For more information, see the [OVMF repository](https://github.com/tianocore/tianocore.github.io/wiki/OVMF). ## Requirements To use AMD SEV-SNP, you must do the following: + Use one of the following supported instance types: + **General purpose**: `m6a.large` \$1 `m6a.xlarge` \$1 `m6a.2xlarge` \$1 `m6a.4xlarge` \$1 `m6a.8xlarge` + **Compute optimized**: `c6a.large` \$1 `c6a.xlarge` \$1 `c6a.2xlarge` \$1 `c6a.4xlarge` \$1 `c6a.8xlarge` \$1 `c6a.12xlarge` \$1 `c6a.16xlarge` + **Memory optimized**: `r6a.large` \$1 `r6a.xlarge` \$1 `r6a.2xlarge` \$1 `r6a.4xlarge` + Launch your instance in a supported AWS Region. Currently, only US East (Ohio) and Europe (Ireland) are supported. + Use an AMI with `uefi` or `uefi-preferred` boot mode and an operating system that supports AMD SEV-SNP. For more information about AMD SEV-SNP support on your operating system, refer to the respective operating system's documentation. For AWS, AMD SEV-SNP is supported on AL2023, RHEL 9.3, SLES 15 SP4, and Ubuntu 23.04 and later. ## Considerations You can only enable AMD SEV-SNP when you launch an instance. When AMD SEV-SNP is enabled for your instance launch, the following rules apply. + After it is enabled, AMD SEV-SNP can't be disabled. It remains enabled throughout the instance lifecycle. + You can only [change the instance type](ec2-instance-resize.md) to another instance type that supports AMD SEV-SNP. + Hibernation and Nitro Enclaves aren't supported. + Dedicated Hosts aren't supported. + If the underlying host for your instance is scheduled for maintenance, you'll receive a scheduled event notification 14 days before the event. You must manually stop or restart your instance to move it to a new host. ## Pricing When you launch an Amazon EC2 instance with AMD SEV-SNP enabled, you are charged an additional hourly usage fee that is equivalent to 10 percent of the [On-Demand hourly rate](https://aws.amazon.com/ec2/pricing/on-demand/) of the selected instance type. This AMD SEV-SNP usage fee is a separate charge to your Amazon EC2 instance usage. Reserved Instances, Savings Plans, and operating system usage don't impact this fee. If you configure a Spot Instance to launch with [AMD SEV-SNP](#sev-snp) enabled, you are charged an additional hourly usage fee that is equivalent to 10 percent of the [On-Demand hourly rate](https://aws.amazon.com/ec2/pricing/on-demand/) of the selected instance type. If the allocation strategy uses price as an input, Spot Fleet does not include this additional fee; only the Spot price is used. # Find EC2 instance types that support AMD SEV-SNP Find supported instance types You can find instance types that support AMD SEV-SNP. The Amazon EC2 console does not display this information for an instance type. ------ #### [ AWS CLI ] **To find the instance types that support AMD SEV-SNP** Use the following [https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html) command. ``` aws ec2 describe-instance-types \ --filters Name=processor-info.supported-features,Values=amd-sev-snp \ --query 'InstanceTypes[*].[InstanceType]' \ --output text | sort ``` The following is example output. ``` c6a.12xlarge c6a.16xlarge c6a.2xlarge c6a.4xlarge c6a.8xlarge c6a.large c6a.xlarge m6a.2xlarge m6a.4xlarge m6a.8xlarge m6a.large m6a.xlarge r6a.2xlarge r6a.4xlarge r6a.large r6a.xlarge ``` ------ #### [ PowerShell ] **To find the instance types that support AMD SEV-SNP** Use the [Get-EC2InstanceType](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceType.html) cmdlet. ``` (Get-EC2InstanceType ` -Filter @{Name="processor-info.supported-features"; Values="amd-sev-snp"}).InstanceType.Value | Sort-Object ``` The following is example output. ``` c6a.12xlarge c6a.16xlarge c6a.2xlarge c6a.4xlarge c6a.8xlarge c6a.large c6a.xlarge m6a.2xlarge m6a.4xlarge m6a.8xlarge m6a.large m6a.xlarge r6a.2xlarge r6a.4xlarge r6a.large r6a.xlarge ``` ------ # Enable AMD SEV-SNP for an EC2 instance Enable AMD SEV-SNP You can launch an instance with AMD SEV-SNP enabled. You can't enable AMD SEV-SNP after launch. ## Launch an instance with AMD SEV-SNP enabled You can't enable AMD SEV-SNP using the Amazon EC2 console. ------ #### [ AWS CLI ] **To launch an instance with AMD SEV-SNP enabled** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command with the `--cpu-options` option. For additional requirements, see [AMD SEV-SNP requirements](sev-snp.md#snp-requirements). ``` --cpu-options AmdSevSnp=enabled ``` ------ #### [ PowerShell ] **To launch an instance with AMD SEV-SNP enabled** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet with the `-CpuOption` parameter. ``` -CpuOption @{AmdSevSnp="enabled"} ``` ------ ## Check if an EC2 instance is enabled for AMD SEV-SNP You can find instances that are enabled for AMD SEV-SNP. The Amazon EC2 console does not display this information. ------ #### [ AWS CLI ] **To check whether AMD SEV-SNP is enabled for an instance** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. ``` aws ec2 describe-instances \ --instance-ids i-1234567890abcdef0 \ --query Reservations[].Instances[].CpuOptions ``` The following is example output. If `AmdSevSnp` is not present in `CpuOptions`, then AMD SEV-SNP is disabled. ``` [ { "AmdSevSnp": "enabled", "CoreCount": 1, "ThreadsPerCore": 2 } ] ``` ------ #### [ PowerShell ] **To check whether AMD SEV-SNP is enabled for an instance** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance ` -InstanceId i-1234567890abcdef0).Instances.CpuOptions ``` The following is example output. If the value of `AmdSevSnp` is not present, then AMD SEV-SNP is disabled. ``` AmdSevSnp CoreCount ThreadsPerCore --------- --------- -------------- enabled 1 2 ``` ------ #### [ AWS CloudTrail ] In the AWS CloudTrail event for the instance launch request, the following property indicates that AMD SEV-SNP is enabled for the instance. ``` "cpuOptions": {"AmdSevSnp": "enabled"} ``` ------ # Attest an Amazon EC2 instance with AMD SEV-SNP Attestation with AMD SEV-SNP Attestation is a process that allows your instance to prove its state and identity. After you enable AMD SEV-SNP for your instance, you can request an AMD SEV-SNP attestation report from the underlying processor. The AMD SEV-SNP attestation report contains a cryptographic hash, called the launch measurement, of the initial guest memory contents and initial vCPU state. The attestation report is signed with a VLEK signature that chains back to an AMD root of trust. You can use the launch measurement included in the attestation report to validate that the instance is running in a genuine AMD environment and to validate the initial boot code that was used to launch the instance. **Prerequisite** Launch an instance that is enabled for AMD SEV-SNP. For more information, see [Enable AMD SEV-SNP for an EC2 instance](snp-work-launch.md). **Topics** + [ ## Step 1: Get the attestation report ](#snp-att-get-report) + [ ## Step 2: Validate the attestation report signature ](#snp-att-validate-signature) ## Step 1: Get the attestation report In this step, you install and build the `snpguest` utility, and then use it to request the AMD SEV-SNP attestation report and certificates. 1. Connect to your instance. 1. Run the following commands to build the `snpguest` utility from the [https://github.com/virtee/snpguest](https://github.com/virtee/snpguest). ``` $ git clone https://github.com/virtee/snpguest.git $ cd snpguest $ cargo build -r $ cd target/release ``` 1. Generate a request for the attestation report. The utility requests the attestation report from the host, and writes it to a binary file with the provided request data. The following example creates a random request string, and uses it as the request file (`request-file.txt`). When the command returns the attestation report it's stored in the file path that you specify (`report.bin`). In this case, the utility stores the report in the current directory. ``` $ ./snpguest report report.bin request-file.txt --random ``` 1. Request the certificates from host memory, and store them as PEM files. The following example stores the files in the same directory as the `snpguest` utility. If certificates already exist in the specified directory, those certificates are overwritten. ``` $ ./snpguest certificates PEM ./ ``` ## Step 2: Validate the attestation report signature The attestation report is signed with a certificate, called the Versioned Loaded Endorsement Key (VLEK), which is issued by AMD for AWS. In this step, you can validate that the VLEK certificate is issued by AMD, and that the attestation report is signed by that VLEK certificate. 1. Download the VLEK root of trust certificates from the official AMD website to the current directory. ``` $ sudo curl --proto '=https' --tlsv1.2 -sSf https://kdsintf.amd.com/vlek/v1/Milan/cert_chain -o ./cert_chain.pem ``` 1. Use `openssl` to validate that the VLEK certificate is signed by the AMD root of trust certificates. ``` $ sudo openssl verify --CAfile ./cert_chain.pem vlek.pem ``` The following is example output. ``` vlek.pem: OK ``` 1. Use the `snpguest` utility to validate that the attestation report is signed by the VLEK certificate. ``` $ ./snpguest verify attestation ./ report.bin ``` The following is example output. ``` Reported TCB Boot Loader from certificate matches the attestation report. Reported TCB TEE from certificate matches the attestation report. Reported TCB SNP from certificate matches the attestation report. Reported TCB Microcode from certificate matches the attestation report. VEK signed the Attestation Report! ``` # Processor state control for Amazon EC2 Linux instances Processor state control **C-states** control the sleep levels that a core can enter when it is idle. C-states are numbered starting with C0 (the shallowest state where the core is totally awake and executing instructions) and go to C6 (the deepest idle state where a core is powered off). **P-states** control the desired performance (in CPU frequency) from a core. P-states are numbered starting from P0 (the highest performance setting where the core is allowed to use Intel Turbo Boost Technology to increase frequency if possible), and they go from P1 (the P-state that requests the maximum baseline frequency) to P15 (the lowest possible frequency). **Note** AWS Graviton processors have built-in power saving modes and operate at a fixed frequency. Therefore, they do not provide the ability for the operating system to control C-states and P-states. **C-states and P-states** The following instance types provide the ability for an operating system to control C-states and P-states: + **General purpose**: `m4.10xlarge` \$1 `m4.16xlarge` + **Compute optimized**: `c4.8xlarge` + **Memory optimized**: `r4.8xlarge` \$1 `r4.16xlarge` \$1 `x1.16xlarge` \$1 `x1.32xlarge` \$1 `x1e.8xlarge` \$1 `x1e.16xlarge` \$1 `x1e.32xlarge` + **Storage optimized**: `d2.8xlarge` \$1 `i3.8xlarge` \$1 `i3.16xlarge` \$1 `h1.8xlarge` \$1 `h1.16xlarge` + **Accelerated computing**: `f1.16xlarge` \$1 `g3.16xlarge` \$1 `p2.16xlarge` \$1 `p3.16xlarge` + **Bare metal**: All bare metal instances with Intel and AMD processors **C-states only** The following instance types provide the ability for an operating system to control C-states: + **General purpose**: `m5.12xlarge` \$1 `m5.24xlarge` \$1 `m5d.12xlarge` \$1 `m5d.24xlarge` \$1 `m5n.12xlarge` \$1 `m5n.24xlarge` \$1 `m5dn.12xlarge` \$1 `m5dn.24xlarge` \$1 `m5zn.6xlarge` \$1 `m5zn.12xlarge` \$1 `m6a.24xlarge` \$1 `m6a.48xlarge` \$1 `m6i.16xlarge` \$1 `m6i.32xlarge` \$1 `m6id.16xlarge` \$1 `m6id.32xlarge` \$1 `m6idn.16xlarge` \$1 `m6in.16xlarge` \$1 `m6in.32xlarge` \$1 `m7a.medium` \$1 `m7a.large` \$1 `m7a.xlarge` \$1 `m7a.2xlarge` \$1 `m7a.4xlarge` \$1 `m7a.8xlarge` \$1 `m7a.12xlarge` \$1 `m7a.16xlarge` \$1 `m7a.24xlarge` \$1 `m7a.32xlarge` \$1 `m7a.48xlarge` \$1 `m7i.large` \$1 `m7i.xlarge` \$1 `m7i.2xlarge` \$1 ` m7i.4xlarge` \$1 `m7i.8xlarge` \$1 `m7i.12xlarge` \$1 `m7i.16xlarge` \$1 `m7i.24xlarge` \$1 `m7i.48xlarge` \$1 `m8a.medium` \$1 `m8a.large` \$1 `m8a.xlarge` \$1 `m8a.2xlarge` \$1 `m8a.4xlarge` \$1 `m8a.8xlarge` \$1 `m8a.12xlarge` \$1 `m8a.16xlarge` \$1 `m8a.24xlarge` \$1 `m8a.48xlarge` \$1 `m8azn.medium` \$1 `m8azn.large` \$1 `m8azn.xlarge` \$1 `m8azn.3xlarge` \$1 `m8azn.6xlarge` \$1 `m8azn.12xlarge` \$1 `m8azn.24xlarge` \$1 `m8i.large` \$1 `m8i.xlarge` \$1 `m8i.2xlarge` \$1 `m8i.4xlarge` \$1 `m8i.8xlarge` \$1 `m8i.12xlarge` \$1 `m8i.16xlarge` \$1 `m8i.24xlarge` \$1 `m8i.32xlarge` \$1 `m8i.48xlarge` \$1 `m8i.96xlarge` \$1 `m8id.large` \$1 `m8id.xlarge` \$1 `m8id.2xlarge` \$1 `m8id.4xlarge` \$1 `m8id.8xlarge` \$1 `m8id.12xlarge` \$1 `m8id.16xlarge` \$1 `m8id.24xlarge` \$1 `m8id.32xlarge` \$1 `m8id.48xlarge` \$1 `m8id.96xlarge` + **Compute optimized**: `c5.9xlarge` \$1 `c5.12xlarge` \$1 `c5.18xlarge` \$1 `c5.24xlarge` \$1 `c5a.24xlarge` \$1 `c5ad.24xlarge` \$1 `c5d.9xlarge` \$1 `c5d.12xlarge` \$1 `c5d.18xlarge` \$1 `c5d.24xlarge` \$1 `c5n.9xlarge` \$1 `c5n.18xlarge` \$1 `c6a.24xlarge` \$1 `c6a.32xlarge` \$1 `c6a.48xlarge` \$1 `c6i.16xlarge` \$1 `c6i.32xlarge` \$1 `c6id.24xlarge` \$1 `c6id.32xlarge` \$1 `c6in.32xlarge` \$1 `c7a.medium` \$1 `c7a.large` \$1 `c7a.xlarge` \$1 `c7a.2xlarge` \$1 `c7a.4xlarge` \$1 `c7a.8xlarge` \$1 `c7a.12xlarge` \$1 `c7a.16xlarge` \$1 `c7a.24xlarge` \$1 `c7a.32xlarge` \$1 `c7a.48xlarge` \$1 `c7i.large` \$1 `c7i.xlarge` \$1 `c7i.2xlarge` \$1 `c7i.4xlarge` \$1 `c7i.8xlarge` \$1 `c7i.12xlarge` \$1 `c7i.16xlarge` \$1 `c7i.24xlarge` \$1 `c7i.48xlarge` \$1 `c8a.medium` \$1 `c8a.large` \$1 `c8a.xlarge` \$1 `c8a.2xlarge` \$1 `c8a.4xlarge` \$1 `c8a.8xlarge` \$1 `c8a.12xlarge` \$1 `c8a.16xlarge` \$1 `c8a.24xlarge` \$1 `c8a.48xlarge` \$1 `c8i.large` \$1 `c8i.xlarge` \$1 `c8i.2xlarge` \$1 `c8i.4xlarge` \$1 `c8i.8xlarge` \$1 `c8i.12xlarge` \$1 `c8i.16xlarge` \$1 `c8i.24xlarge` \$1 `c8i.32xlarge` \$1 `c8i.48xlarge` \$1 `c8i.96xlarge` \$1 `c8id.large` \$1 `c8id.xlarge` \$1 `c8id.2xlarge` \$1 `c8id.4xlarge` \$1 `c8id.8xlarge` \$1 `c8id.12xlarge` \$1 `c8id.16xlarge` \$1 `c8id.24xlarge` \$1 `c8id.32xlarge` \$1 `c8id.48xlarge` \$1 `c8id.96xlarge` `x8i.large` \$1 `x8i.xlarge` \$1 `x8i.2xlarge` \$1 `x8i.4xlarge` \$1 `x8i.8xlarge` \$1 `x8i.12xlarge` \$1 `x8i.16xlarge` \$1 `x8i.24xlarge` \$1 `x8i.32xlarge` \$1 `x8i.48xlarge` \$1 `x8i.48xlarge` \$1 `x8i.96xlarge` + **Memory optimized**: `r5.12xlarge` \$1 `r5.24xlarge` \$1 `r5b.12xlarge` \$1 `r5d.12xlarge` \$1 `r5d.24xlarge` \$1 `r5n.12xlarge` \$1 `r5n.24xlarge` \$1 `r5dn.12xlarge` \$1 `r5dn.24xlarge` \$1 `r6a.24xlarge` \$1 `r6a.48xlarge` \$1 `r6i.16xlarge` \$1 `r6i.32xlarge` \$1 `r6id.16xlarge` \$1 `r6id.32xlarge` \$1 `r6in.16xlarge` \$1 `r6in.32xlarge` \$1 `r7a.medium` \$1 `r7a.large` \$1 `r7a.xlarge` \$1 `r7a.2xlarge` \$1 `r7a.4xlarge` \$1 `r7a.8xlarge` \$1 `r7a.12xlarge` \$1 `r7a.16xlarge` \$1 `r7a.24xlarge` \$1 `r7a.32xlarge` \$1 `r7a.48xlarge` \$1 `r7i.large` \$1 `r7i.xlarge` \$1 `r7i.2xlarge` \$1 `r7i.4xlarge` \$1 `r7i.8xlarge` \$1 `r7i.12xlarge` \$1 `r7i.16xlarge` \$1 `r7i.24xlarge` \$1 `r7i.48xlarge` \$1 `r7iz.large` \$1 `r7iz.xlarge` \$1 `r7iz.2xlarge` \$1 `r7iz.4xlarge` \$1 `r7iz.8xlarge` \$1 `r7iz.12xlarge` \$1 `r7iz.16xlarge` \$1 `r7iz.32xlarge` \$1 `r8a.medium` \$1 `r8a.large` \$1 `r8a.xlarge` \$1 `r8a.2xlarge` \$1 `r8a.4xlarge` \$1 `r8a.8xlarge` \$1 `r8a.12xlarge` \$1 `r8a.16xlarge` \$1 `r8a.24xlarge` \$1 `r8a.48xlarge` \$1 `r8i.large` \$1 `r8i.xlarge` \$1 `r8i.2xlarge` \$1 `r8i.4xlarge` \$1 `r8i.8xlarge` \$1 `r8i.12xlarge` \$1 `r8i.16xlarge` \$1 `r8i.24xlarge` \$1 `r8i.32xlarge` \$1 `r8i.48xlarge` \$1 `r8i.96xlarge` \$1 `r8id.large` \$1 `r8id.xlarge` \$1 `r8id.2xlarge` \$1 `r8id.4xlarge` \$1 `r8id.8xlarge` \$1 `r8id.12xlarge` \$1 `r8id.16xlarge` \$1 `r8id.24xlarge` \$1 `r8id.32xlarge` \$1 `r8id.48xlarge` \$1 `r8id.96xlarge` \$1 `u-3tb1.56xlarge` \$1 `u-6tb1.56xlarge` \$1 `u-6tb1.112xlarge` \$1 `u-9tb1.112xlarge` \$1 `u-12tb1.112xlarge` \$1 `u-18tb1.112xlarge` \$1 `u-24tb1.112xlarge` \$1 `u7i-6tb.112xlarge` \$1 `u7i-8tb.112xlarge` \$1 `u7i-12tb.224xlarge` \$1 `u7in-16tb.224xlarge` \$1 `u7in-24tb.224xlarge` \$1 ` u7in-32tb.224xlarge` \$1 `u7inh-32tb.480xlarge` \$1 `x2idn.32xlarge` \$1 `x2iedn.16xlarge` \$1 `x2iedn.32xlarge` \$1 `x2iezn.12xlarge` \$1 `x8aedz.large` \$1 `x8aedz.xlarge` \$1 `x8aedz.3xlarge` \$1 `x8aedz.6xlarge` \$1 `x8aedz.12xlarge` \$1 `x8aedz.24xlarge` \$1 `z1d.6xlarge` \$1 `z1d.12xlarge` + **Storage optimized**: `d3en.12xlarge` \$1 `dl1.24xlarge` \$1 `i3en.12xlarge` \$1 `i3en.24xlarge` \$1 `i4i.16xlarge` \$1 `i7i.large` \$1 `i7i.xlarge` \$1 `i7i.2xlarge` \$1 `i7i.4xlarge` \$1 `i7i.8xlarge` \$1 `i7i.12xlarge` \$1 `i7i.16xlarge` \$1 `i7i.24xlarge` \$1 `i7i.48xlarge` \$1 `i7ie.large` \$1 `i7ie.xlarge` \$1 `i7ie.2xlarge` \$1 `i7ie.3xlarge` \$1 `i7ie.6xlarge` \$1 `i7ie.12xlarge` \$1 `i7ie.18xlarge` \$1 `i7ie.24xlarge` \$1 `i7ie.48xlarge` \$1 `r5b.12xlarge` \$1 `r5b.24xlarge` + **Accelerated computing**: `dl1.24xlarge` \$1 `f2.6xlarge` \$1 `f2.12xlarge` \$1 `f2.48xlarge` \$1 `g5.24xlarge` \$1 `g5.48xlarge` \$1 `g6.24xlarge` \$1 `g6.48xlarge` \$1 `g6e.12xlarge` \$1 `g6e.24xlarge` \$1 `g6e.48xlarge` \$1 `g7e.2xlarge` \$1 `g7e.4xlarge` \$1 `g7e.8xlarge` \$1 `g7e.12xlarge` \$1 `g7e.24xlarge` \$1 `g7e.48xlarge` \$1 `inf1.24xlarge` \$1 `p3dn.24xlarge` \$1 `p4d.24xlarge` \$1 `p4de.24xlarge` \$1 `p5.48xlarge` \$1 `p5e.48xlarge` \$1 `p5en.48xlarge` \$1 `p6-b200.48xlarge` \$1 `p6-b300.48xlarge` \$1 `trn1.32xlarge` \$1 `trn2.3xlarge` \$1 `trn2.48xlarge` \$1 `trn2a.3xlarge` \$1 `trn2a.48xlarge` \$1 `trn2n.3xlarge` \$1 `trn2n.48xlarge` \$1 `trn2p.48xlarge` \$1 `trn2u.48xlarge` \$1 `vt1.24xlarge` + **High-performance computing**: `hpc7a.12xlarge` \$1 `hpc7a.24xlarge` \$1 `hpc7a.48xlarge` \$1 `hpc7a.96xlarge` \$1 `hpc8a.96xlarge` You might want to change the C-state or P-state settings to increase processor performance consistency, reduce latency, or tune your instance for a specific workload. The default C-state and P-state settings provide maximum performance, which is optimal for most workloads. However, if your application would benefit from reduced latency at the cost of higher single- or dual-core frequencies, or from consistent performance at lower frequencies as opposed to bursty Turbo Boost frequencies, consider experimenting with the C-state or P-state settings that are available to these instances. For information about different processor configurations and how to monitor the effects of your configuration for Amazon Linux, see [Processor state control for Amazon EC2 Amazon Linux instance](https://docs.aws.amazon.com//linux/al2/ug/processor_state_control.html) in the *Amazon Linux 2 User Guide*. These procedures were written for, and apply to Amazon Linux; however, they might also work for other Linux distributions with a Linux kernel of 3.9 or newer. For more information about other Linux distributions and processor state control, see your system-specific documentation. # Amazon EC2 managed instances Managed instances An *Amazon EC2 managed instance* is an EC2 instance that is provisioned and managed by a designated service provider, such as Amazon EKS through [EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/automode.html). Managed instances provide a simplified way for running compute workloads on Amazon EC2 by allowing you to delegate operational control of the instance to a service provider. Delegated control is the only change introduced for managed instances. The technical specifications and billing remain the same as non-managed EC2 instances. Because managed instances allow you to delegate control to the service provider, you can benefit from the service provider’s operational expertise and best practices. When an instance is managed, the service provider is responsible for tasks such as provisioning the instance, configuring software, scaling capacity, handling instance failures and replacements, and terminating the instance. You can’t directly modify the settings of a managed instance or terminate it. The service and specific operations are determined by the agreement between you and the service provider. However, you can add, modify, or remove tags from your managed instances, allowing you to categorize them within your AWS environment. **Topics** + [ ## Billing for managed instances ](#billing-for-ec2-managed-instances) + [ ## Identify managed instances ](#identify-ec2-managed-instances) + [ ## Get started with managed instances ](#get-started-with-ec2-managed-instances) ## Billing for managed instances An Amazon EC2 managed instance incurs the same base charge as a non-managed Amazon EC2 instance, plus a separate fee for the service provider. This additional fee is charged by the service provider managing your instance and is billed separately. It covers the cost of services provided for operating and maintaining your managed instance. All [Amazon EC2 purchasing options](instance-purchasing-options.md) are available for managed instances, including On-Demand Instances, Reserved Instances, Spot Instances, and Savings Plans. By sourcing your compute directly from EC2 and then providing it to your service provider, you benefit from any existing Reserved Instances or Savings Plans applied to your account, ensuring that you're using the most cost-effective compute capacity available. For example, when using Amazon EKS Auto Mode, you pay the standard EC2 instance rate for the underlying instances, plus an additional charge from Amazon EKS for managing the instances on your behalf. If you then decide to sign up for a [Savings Plans](https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html), the EC2 instance rate is reduced by the Savings Plans, while the additional charge from Amazon EKS remains unchanged. ## Identify managed instances Managed instances are identified by a **true** value in the **Managed** field. The service provider is identified in the **Operator** field (in the console) or `Principal` field (in the CLI). Use the following procedures to identify managed instances. ------ #### [ Console ] **To identify a managed instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance you want to check. 1. On the **Details** tab (if you selected the checkbox) or in the summary area (if you selected the instance ID), find the **Managed** field. + A value of **true** indicates a managed instance. + A value of **false** indicates a non-managed instance. 1. If **Managed** is set to **true**, the **Operator** field displays a value identifying the service provider responsible for managing the instance. For example, a value of **eks.amazonaws.com** identifies Amazon EKS as the service provider. ------ #### [ AWS CLI ] **To identify a managed instance** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command and specify the instance ID. ``` aws ec2 describe-instances \ --instance-ids i-1234567890abcdef0 \ --query Reservations[].Instances[].Operator ``` The following is example output. If `Managed` is `true`, the instance is a managed instance and a `Principal` is included. The principal is the service provider that manages the instance. For example, a value of `eks.amazonaws.com` identifies Amazon EKS as the service provider. ``` [ { "Managed": true, "Principal": "eks.amazonaws.com" } ] ``` **To find your managed instances** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command and specify the `operator.managed` filter with a value of `true`. The `--query` option displays only the IDs of the managed instances. ``` aws ec2 describe-instances \ --filters "Name=operator.managed,Values=true" \ --query Reservations[*].Instances[].InstanceId ``` ------ #### [ PowerShell ] **To identify a managed instance** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance -InstanceId i-1234567890abcdef0).Instances.Operator ``` The following is example output. ``` Managed Principal ------- --------- True eks.amazonaws.com ``` **To find your managed instances** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. This example displays only the IDs of the managed instances. ``` (Get-EC2Instance -Filter @{Name="operator.managed"; Values="true"}).Instances.InstanceId ``` ------ ## Get started with managed instances For guidance on using managed instances, see [Automate cluster infrastructure with EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/automode.html) in the *Amazon EKS User Guide*. # Use nested virtualization to run hypervisors in Amazon EC2 instances Nested virtualization Nested virtualization allows you to run hypervisors such as Hyper-V and KVM inside virtual Amazon EC2 instances. Virtual EC2 instances are non-bare metal instances. This capability extends virtualization flexibility by adding processor-level virtualization support to virtual EC2 instances, enabling a hypervisor running in your instance to create and manage virtual machines. Nested virtualization can help when you're running development tools like Docker Desktop, Windows Subsystem for Linux 2 (WSL2), Android Studio emulators, or QEMU in your development workflow, as it allows you to choose from a wide range of standard virtual Amazon EC2 instance types that meet your specific performance and price requirements. There is no additional cost for using nested virtualization. **Topics** + [ ## How it works ](#nested-virtualization-how-it-works) + [ ## Considerations ](#nested-virtualization-considerations) + [ ## Launch a new instance with nested virtualization enabled ](#nested-virtualization-launch-new-instance) + [ ## Configure an existing instance to use nested virtualization ](#nested-virtualization-configure-existing-instance) ## How it works Virtual EC2 instances run on a physical host that has the Nitro hypervisor. To support nested virtualization, the Nitro System passes the processor extensions, such as Intel VT-x, to instances to facilitate running nested virtual machines. The nested virtualization architecture consists of three layers: the physical AWS infrastructure and Nitro hypervisor (L0), your EC2 instance running a hypervisor (L1), and one or more virtual machines created within that instance (L2). ## Considerations Before you begin using nested virtualization, consider the following: + **Supported instance types** – Nested virtualization is currently supported on C8i, M8i, and R8i instances. + **Supported hypervisors** – Currently, KVM and Hyper-V are the supported L1 hypervisors. + **Windows instances** – When nested virtualization is enabled on a Windows instance: + **[Credential Guard](credential-guard.md)** – Virtual Secure Mode (VSM) is automatically disabled. + **Hibernation** – Instance hibernate and resume is not supported. + **CPU limit** – Not supported on Windows instances with more than 192 CPUs, such as `m8i.96xl`. + **Security responsibilities** – When using nested virtualization on EC2 instances, AWS is responsible for "security *of* the cloud," protecting the underlying infrastructure and maintaining the strong isolation boundaries between EC2 instances provided by the AWS Nitro System. Customers are responsible for "security *in* the cloud," which includes securing the operating system, hypervisor, nested virtual machines, guest operating systems, applications, and data within the EC2 instances. + **Performance** – AWS recommends that customers who want to run workloads that require access to hardware virtualization extensions, and are performance sensitive or have strict latency requirements, to evaluate bare metal instances. ## Launch a new instance with nested virtualization enabled When you launch a new instance, you can turn on nested virtualization to run hypervisors and virtual machines on it. **Prerequisites** You must have the required IAM permissions to launch an Amazon EC2 instance. ------ #### [ Console ] **To enable nested virtualization during instance launch** 1. Follow the [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md) procedure and configure your instance as needed. 1. Ensure a supported instance type is selected. 1. Expand **Advanced details**, and for **Nested virtualization**, choose **Enable**. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. ------ #### [ AWS CLI ] **To launch an instance with nested virtualization enabled** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type r8i.4xlarge \ --cpu-options "NestedVirtualization=enabled" \ --key-name my-key-pair ``` ------ #### [ PowerShell ] **To launch an instance with nested virtualization enabled** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) command. ``` New-EC2Instance `     -ImageId ami-0abcdef1234567890 `     -InstanceType r8i.4xlarge `     -CpuOption @{NestedVirtualization='enabled'} `     -KeyName my-key-pair ``` ------ ## Configure an existing instance to use nested virtualization You can turn on nested virtualization on an existing Amazon EC2 instance. **Prerequisites** + The instance must be in a `stopped` state. + The instance type must support nested virtualization. ------ #### [ Console ] **To enable nested virtualization on an existing instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance you want to modify from the instances table. 1. Choose **Actions**, **Instance settings**, **Change CPU options**. 1. On the **Change CPU options** page, for **Nested virtualization**, choose one of the following options: + **Enable** – Turns on nested virtualization for the instance + **Disable** – Turns off nested virtualization for the instance 1. Review your changes, and then choose **Change** to apply the new CPU options. ------ #### [ AWS CLI ] **To enable nested virtualization on an existing instance** First stop the instance, and then use the [modify-instance-cpu-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-cpu-options.html) command. ``` aws ec2 modify-instance-cpu-options \ --instance-id i-1234567890abcdef0 \ --core-count 4 \ --threads-per-core 2 \ --nested-virtualization enabled ``` ------ #### [ PowerShell ] **To enable nested virtualization on an existing instance** First stop the instance, and then use the [Edit-EC2InstanceCpuOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceCpuOption.html) command. ``` Edit-EC2InstanceCpuOption `     -InstanceId i-1234567890abcdef0 `     -CoreCount 4 `     -ThreadsPerCore 2 `     -NestedVirtualization enabled ``` ------ # Amazon EC2 billing and purchasing options Billing and purchasing options You can use the following options to optimize your costs for Amazon EC2: + **[On-Demand Instances](ec2-on-demand-instances.md)** – Pay, by the second, for the instances that you launch. + **[Savings Plans](https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html)** – Reduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years. + **[Reserved Instances](ec2-reserved-instances.md)** – Reduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and Region, for a term of 1 or 3 years. + **[Spot Instances](using-spot-instances.md)** – Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly. + **[Dedicated Hosts](dedicated-hosts-overview.md)** – Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs. + **[Dedicated Instances](dedicated-instance.md)** – Pay, by the hour, for instances that run on single-tenant hardware. + **[Capacity Reservations](capacity-reservation-overview.md)** – Reserve capacity for your EC2 instances in a specific Availability Zone. If you can't make a commitment to a specific instance configuration, but you can commit to a usage amount, purchase Savings Plans to reduce your On-Demand Instance costs. If you require a capacity reservation, purchase Reserved Instances or Capacity Reservations for a specific Availability Zone. Capacity Blocks can be used to reserve a cluster of GPU instances. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if they can be interrupted. Dedicated Hosts or Dedicated Instances can help you address compliance requirements and reduce costs by using your existing server-bound software licenses. For more information, see [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/) and [Amazon EC2 managed instances](amazon-ec2-managed-instances.md). # Purchasing On-Demand Instances for Amazon EC2 On-Demand Instances With On-Demand Instances, you pay for compute capacity by the second with no long-term commitments. You have full control over the instance's lifecycle—you decide when to launch, stop, hibernate, start, reboot, or terminate it. There is no long-term commitment required when you purchase On-Demand Instances. You pay only for the seconds that your On-Demand Instances are in the `running` state, with a 60-second minimum. The price per second for a running On-Demand Instance is fixed, and is listed on the [Amazon EC2 Pricing, On-Demand Pricing page](https://aws.amazon.com/ec2/pricing/on-demand/). We recommend that you use On-Demand Instances for applications with short-term, irregular workloads that cannot be interrupted. For significant savings over On-Demand Instances, use [AWS Savings Plans](https://aws.amazon.com/savingsplans/), [Spot Instances](using-spot-instances.md), or [Reserved Instances for Amazon EC2 overview](ec2-reserved-instances.md). **Contents** + [ ## On-Demand Instance quotas ](#ec2-on-demand-instances-limits) + [ ### Monitor On-Demand Instance quotas and usage ](#monitoring-on-demand-limits) + [ ### Request a quota increase ](#vcpu-limits-request-increase) + [ ## Query the prices of On-Demand Instances ](#query-aws-price-list) ## On-Demand Instance quotas There are quotas for the number of running On-Demand Instances per AWS account per Region. On-Demand Instance quotas are managed in terms of the *number of virtual central processing units (vCPUs)* that your running On-Demand Instances are using, regardless of the instance type. Each quota type specifies the maximum number of vCPUs for one or more instance families. Your account includes the following quotas for On-Demand Instances. Instances that are in the pending, stopping, stopped, and hibernated states do not count towards your On-Demand Instance quotas. Capacity Reservations count toward your On-Demand Instance quotas, even if they are unused. | Name | Default | Adjustable | | --- | --- | --- | | Running On-Demand DL instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-6E869C2A) | | Running On-Demand F instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-74FC7D96) | | Running On-Demand G and VT instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-DB2E81BA) | | Running On-Demand HPC instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-F7808C92) | | Running On-Demand High Memory instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-43DA4232) | | Running On-Demand Inf instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-1945791B) | | Running On-Demand P instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-417A185B) | | Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances | 5 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-1216C47A) | | Running On-Demand Trn instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-2C3B7624) | | Running On-Demand X instances | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-7295265B) | For information about the different instance families, generations, and sizes, see the [Amazon EC2 Instance Types Guide](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-types.html). You can launch any combination of instance types that meet your changing application needs, as long as the number of vCPUs does not exceed your account quota. For example, with a Standard instance quota of 256 vCPUs, you could launch 32 `m5.2xlarge` instances (32 x 8 vCPUs) or 16 `c5.4xlarge` instances (16 x 16 vCPUs). For more information, see [EC2 On-Demand Instance limits](https://aws.amazon.com/ec2/faqs/#EC2_On-Demand_Instance_limits). **Topics** + [ ### Monitor On-Demand Instance quotas and usage ](#monitoring-on-demand-limits) + [ ### Request a quota increase ](#vcpu-limits-request-increase) ### Monitor On-Demand Instance quotas and usage You can view and manage your On-Demand Instance quotas for each Region using the following methods. **To view your current quotas using the Service Quotas console** 1. Open the Service Quotas console at [https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/). 1. From the navigation bar, select a Region. 1. In the filter field, enter **On-Demand**. 1. The **Applied quota value** column displays the maximum number of vCPUs for each On-Demand Instance quota type for your account. **To view your current quotas using the AWS Trusted Advisor console** Open [Service limits page](https://console.aws.amazon.com/trustedadvisor/home?#/category/service-limits) in the AWS Trusted Advisor console. **To configure CloudWatch alarms** With Amazon CloudWatch metrics integration, you can monitor your EC2 usage against your quotas. You can also configure alarms to warn about approaching quotas. For more information, see [Service Quotas and Amazon CloudWatch alarms](https://docs.aws.amazon.com/servicequotas/latest/userguide/configure-cloudwatch.html) in the *Service Quotas User Guide*. ### Request a quota increase Even though Amazon EC2 automatically increases your On-Demand Instance quotas based on your usage, you can request a quota increase if necessary. For example, if you intend to launch more instances than your current quota allows, you can request a quota increase by using the Service Quotas console described in [Amazon EC2 service quotas](ec2-resource-limits.md). ## Query the prices of On-Demand Instances You can use the Price List Service API or the AWS Price List API to query the prices of On-Demand Instances. For more information, see [Using the AWS Price List API](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/price-changes.html) in the *AWS Billing User Guide*. # Reserved Instances for Amazon EC2 overview Reserved Instances **Important** We recommend Savings Plans over Reserved Instances. Saving Plans are the easiest and most flexible way to save money on your AWS compute costs and offer lower prices (up to 72% off On-Demand pricing), just like Reserved Instances. However, Savings Plans are different to Reserved Instances. With Reserved Instances, you make a commitment to a specific instance configuration, whereas with Savings Plans, you have the flexibility to use the instance configurations that best meet your needs. To use Savings Plans, you make a commitment to a consistent usage amount, measured in USD per hour. For more information, see the [AWS Savings Plans User Guide](https://docs.aws.amazon.com/savingsplans/latest/userguide/). Reserved Instances provide you with significant savings on your Amazon EC2 costs compared to On-Demand Instance pricing. Reserved Instances are not physical instances, but rather a billing discount applied to the use of On-Demand Instances in your account. These On-Demand Instances must match certain attributes, such as instance type and Region, in order to benefit from the billing discount. **Topics** + [ ## Reserved Instance example scenario ](#ri-example-scenario) + [ ## Key variables that determine Reserved Instance pricing ](#ri-key-pricing-variables) + [ # Regional and zonal Reserved Instances (scope) ](reserved-instances-scope.md) + [ # Types of Reserved Instances (offering classes) ](reserved-instances-types.md) + [ # How Reserved Instance discounts are applied ](apply_ri.md) + [ # Use your Reserved Instances ](using-reserved-instances.md) + [ # How billing works with Reserved Instances ](concepts-reserved-instances-application.md) + [ # Buy Reserved Instances for Amazon EC2 ](ri-market-concepts-buying.md) + [ # Sell Reserved Instances for Amazon EC2 in the Reserved Instance Marketplace ](ri-market-general.md) + [ # Modify Reserved Instances ](ri-modifying.md) + [ # Exchange Convertible Reserved Instances ](ri-convertible-exchange.md) + [ # Reserved Instance quotas ](ri-limits.md) ## Reserved Instance example scenario The following diagram shows a basic scenario of purchasing and using Reserved Instances. ![\[Purchasing Reserved Instances.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-basics.png) In this scenario, you have a running On-Demand Instance (T2) in your account, for which you're currently paying On-Demand rates. You purchase a Reserved Instance that matches the attributes of your running instance, and the billing benefit is immediately applied. Next, you purchase a Reserved Instance for a C4 instance. You do not have any running instances in your account that match the attributes of this Reserved Instance. In the final step, you launch an instance that matches the attributes of the C4 Reserved Instance, and the billing benefit is immediately applied. ## Key variables that determine Reserved Instance pricing The Reserved Instance pricing is determined by the following key variables. ### Instance attributes A Reserved Instance has four instance attributes that determine its price. + **Instance type**: For example, `m4.large`. This is composed of the instance family (for example, `m4`) and the instance size (for example, `large`). + **Region**: The Region in which the Reserved Instance is purchased. + **Tenancy**: Whether your instance runs on shared (default) or single-tenant (dedicated) hardware. For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md). + **Platform**: The operating system; for example, Windows or Linux/Unix. For more information, see [Choosing a platform](ri-market-concepts-buying.md#ri-choosing-platform). ### Term commitment You can purchase a Reserved Instance for a one-year or three-year commitment, with the three-year commitment offering a bigger discount. + **One-year**: A year is defined as 31536000 seconds (365 days). + **Three-year**: Three years is defined as 94608000 seconds (1095 days). Reserved Instances do not renew automatically; when they expire, you can continue using the EC2 instance without interruption, but you are charged On-Demand rates. In the above example, when the Reserved Instances that cover the T2 and C4 instances expire, you go back to paying the On-Demand rates until you terminate the instances or purchase new Reserved Instances that match the instance attributes. **Important** After you purchase a Reserved Instance, you cannot cancel your purchase. However, you might be able to [modify](ri-modifying.md), [exchange](ri-convertible-exchange.md), or [sell](ri-market-general.md) your Reserved Instance if your needs change. ### Payment options The following payment options are available for Reserved Instances: + **All Upfront**: Full payment is made at the start of the term, with no other costs or additional hourly charges incurred for the remainder of the term, regardless of hours used. + **Partial Upfront**: A portion of the cost must be paid upfront and the remaining hours in the term are billed at a discounted hourly rate, regardless of whether the Reserved Instance is being used. + **No Upfront**: You are billed a discounted hourly rate for every hour within the term, regardless of whether the Reserved Instance is being used. No upfront payment is required. **Note** No Upfront Reserved Instances are based on a contractual obligation to pay monthly for the entire term of the reservation. For this reason, a successful billing history is required before you can purchase No Upfront Reserved Instances. Generally speaking, you can save more money making a higher upfront payment for Reserved Instances. You can also find Reserved Instances offered by third-party sellers at lower prices and shorter term lengths on the Reserved Instance Marketplace. For more information, see [Sell Reserved Instances for Amazon EC2 in the Reserved Instance Marketplace](ri-market-general.md). ### Offering class If your computing needs change, you might be able to modify or exchange your Reserved Instance, depending on the offering class. + **Standard**: These provide the most significant discount, but can only be modified. Standard Reserved Instances can't be exchanged. + **Convertible**: These provide a lower discount than Standard Reserved Instances, but can be exchanged for another Convertible Reserved Instance with different instance attributes. Convertible Reserved Instances can also be modified. For more information, see [Types of Reserved Instances (offering classes)](reserved-instances-types.md). **Important** After you purchase a Reserved Instance, you cannot cancel your purchase. However, you might be able to [modify](ri-modifying.md), [exchange](ri-convertible-exchange.md), or [sell](ri-market-general.md) your Reserved Instance if your needs change. For more information, see the [Amazon EC2 Reserved Instances Pricing page](https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/). # Regional and zonal Reserved Instances (scope) When you purchase a Reserved Instance, you determine the scope of the Reserved Instance. The scope is either regional or zonal. + **Regional**: When you purchase a Reserved Instance for a Region, it's referred to as a *regional* Reserved Instance. + **Zonal**: When you purchase a Reserved Instance for a specific Availability Zone, it's referred to as a *zonal* Reserved Instance. The scope does not affect the price. You pay the same price for a regional or zonal Reserved Instance. For more information about Reserved Instance pricing, see [Key variables that determine Reserved Instance pricing](ec2-reserved-instances.md#ri-key-pricing-variables) and [Amazon EC2 Reserved Instances Pricing](https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/). For more information about how to specify the scope of a Reserved Instance, see [RI Attributes](https://aws.amazon.com/ec2/pricing/reserved-instances/#riattributes), specifically the **Availability Zone** bullet. ## Differences between regional and zonal Reserved Instances The following table highlights some key differences between regional Reserved Instances and zonal Reserved Instances: | | Regional Reserved Instances | Zonal Reserved Instances | | --- | --- | --- | | Ability to reserve capacity | A regional Reserved Instance does *not* reserve capacity. | A zonal Reserved Instance reserves capacity in the specified Availability Zone. | | Availability Zone flexibility | The Reserved Instance discount applies to instance usage in any Availability Zone in the specified Region. | No Availability Zone flexibility—the Reserved Instance discount applies to instance usage in the specified Availability Zone only. | | Instance size flexibility | The Reserved Instance discount applies to instance usage within the instance family, regardless of size. Only supported on Amazon Linux/Unix Reserved Instances with default tenancy. For more information, see [Instance size flexibility determined by normalization factor](apply_ri.md#ri-normalization-factor). | No instance size flexibility—the Reserved Instance discount applies to instance usage for the specified instance type and size only. | | Queuing a purchase | You can queue purchases for regional Reserved Instances. | You can't queue purchases for zonal Reserved Instances. | For more information and examples, see [How Reserved Instance discounts are applied](apply_ri.md). # Types of Reserved Instances (offering classes) The offering class of a Reserved Instance is either Standard or Convertible. A Standard Reserved Instance provides a more significant discount than a Convertible Reserved Instance, but you can't exchange a Standard Reserved Instance. You can exchange Convertible Reserved Instances. You can modify Standard and Convertible Reserved Instances. The configuration of a Reserved Instance comprises a single instance type, platform, scope, and tenancy over a term. If your computing needs change, you might be able to modify or exchange your Reserved Instance. ## Differences between Standard and Convertible Reserved Instances The following are the differences between Standard and Convertible Reserved Instances. | | Standard Reserved Instance | Convertible Reserved Instance | | --- | --- | --- | | Modify Reserved Instances | Some attributes can be modified. For more information, see [Modify Reserved Instances](ri-modifying.md). | Some attributes can be modified. For more information, see [Modify Reserved Instances](ri-modifying.md). | | Exchange Reserved Instances | Can't be exchanged. | Can be exchanged during the term for another Convertible Reserved Instance with new attributes, including instance family, instance type, platform, scope, or tenancy. For more information, see [Exchange Convertible Reserved Instances](ri-convertible-exchange.md). | | Sell in the Reserved Instance Marketplace | Can be sold in the Reserved Instance Marketplace. | Can't be sold in the Reserved Instance Marketplace. | | Buy in the Reserved Instance Marketplace | Can be bought in the Reserved Instance Marketplace. | Can't be bought in the Reserved Instance Marketplace. | # How Reserved Instance discounts are applied Reserved Instances are not physical instances, but rather a billing discount that is applied to the running On-Demand Instances in your account. The On-Demand Instances must match certain specifications of the Reserved Instances in order to benefit from the billing discount. If you purchase a Reserved Instance and you already have a running On-Demand Instance that matches the specifications of the Reserved Instance, the billing discount is applied immediately and automatically. You do not have to restart your instances. If you do not have an eligible running On-Demand Instance, launch an On-Demand Instance with the same specifications as your Reserved Instance. For more information, see [Use your Reserved Instances](using-reserved-instances.md). The offering class (Standard or Convertible) of the Reserved Instance does not affect how the billing discount is applied. **Topics** + [ ## How zonal Reserved Instances are applied ](#apply-zonal-ri) + [ ## How regional Reserved Instances are applied ](#apply-regional-ri) + [ ## Instance size flexibility ](#ri-instance-size-flexibility) + [ ## Examples of applying Reserved Instances ](#ri-usage-examples) ## How zonal Reserved Instances are applied A Reserved Instance that is purchased to reserve capacity in a specific Availability Zone is called a zonal Reserved Instance. + The Reserved Instance discount applies to matching instance usage in that Availability Zone. + The attributes (tenancy, platform, Availability Zone, instance type, and instance size) of the running instances must match that of the Reserved Instances. For example, if you purchase two `c4.xlarge` default tenancy Linux/Unix Standard Reserved Instances for Availability Zone us-east-1a, then up to two `c4.xlarge` default tenancy Linux/Unix instances running in the Availability Zone us-east-1a can benefit from the Reserved Instance discount. ## How regional Reserved Instances are applied A Reserved Instance that is purchased for a Region is called a regional Reserved Instance, and provides Availability Zone and instance size flexibility. + The Reserved Instance discount applies to instance usage in any Availability Zone in that Region. + The Reserved Instance discount applies to instance usage within the instance family, regardless of size—this is known as [instance size flexibility](#ri-instance-size-flexibility). ## Instance size flexibility With instance size flexibility, the Reserved Instance discount applies to instance usage for instances that have the same [ family](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html). The Reserved Instance is applied from the smallest to the largest instance size within the instance family based on the normalization factor. For an example of how the Reserved Instance discount is applied, see [Scenario 2: Reserved Instances in a single account using the normalization factor](#ri-usage-ex2). ### Limitations + **Supported: **Instance size flexibility is only supported for Regional Reserved Instances. + **Not supported:** Instance size flexibility is *not supported* for the following Reserved Instances: + Reserved Instances that are purchased for a specific Availability Zone (zonal Reserved Instances) + Reserved Instances for G4ad, G4dn, G5, G5g, G6, G6e, G6f, Gr6, Gr6f, hpc7a, P5, Inf1, Inf2, u7i-6tb, and u7i-8tb instances + Reserved Instances for Windows Server, Windows Server with SQL Standard, Windows Server with SQL Server Enterprise, Windows Server with SQL Server Web, RHEL, and SUSE Linux Enterprise Server + Reserved Instances with dedicated tenancy ### Instance size flexibility determined by normalization factor Instance size flexibility is determined by the normalization factor of the instance size. The discount applies either fully or partially to running instances of the same instance family, depending on the instance size of the reservation, in any Availability Zone in the Region. The only attributes that must be matched are the instance family, tenancy, and platform. The following table lists the different sizes within an instance family, and the corresponding normalization factor. This scale is used to apply the discounted rate of Reserved Instances to the normalized usage of the instance family. | Instance size | Normalization factor | | --- | --- | | nano | 0.25 | | micro | 0.5 | | small | 1 | | medium | 2 | | large | 4 | | xlarge | 8 | | 2xlarge | 16 | | 3xlarge | 24 | | 4xlarge | 32 | | 6xlarge | 48 | | 8xlarge | 64 | | 9xlarge | 72 | | 10xlarge | 80 | | 12xlarge | 96 | | 16xlarge | 128 | | 18xlarge | 144 | | 24xlarge | 192 | | 32xlarge | 256 | | 48xlarge | 384 | | 56xlarge | 448 | | 112xlarge | 896 | For example, a `t2.medium` instance has a normalization factor of 2. If you purchase a `t2.medium` default tenancy Amazon Linux/Unix Reserved Instance in the US East (N. Virginia) and you have two running `t2.small` instances in your account in that Region, the billing benefit is applied in full to both instances. ![\[Applying a Regional Reserved Instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-instance-flex-full.png) Or, if you have one `t2.large` instance running in your account in the US East (N. Virginia) Region, the billing benefit is applied to 50% of the usage of the instance. ![\[Applying a Regional Reserved Instance.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-instance-flex-partial.png) The normalization factor is also applied when modifying Reserved Instances. For more information, see [Modify Reserved Instances](ri-modifying.md). #### Normalization factor for bare metal instances Instance size flexibility also applies to bare metal instances within the instance family. If you have regional Amazon Linux/Unix Reserved Instances with shared tenancy on bare metal instances, you can benefit from the Reserved Instance savings within the same instance family. The opposite is also true: if you have regional Amazon Linux/Unix Reserved Instances with shared tenancy on instances in the same family as a bare metal instance, you can benefit from the Reserved Instance savings on the bare metal instance. The `metal` instance size does not have a single normalization factor. A bare metal instance has the same normalization factor as the equivalent virtualized instance size within the same instance family. For example, an `i3.metal` instance has the same normalization factor as an `i3.16xlarge` instance. | Instance size | Normalization factor | | --- | --- | | a1.metal | 32 | | m5zn.metal \$1 x2iezn.metal z1d.metal | 96 | | c6g.metal \$1 c6gd.metal \$1 i3.metal \$1 m6g.metal \$1 m6gd.metal \$1 r6g.metal \$1 r6gd.metal \$1 x2gd.metal | 128 | | c5n.metal | 144 | | c5.metal \$1 c5d.metal \$1 i3en.metal \$1 m5.metal \$1 m5d.metal \$1 m5dn.metal \$1 m5n.metal \$1 r5.metal \$1 r5b.metal \$1 r5d.metal \$1 r5dn.metal \$1 r5n.metal | 192 | | c6i.metal \$1 c6id.metal \$1 m6i.metal \$1 m6id.metal \$1 r6d.metal \$1 r6id.metal | 256 | | u-18tb1.metal \$1 u-24tb1.metal | 448 | | u-6tb1.metal \$1 u-9tb1.metal \$1 u-12tb1.metal | 896 | For example, an `i3.metal` instance has a normalization factor of 128. If you purchase an `i3.metal` default tenancy Amazon Linux/Unix Reserved Instance in the US East (N. Virginia), the billing benefit can apply as follows: + If you have one running `i3.16xlarge` in your account in that Region, the billing benefit is applied in full to the `i3.16xlarge` instance (`i3.16xlarge` normalization factor = 128). + Or, if you have two running `i3.8xlarge` instances in your account in that Region, the billing benefit is applied in full to both `i3.8xlarge` instances (`i3.8xlarge` normalization factor = 64). + Or, if you have four running `i3.4xlarge` instances in your account in that Region, the billing benefit is applied in full to all four `i3.4xlarge` instances (`i3.4xlarge` normalization factor = 32). The opposite is also true. For example, if you purchase two `i3.8xlarge` default tenancy Amazon Linux/Unix Reserved Instances in the US East (N. Virginia), and you have one running `i3.metal` instance in that Region, the billing benefit is applied in full to the `i3.metal` instance. ## Examples of applying Reserved Instances **Topics** + [ ### Scenario 1: Reserved Instances in a single account ](#ri-usage-ex1) + [ ### Scenario 2: Reserved Instances in a single account using the normalization factor ](#ri-usage-ex2) + [ ### Scenario 3: Regional Reserved Instances in linked accounts ](#ri-usage-ex3) + [ ### Scenario 4: Zonal Reserved Instances in a linked account ](#ri-usage-ex4) ### Scenario 1: Reserved Instances in a single account You are running the following On-Demand Instances in account A: + 4 x `m3.large` Linux, default tenancy instances in Availability Zone us-east-1a + 2 x `m4.xlarge` Amazon Linux, default tenancy instances in Availability Zone us-east-1b + 1 x `c4.xlarge` Amazon Linux, default tenancy instances in Availability Zone us-east-1c You purchase the following Reserved Instances in account A: + 4 x `m3.large` Linux, default tenancy Reserved Instances in Availability Zone us-east-1a (capacity is reserved) + 4 x `m4.large` Amazon Linux, default tenancy Reserved Instances in Region us-east-1 + 1 x `c4.large` Amazon Linux, default tenancy Reserved Instances in Region us-east-1 The Reserved Instance benefits are applied in the following way: + The discount and capacity reservation of the four `m3.large` zonal Reserved Instances is used by the four `m3.large` instances because the attributes (instance size, Region, platform, tenancy) between them match. + The `m4.large` regional Reserved Instances provide Availability Zone and instance size flexibility, because they are regional Amazon Linux Reserved Instances with default tenancy. An `m4.large` is equivalent to 4 normalized units/hour. You've purchased four `m4.large` regional Reserved Instances, and in total, they are equal to 16 normalized units/hour (4x4). Account A has two `m4.xlarge` instances running, which is equivalent to 16 normalized units/hour (2x8). In this case, the four `m4.large` regional Reserved Instances provide the full billing benefit to the usage of the two `m4.xlarge` instances. + The `c4.large` regional Reserved Instance in us-east-1 provides Availability Zone and instance size flexibility, because it is a regional Amazon Linux Reserved Instance with default tenancy, and applies to the `c4.xlarge` instance. A `c4.large` instance is equivalent to 4 normalized units/hour and a `c4.xlarge` is equivalent to 8 normalized units/hour. In this case, the `c4.large` regional Reserved Instance provides partial benefit to `c4.xlarge` usage. This is because the `c4.large` Reserved Instance is equivalent to 4 normalized units/hour of usage, but the `c4.xlarge` instance requires 8 normalized units/hour. Therefore, the `c4.large` Reserved Instance billing discount applies to 50% of `c4.xlarge` usage. The remaining `c4.xlarge` usage is charged at the On-Demand rate. ### Scenario 2: Reserved Instances in a single account using the normalization factor You are running the following On-Demand Instances in account A: + 2 x `m3.xlarge` Amazon Linux, default tenancy instances in Availability Zone us-east-1a + 2 x `m3.large` Amazon Linux, default tenancy instances in Availability Zone us-east-1b You purchase the following Reserved Instance in account A: + 1 x `m3.2xlarge` Amazon Linux, default tenancy Reserved Instance in Region us-east-1 The Reserved Instance benefits are applied in the following way: + The `m3.2xlarge` regional Reserved Instance in us-east-1 provides Availability Zone and instance size flexibility, because it is a regional Amazon Linux Reserved Instance with default tenancy. It applies first to the `m3.large` instances and then to the `m3.xlarge` instances, because it applies from the smallest to the largest instance size within the instance family based on the normalization factor. An `m3.large` instance is equivalent to 4 normalized units/hour. An `m3.xlarge` instance is equivalent to 8 normalized units/hour. An `m3.2xlarge` instance is equivalent to 16 normalized units/hour. The benefit is applied as follows: The `m3.2xlarge` regional Reserved Instance provides full benefit to 2 x `m3.large` usage, because together these instances account for 8 normalized units/hour. This leaves 8 normalized units/hour to apply to the `m3.xlarge` instances. With the remaining 8 normalized units/hour, the `m3.2xlarge` regional Reserved Instance provides full benefit to 1 x `m3.xlarge` usage, because each `m3.xlarge` instance is equivalent to 8 normalized units/hour. The remaining `m3.xlarge` usage is charged at the On-Demand rate. ### Scenario 3: Regional Reserved Instances in linked accounts Reserved Instances are first applied to usage within the purchasing account, followed by qualifying usage in any other account in the organization. For more information, see [Reserved Instances and consolidated billing](concepts-reserved-instances-application.md#concepts-reserved-instances-billing). For regional Reserved Instances that offer instance size flexibility, the benefit is applied from the smallest to the largest instance size within the instance family. You're running the following On-Demand Instances in account A (the purchasing account): + 2 x `m4.xlarge` Linux, default tenancy instances in Availability Zone us-east-1a + 1 x `m4.2xlarge` Linux, default tenancy instances in Availability Zone us-east-1b + 2 x `c4.xlarge` Linux, default tenancy instances in Availability Zone us-east-1a + 1 x `c4.2xlarge` Linux, default tenancy instances in Availability Zone us-east-1b Another customer is running the following On-Demand Instances in account B—a linked account: + 2 x `m4.xlarge` Linux, default tenancy instances in Availability Zone us-east-1a You purchase the following regional Reserved Instances in account A: + 4 x `m4.xlarge` Linux, default tenancy Reserved Instances in Region us-east-1 + 2 x `c4.xlarge` Linux, default tenancy Reserved Instances in Region us-east-1 The regional Reserved Instance benefits are applied in the following way: + The discount of the four `m4.xlarge` Reserved Instances is used by the two `m4.xlarge` instances and the single `m4.2xlarge` instance in account A (purchasing account). All three instances match the attributes (instance family, Region, platform, tenancy). The discount is applied to instances in the purchasing account (account A) first, even though account B (linked account) has two `m4.xlarge` that also match the Reserved Instances. There is no capacity reservation because the Reserved Instances are regional Reserved Instances. + The discount of the two `c4.xlarge` Reserved Instances applies to the two `c4.xlarge` instances, because they are a smaller instance size than the `c4.2xlarge` instance. There is no capacity reservation because the Reserved Instances are regional Reserved Instances. ### Scenario 4: Zonal Reserved Instances in a linked account In general, Reserved Instances that are owned by an account are applied first to usage in that account. However, if there are qualifying, unused Reserved Instances for a specific Availability Zone (zonal Reserved Instances) in other accounts in the organization, they are applied to the account before regional Reserved Instances owned by the account. This is done to ensure maximum Reserved Instance utilization and a lower bill. For billing purposes, all the accounts in the organization are treated as one account. The following example might help explain this. You're running the following On-Demand Instance in account A (the purchasing account): + 1 x `m4.xlarge` Linux, default tenancy instance in Availability Zone us-east-1a A customer is running the following On-Demand Instance in linked account B: + 1 x `m4.xlarge` Linux, default tenancy instance in Availability Zone us-east-1b You purchase the following regional Reserved Instances in account A: + 1 x `m4.xlarge` Linux, default tenancy Reserved Instance in Region us-east-1 A customer also purchases the following zonal Reserved Instances in linked account C: + 1 x `m4.xlarge` Linux, default tenancy Reserved Instances in Availability Zone us-east-1a The Reserved Instance benefits are applied in the following way: + The discount of the `m4.xlarge` zonal Reserved Instance owned by account C is applied to the `m4.xlarge` usage in account A. + The discount of the `m4.xlarge` regional Reserved Instance owned by account A is applied to the `m4.xlarge` usage in account B. + If the regional Reserved Instance owned by account A was first applied to the usage in account A, the zonal Reserved Instance owned by account C remains unused and usage in account B is charged at On-Demand rates. For more information, see [Understanding your reservations](https://docs.aws.amazon.com/cur/latest/userguide/understanding-ri.html) in the AWS Cost and Usage Report. **Note** Zonal Reserved Instances reserve capacity only for the owning account and cannot be shared with other AWS accounts. If you need to share capacity with other AWS accounts, use [Reserve compute capacity with EC2 On-Demand Capacity Reservations](ec2-capacity-reservations.md). # Use your Reserved Instances Reserved Instances are automatically applied to running On-Demand Instances provided that the specifications match. If you have no running On-Demand Instances that match the specifications of your Reserved Instance, the Reserved Instance is unused until you launch an instance with the required specifications. If you're launching an On-Demand Instance to take advantage of the billing benefit of a Reserved Instance, ensure that you specify the following information when you configure your On-Demand Instance: **Platform** You must specify an Amazon Machine Image (AMI) that matches the platform (product description) of your Reserved Instance. For example, if you specified `Linux/UNIX` for your Reserved Instance, you can launch an instance from an Amazon Linux AMI or an Ubuntu AMI. **Instance type** If you purchased a zonal Reserved Instance, you must specify the same instance type as your Reserved Instance; for example, `t3.large`. For more information, see [How zonal Reserved Instances are applied](apply_ri.md#apply-zonal-ri). If you purchased a regional Reserved Instance, you must specify an instance type from the same instance family as the instance type of your Reserved Instance. For example, if you specified `t3.xlarge` for your Reserved Instance, you must launch your instance from the T3 family, but you can specify any size, for example, `t3.medium`. For more information, see [How regional Reserved Instances are applied](apply_ri.md#apply-regional-ri). **Availability Zone** If you purchased a zonal Reserved Instance for a specific Availability Zone, you must launch the instance into the same Availability Zone. If you purchased a regional Reserved Instance, you can launch the instance into any Availability Zone in the Region that you specified for the Reserved Instance. **Tenancy** The tenancy (`dedicated` or `shared`) of the instance must match the tenancy of your Reserved Instance. For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md). For examples of how Reserved Instances are applied to your running On-Demand Instances, see [How Reserved Instance discounts are applied](apply_ri.md). For more information, see [Why aren't my Amazon EC2 Reserved Instances applying to my AWS billing in the way that I expected?](https://repost.aws/knowledge-center/reserved-instance-applying-why) You can use various methods to launch the On-Demand Instances that use your Reserved Instance discount. For information about the different launch methods, see [Launch an Amazon EC2 instance](LaunchingAndUsingInstances.md). You can also use Amazon EC2 Auto Scaling to launch an instance. For more information, see the [Amazon EC2 Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/). # How billing works with Reserved Instances All Reserved Instances provide you with a discount compared to On-Demand pricing. With Reserved Instances, you pay for the entire term regardless of actual use. You can choose to pay for your Reserved Instance upfront, partially upfront, or monthly, depending on the [payment option](ec2-reserved-instances.md#ri-payment-options) specified for the Reserved Instance. When Reserved Instances expire, you are charged On-Demand rates for EC2 instance usage. You can queue a Reserved Instance for purchase up to three years in advance. This can help you ensure that you have uninterrupted coverage. For more information, see [Queue your purchase](ri-market-concepts-buying.md#ri-queued-purchase). The AWS Free Tier is available for new AWS accounts. If you are using the AWS Free Tier to run Amazon EC2 instances, and you purchase a Reserved Instance, you are charged the standard pricing. For information, see [AWS Free Tier](https://aws.amazon.com/free/). **Topics** + [ ## Usage billing ](#hourly-billing) + [ ## Viewing your bill ](#ri-market-buyer-billing) + [ ## Reserved Instances and consolidated billing ](#concepts-reserved-instances-billing) + [ ## Reserved Instance discount pricing tiers ](#reserved-instances-discounts) ## Usage billing Reserved Instances are billed for every clock-hour during the term that you select, regardless of whether an instance is running. Each clock-hour starts on the hour (zero minutes and zero seconds past the hour) of a standard 24-hour clock. For example, 1:00:00 to 1:59:59 is one clock-hour. For more information about instance states, see [Amazon EC2 instance state changes](ec2-instance-lifecycle.md). A Reserved Instance billing benefit can be applied to a running instance on a per-second basis. Per-second billing is available for instances using an open-source Linux distribution, such as Amazon Linux and Ubuntu. Per-hour billing is used for commercial Linux distributions, such as Red Hat Enterprise Linux and SUSE Linux Enterprise Server. A Reserved Instance billing benefit can apply to a maximum of 3600 seconds (one hour) of instance usage per clock-hour. You can run multiple instances concurrently, but can only receive the benefit of the Reserved Instance discount for a total of 3600 seconds per clock-hour; instance usage that exceeds 3600 seconds in a clock-hour is billed at the On-Demand rate. For example, if you purchase one `m4.xlarge` Reserved Instance and run four `m4.xlarge` instances concurrently for one hour, one instance is charged at one hour of Reserved Instance usage and the other three instances are charged at three hours of On-Demand usage. However, if you purchase one `m4.xlarge` Reserved Instance and run four `m4.xlarge` instances for 15 minutes (900 seconds) each within the same hour, the total running time for the instances is one hour, which results in one hour of Reserved Instance usage and 0 hours of On-Demand usage. ![\[Four m4.xlarge instances running for 15 minutes each within the same hour.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-per-second-billing.png) If multiple eligible instances are running concurrently, the Reserved Instance billing benefit is applied to all the instances at the same time up to a maximum of 3600 seconds in a clock-hour; thereafter, On-Demand rates apply. ![\[Multiple instances running concurrently with Reserved Instance billing.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-per-second-billing-concurrent.png) **Cost Explorer** on the [Billing and Cost Management](https://console.aws.amazon.com/billing) console enables you to analyze the savings against running On-Demand Instances. The [Reserved Instances FAQ](https://aws.amazon.com/ec2/faqs/#reserved-instances) includes an example of a list value calculation. If you close your AWS account, On-Demand billing for your resources stops. However, if you have any Reserved Instances in your account, you continue to receive a bill for these until they expire. ## Viewing your bill You can find out about the charges and fees to your account by viewing the [AWS Billing and Cost Management](https://console.aws.amazon.com/billing) console. + The **Dashboard** displays a spend summary for your account. + On the **Bills** page, under **Details** expand the **Elastic Compute Cloud** section and the Region to get billing information about your Reserved Instances. You can view the charges online, or you can download a CSV file. You can also track your Reserved Instance utilization using the AWS Cost and Usage Report. For more information, see [Understanding your reservations](https://docs.aws.amazon.com/cur/latest/userguide/understanding-ri.html). ## Reserved Instances and consolidated billing The pricing benefits of Reserved Instances are shared when the purchasing account is part of a set of accounts billed under one consolidated billing payer account. The instance usage across all member accounts is aggregated in the payer account every month. This is typically useful for companies in which there are different functional teams or groups; then, the normal Reserved Instance logic is applied to calculate the bill. For more information, see [Consolidated billing for AWS Organizations](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html). If you close the account that purchased the Reserved Instance, the payer account is charged for the Reserved Instance until the Reserved Instance expires. After the closed account is permanently deleted in 90 days, the member accounts no longer benefit from the Reserved Instance billing discount. **Note** Zonal Reserved Instances reserve capacity only for the owning account and cannot be shared with other AWS accounts. If you need to share capacity with other AWS accounts, use [Reserve compute capacity with EC2 On-Demand Capacity Reservations](ec2-capacity-reservations.md). ## Reserved Instance discount pricing tiers If your account qualifies for a discount pricing tier, it automatically receives discounts on upfront and instance usage fees for Reserved Instance purchases that you make within that tier level from that point on. To qualify for a discount, the list value of your Reserved Instances in the Region must be \$1500,000 USD or more. The following rules apply: + Pricing tiers and related discounts apply only to purchases of Amazon EC2 Standard Reserved Instances. + Pricing tiers do not apply to Reserved Instances for Windows with SQL Server Standard, SQL Server Web, and SQL Server Enterprise. + Pricing tiers do not apply to Reserved Instances for Linux with SQL Server of any kind. + Pricing tier discounts only apply to purchases made from AWS. They do not apply to purchases of third-party Reserved Instances. + Discount pricing tiers are currently not applicable to Convertible Reserved Instance purchases. **Topics** + [ ### Calculate Reserved Instance pricing discounts ](#pricing-discounts) + [ ### Buy with a discount tier ](#buying-discount-tier) + [ ### Crossing pricing tiers ](#crossing-pricing-tiers) + [ ### Consolidated billing for pricing tiers ](#consolidating-billing) ### Calculate Reserved Instance pricing discounts You can determine the pricing tier for your account by calculating the list value for all of your Reserved Instances in a Region. Multiply the hourly recurring price for each reservation by the total number of hours for the term and add the undiscounted upfront price (also known as the fixed price) at the time of purchase. Because the list value is based on undiscounted (public) pricing, it is not affected if you qualify for a volume discount or if the price drops after you buy your Reserved Instances. ``` List value = fixed price + (undiscounted recurring hourly price * hours in term) ``` For example, for a 1-year Partial Upfront `t2.small` Reserved Instance, assume the upfront price is \$160.00 and the hourly rate is \$10.007. This provides a list value of \$1121.32. ``` 121.32 = 60.00 + (0.007 * 8760) ``` **To view the fixed price values for Reserved Instances using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**. 1. To display the **Upfront price** column, choose settings ( ![\[Settings icon.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/settings-icon.png) ) in the top-right corner, turn on **Upfront price**, and choose **Confirm**. **To view the fixed price values for Reserved Instances using the command line** + [describe-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances.html) (AWS CLI) + [Get-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstance.html) (AWS Tools for Windows PowerShell) ### Buy with a discount tier When you buy Reserved Instances, Amazon EC2 automatically applies any discounts to the part of your purchase that falls within a discount pricing tier. You don't need to do anything differently, and you can buy Reserved Instances using any of the Amazon EC2 tools. For more information, see [Buy Reserved Instances for Amazon EC2](ri-market-concepts-buying.md). After the list value of your active Reserved Instances in a Region crosses into a discount pricing tier, any future purchase of Reserved Instances in that Region are charged at a discounted rate. If a single purchase of Reserved Instances in a Region takes you over the threshold of a discount tier, then the portion of the purchase that is above the price threshold is charged at the discounted rate. For more information about the temporary Reserved Instance IDs that are created during the purchase process, see [Crossing pricing tiers](#crossing-pricing-tiers). If your list value falls below the price point for that discount pricing tier—for example, if some of your Reserved Instances expire—future purchases of Reserved Instances in the Region are not discounted. However, you continue to get the discount applied against any Reserved Instances that were originally purchased within the discount pricing tier. When you buy Reserved Instances, one of four possible scenarios occurs: + **No discount**—Your purchase within a Region is still below the discount threshold. + **Partial discount**—Your purchase within a Region crosses the threshold of the first discount tier. No discount is applied to one or more reservations and the discounted rate is applied to the remaining reservations. + **Full discount**—Your entire purchase within a Region falls within one discount tier and is discounted appropriately. + **Two discount rates**—Your purchase within a Region crosses from a lower discount tier to a higher discount tier. You are charged two different rates: one or more reservations at the lower discounted rate, and the remaining reservations at the higher discounted rate. ### Crossing pricing tiers If your purchase crosses into a discounted pricing tier, you see multiple entries for that purchase: one for that part of the purchase charged at the regular price, and another for that part of the purchase charged at the applicable discounted rate. The Reserved Instance service generates several Reserved Instance IDs because your purchase crossed from an undiscounted tier, or from one discounted tier to another. There is an ID for each set of reservations in a tier. Consequently, the ID returned by your purchase CLI command or API action is different from the actual ID of the new Reserved Instances. ### Consolidated billing for pricing tiers A consolidated billing account aggregates the list value of member accounts within a Region. When the list value of all active Reserved Instances for the consolidated billing account reaches a discount pricing tier, any Reserved Instances purchased after this point by any member of the consolidated billing account are charged at the discounted rate (as long as the list value for that consolidated account stays above the discount pricing tier threshold). For more information, see [Reserved Instances and consolidated billing](#concepts-reserved-instances-billing). # Buy Reserved Instances for Amazon EC2 Buy Reserved Instances To buy a Reserved Instance for Amazon EC2, you can use the Amazon EC2 console, a command line tool, or an SDK to search for Reserved Instance offerings from AWS and third-party sellers, adjusting your search parameters until you find the exact match that you're looking for. When you search for Reserved Instances to buy, you receive a quote on the cost of the returned offerings. When you proceed with the purchase, AWS automatically places a limit price on the purchase price. The total cost of your Reserved Instances won't exceed the amount that you were quoted. If the price rises or changes for any reason, the purchase is not completed. When you are purchasing a third-party seller’s Reserved Instance from the Amazon EC2 Reserved Instance Marketplace, if there are offerings similar to your choice but at a lower upfront price, AWS sells you the offerings at the lower upfront price. Before you confirm your purchase, review the details of the Reserved Instance that you plan to buy, and make sure that all the parameters are accurate. After you purchase a Reserved Instance (either from a third-party seller in the Reserved Instance Marketplace or from AWS), you cannot cancel your purchase. You can queue a purchase for a future date, and cancel the queued purchase before its scheduled time. To purchase and modify Reserved Instances, ensure that your user has the appropriate permissions, such as the ability to describe Availability Zones. For information, see [Example: Work with Reserved Instances](ExamplePolicies_EC2.md#iam-example-reservedinstances) (API) or [Example: Work with Reserved Instances](iam-policies-ec2-console.md#ex-reservedinstances) (console). **Topics** + [ ## Choosing a platform ](#ri-choosing-platform) + [ ## Queue your purchase ](#ri-queued-purchase) + [ ## Buy Standard Reserved Instances ](#ri-buying-standard) + [ ## Buy Convertible Reserved Instances ](#ri-buying-convertible) + [ ## Buy from the Reserved Instance Marketplace ](#ri-market-buying-guide) + [ ## Cancel a queued purchase ](#cancel-queued-purchase) + [ ## Renew a Reserved Instance ](#renew-ri) ## Choosing a platform Amazon EC2 supports the following platforms for Reserved Instances: + Linux/UNIX + Linux with SQL Server Standard + Linux with SQL Server Web + Linux with SQL Server Enterprise + SUSE Linux + Red Hat Enterprise Linux + Red Hat Enterprise Linux with HA + Windows + Windows with SQL Server Standard + Windows with SQL Server Web + Windows with SQL Server Enterprise **Considerations** + If you bring your existing subscription (BYOS) for **Red Hat Enterprise Linux**, **SUSE Linux**, or **Ubuntu Pro**, you must choose an offering for the **Linux/Unix** platform. + Reserved Instances are not supported on instances running **macOS** or Ubuntu Pro (EC2 subscription-included, i.e., not BYOS). For saving with On-Demand instance pricing, we recommend that you use macOS and Ubuntu Pro (EC2 subscription-included) instances with Savings Plans. For more information, see [Savings Plans User Guide](https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html). To ensure that an instance runs in a specific Reserved Instance, the platform of the Reserved Instance must match the platform of the AMI used to launch the instance. For Linux AMIs, it is important to check whether the AMI platform uses the general value **Linux/UNIX** or a more specific value like **SUSE Linux**. ------ #### [ Console ] **To check the AMI platform** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **AMIs**. 1. Select the AMI. 1. On the **Details** tab, note the value of **Platform details**. ------ #### [ AWS CLI ] **To check the AMI platform** Use the [describe-images](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html) command and check the value of `PlatformDetails`. ``` aws ec2 describe-images \ --image-id ami-0abcdef1234567890 \ --query Images[*].PlatformDetails ``` The following is example output. ``` [ "Linux/UNIX" ] ``` ------ #### [ PowerShell ] **To check the AMI platform** Use the [Get-EC2Image](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Image.html) cmdlet and check the value of `PlatformDetails`. ``` Get-EC2Image ` -ImageId ami-0abcdef1234567890 | ` Select PlatformDetails ``` The following is example output. ``` PlatformDetails --------------- Linux/UNIX ``` ------ ## Queue your purchase By default, when you purchase a Reserved Instance, the purchase is made immediately. Alternatively, you can queue your purchases for a future date and time. For example, you can queue a purchase for around the time that an existing Reserved Instance expires. This can help you ensure that you have uninterrupted coverage. You can queue purchases for regional Reserved Instances, but not zonal Reserved Instances or Reserved Instances from other sellers. You can queue a purchase up to three years in advance. On the scheduled date and time, the purchase is made using the default payment method. After the payment is successful, the billing benefit is applied. You can set a date for your queued purchases in the Amazon EC2 console, and the purchase is queued until 00:00 UTC on this date. To specify a different time for the queued purchase, use an AWS SDK or command line tool. You can view your queued purchases in the Amazon EC2 console. The status of a queued purchase is **queued**. You can cancel a queued purchase any time before its scheduled time. For details, see [Cancel a queued purchase](#cancel-queued-purchase). ## Buy Standard Reserved Instances You can buy Standard Reserved Instances in a specific Availability Zone and get a capacity reservation. Alternatively, you can forego the capacity reservation and purchase a regional Standard Reserved Instance. After the purchase is complete, if you already have a running instance that matches the specifications of the Reserved Instance, the billing benefit is immediately applied. You do not need to restart your instances. If you do not have a suitable running instance, launch an instance and ensure that you match the exact criteria that you specified for your Reserved Instance. For more information, see [Use your Reserved Instances](using-reserved-instances.md). For examples of how Reserved Instances are applied to your running instances, see [How Reserved Instance discounts are applied](apply_ri.md). ------ #### [ Console ] **To buy Standard Reserved Instances** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**, and then choose **Purchase Reserved Instances**. 1. For **Offering class**, choose **Standard** to display Standard Reserved Instances. 1. To purchase a capacity reservation, toggle on **Only show offerings that reserve capacity** in the top-right corner of the purchase screen. When you toggle on this setting, the **Availability Zone** field appears. To purchase a regional Reserved Instance, toggle off this setting. When you toggle off this setting, the **Availability Zone** field disappears. 1. Select other configurations as needed, and then choose **Search**. 1. For each Reserved Instance that you want to purchase, enter the desired quantity, and choose **Add to cart**. To purchase a Standard Reserved Instance from the Reserved Instance Marketplace, look for **3rd party** in the **Seller** column in the search results. The **Term** column displays non-standard terms. For more information, see [Buy from the Reserved Instance Marketplace](#ri-market-buying-guide). 1. To see a summary of the Reserved Instances that you selected, choose **View cart**. 1. If **Order on** is **Now**, the purchase is completed immediately after you choose **Order all**. To queue a purchase, choose **Now** and select a date. You can select a different date for each eligible offering in the cart. The purchase is queued until 00:00 UTC on the selected date. 1. To complete the order, choose **Order all**. If, at the time of placing the order, there are offerings similar to your choice but with a lower price, AWS sells you the offerings at the lower price. 1. Choose **Close**. The status of your order is listed in the **State** column. When your order is complete, the **State** value changes from `Payment-pending` to `Active`. When the Reserved Instance is `Active`, it is ready to use. If the status goes to `Retired`, AWS might not have received your payment. ------ #### [ AWS CLI ] **To buy a Standard Reserved Instance** 1. Find available Reserved Instances using the [describe-reserved-instances-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances-offerings.html) command. Specify `standard` for the `--offering-class` option to return only Standard Reserved Instances. You can apply additional criteria to narrow your results. For example, use the following command to purchase a regional `t2.large` Reserved Instance with a default tenancy for `Linux/UNIX` for a 1-year term only. ``` aws ec2 describe-reserved-instances-offerings \ --instance-type t2.large \ --offering-class standard \ --product-description "Linux/UNIX" \ --instance-tenancy default \ --filters Name=duration,Values=31536000 \ Name=scope,Values=Region ``` To find Reserved Instances on the Reserved Instance Marketplace only, use the `marketplace` filter and do not specify a duration in the request, as the term might be shorter than a 1– or 3-year term. ``` aws ec2 describe-reserved-instances-offerings \ --instance-type t2.large \ --offering-class standard \ --product-description "Linux/UNIX" \ --instance-tenancy default \ --filters Name=marketplace,Values=true ``` When you find a Reserved Instance that meets your needs, take note of the offering ID. For example: ``` "ReservedInstancesOfferingId": "bec624df-a8cc-4aad-a72f-4f8abc34caf2" ``` 1. Use the [purchase-reserved-instances-offering](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-reserved-instances-offering.html) command to buy your Reserved Instance. You must specify the Reserved Instance offering ID you obtained the previous step and you must specify the number of instances for the reservation. ``` aws ec2 purchase-reserved-instances-offering \ --reserved-instances-offering-id bec624df-a8cc-4aad-a72f-4f8abc34caf2 \ --instance-count 1 ``` By default, the purchase is completed immediately. Alternatively, to queue the purchase, add the following option to the previous call. ``` --purchase-time "2020-12-01T00:00:00Z" ``` 1. Use the [describe-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances.html) command to get the status of your Reserved Instance. ``` aws ec2 describe-reserved-instances \ --reserved-instances-ids b847fa93-e282-4f55-b59a-1342fec06327 \ --query ReservedInstances[].State ``` ------ #### [ PowerShell ] **To buy a Standard Reserved Instance** 1. Find available Reserved Instances using the [Get-EC2ReservedInstancesOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesOffering.html) cmdlet. Specify `standard` for the `-OfferingClass` parameter to return only Standard Reserved Instances. You can apply additional criteria to narrow your results. For example, use the following command to purchase a regional `t2.large` Reserved Instance with a default tenancy for `Linux/UNIX` for a 1-year term only. ``` Get-EC2ReservedInstancesOffering ` -InstanceType "t2.large" ` -OfferingClass "standard" ` -ProductDescription "Linux/UNIX" ` -InstanceTenancy "default" ` -Filters @{Name="duration"; Values="31536000"} ` @{Name="scope"; Values="Region" ``` To find Reserved Instances on the Reserved Instance Marketplace only, use the `marketplace` filter and do not specify a duration in the request, as the term might be shorter than a 1– or 3-year term. ``` Get-EC2ReservedInstancesOffering ` -InstanceType t2.large ` -OfferingClass "standard" ` -ProductDescription "Linux/UNIX" ` -InstanceTenancy default ` -Filters @{Name="marketplace"; Values="true"} ``` When you find a Reserved Instance that meets your needs, take note of the offering ID. For example: ``` bec624df-a8cc-4aad-a72f-4f8abc34caf2 ``` 1. Use the [New-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2ReservedInstance.html) cmdlet to buy your Reserved Instance. You must specify the Reserved Instance offering ID you obtained the previous step and you must specify the number of instances for the reservation. ``` New-EC2ReservedInstance ` -ReservedInstancesOfferingId "bec624df-a8cc-4aad-a72f-4f8abc34caf2" ` -InstanceCount 1 ``` By default, the purchase is completed immediately. Alternatively, to queue the purchase, add the following parameter to the previous call. ``` -PurchaseTime "2020-12-01T00:00:00Z" ``` 1. Use the [Get-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstance.html) cmdlet to get the status of your Reserved Instance. ``` Get-EC2ReservedInstance ` -ReservedInstancesId b847fa93-e282-4f55-b59a-1342fec06327 | ` Select State ``` ------ ## Buy Convertible Reserved Instances You can buy Convertible Reserved Instances in a specific Availability Zone and get a capacity reservation. Alternatively, you can forego the capacity reservation and purchase a regional Convertible Reserved Instance. If you already have a running instance that matches the specifications of the Reserved Instance, the billing benefit is immediately applied. You do not have to restart your instances. If you do not have a suitable running instance, launch an instance and ensure that you match the same criteria that you specified for your Reserved Instance. For more information, see [Use your Reserved Instances](using-reserved-instances.md). For examples of how Reserved Instances are applied to your running instances, see [How Reserved Instance discounts are applied](apply_ri.md). ------ #### [ Console ] **To buy Convertible Reserved Instances** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**, and then choose **Purchase Reserved Instances**. 1. For **Offering class**, choose **Convertible** to display Convertible Reserved Instances. 1. To purchase a capacity reservation, toggle on **Only show offerings that reserve capacity** in the top-right corner of the purchase screen. When you toggle on this setting, the **Availability Zone** field appears. To purchase a regional Reserved Instance, toggle off this setting. When you toggle off this setting, the **Availability Zone** field disappears. 1. Select other configurations as needed and choose **Search**. 1. For each Convertible Reserved Instance that you want to purchase, enter the quantity, and choose **Add to cart**. 1. To see a summary of your selection, choose **View cart**. 1. If **Order on** is **Now**, the purchase is completed immediately after you choose **Order all**. To queue a purchase, choose **Now** and select a date. You can select a different date for each eligible offering in the cart. The purchase is queued until 00:00 UTC on the selected date. 1. To complete the order, choose **Order all**. If, at the time of placing the order, there are offerings similar to your choice but with a lower price, AWS sells you the offerings at the lower price. 1. Choose **Close**. The status of your order is listed in the **State** column. When your order is complete, the **State** value changes from `Payment-pending` to `Active`. When the Reserved Instance is `Active`, it is ready to use. If the status goes to `Retired`, AWS might not have received your payment. ------ #### [ AWS CLI ] **To buy a Convertible Reserved Instance** 1. Find available Reserved Instances using the [describe-reserved-instances-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances-offerings.html) command. Specify `convertible` for the `--offering-class` option to return only Convertible Reserved Instances. You can apply additional criteria to narrow your results. For example, use the following command to purchase a regional `t2.large` Reserved Instance with a default tenancy for `Linux/UNIX`. ``` aws ec2 describe-reserved-instances-offerings \ --instance-type t2.large \ --offering-class convertible \ --product-description "Linux/UNIX" \ --instance-tenancy default \ --filters Name=scope,Values=Region ``` When you find a Reserved Instance that meets your needs, take note of the offering ID. For example: ``` "ReservedInstancesOfferingId": "bec624df-a8cc-4aad-a72f-4f8abc34caf2" ``` 1. Use the [purchase-reserved-instances-offering](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-reserved-instances-offering.html) command to buy your Reserved Instance. You must specify the Reserved Instance offering ID you obtained the previous step and you must specify the number of instances for the reservation. ``` aws ec2 purchase-reserved-instances-offering \ --reserved-instances-offering-id bec624df-a8cc-4aad-a72f-4f8abc34caf2 \ --instance-count 1 ``` By default, the purchase is completed immediately. Alternatively, to queue the purchase, add the following option to the previous call. ``` --purchase-time "2020-12-01T00:00:00Z" ``` 1. Use the [describe-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances.html) command to get the status of your Reserved Instance. ``` aws ec2 describe-reserved-instances \ --reserved-instances-ids b847fa93-e282-4f55-b59a-1342fec06327 \ --query ReservedInstances[].State ``` ------ #### [ PowerShell ] **To buy a Convertible Reserved Instance** 1. Find available Reserved Instances using the [Get-EC2ReservedInstancesOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesOffering.html) cmdlet. Specify `convertible` for the `-OfferingClass` parameter to return only Convertible Reserved Instances. You can apply additional criteria to narrow your results. For example, use the following command to purchase a regional `t2.large` Reserved Instance with a default tenancy for `Linux/UNIX`. ``` Get-EC2ReservedInstancesOffering ` -InstanceType "t2.large" ` -OfferingClass "convertible" ` -ProductDescription "Linux/UNIX" ` -InstanceTenancy "default" ` -Filters @{Name="scope"; Values="Region" ``` When you find a Reserved Instance that meets your needs, take note of the offering ID. For example: ``` bec624df-a8cc-4aad-a72f-4f8abc34caf2 ``` 1. Use the [New-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2ReservedInstance.html) cmdlet to buy your Reserved Instance. You must specify the Reserved Instance offering ID that you obtained the previous step and you must specify the number of instances for the reservation. ``` New-EC2ReservedInstance ` -ReservedInstancesOfferingId "bec624df-a8cc-4aad-a72f-4f8abc34caf2" ` -InstanceCount 1 ``` By default, the purchase is completed immediately. Alternatively, to queue the purchase, add the following parameter to the previous call. ``` -PurchaseTime "2020-12-01T00:00:00Z" ``` 1. Use the [Get-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstance.html) cmdlet to get the status of your Reserved Instance. ``` Get-EC2ReservedInstance ` -ReservedInstancesId b847fa93-e282-4f55-b59a-1342fec06327 | ` Select State ``` ------ ## Buy from the Reserved Instance Marketplace You can purchase Reserved Instances from third-party sellers who own Reserved Instances that they no longer need from the Reserved Instance Marketplace. You can do this using the Amazon EC2 console or a command line tool. The process is similar to purchasing Reserved Instances from AWS. For more information, see [Buy Standard Reserved Instances](#ri-buying-standard). There are a few differences between Reserved Instances purchased in the Reserved Instance Marketplace and Reserved Instances purchased directly from AWS: + **Term** – Reserved Instances that you purchase from third-party sellers have less than a full standard term remaining. Full standard terms from AWS run for one year or three years. + **Upfront price** – Third-party Reserved Instances can be sold at different upfront prices. The usage or recurring fees remain the same as the fees set when the Reserved Instances were originally purchased from AWS. + **Types of Reserved Instances** – Only Amazon EC2 Standard Reserved Instances can be purchased from the Reserved Instance Marketplace. Convertible Reserved Instances, Amazon RDS, and Amazon ElastiCache Reserved Instances are not available for purchase on the Reserved Instance Marketplace. Basic information about you is shared with the seller, for example, your ZIP code and country information. This information enables sellers to calculate any necessary transaction taxes that they have to remit to the government (such as sales tax or value-added tax) and is provided as a disbursement report. In rare circumstances, AWS might have to provide the seller with your email address, so that they can contact you regarding questions related to the sale (for example, tax questions). For similar reasons, AWS shares the legal entity name of the seller on the buyer's purchase invoice. If you need additional information about the seller for tax or related reasons, contact [Support](https://aws.amazon.com/contact-us/). ## Cancel a queued purchase You can queue a purchase up to three years in advance. You can cancel a queued purchase any time before its scheduled time. ------ #### [ Console ] **To cancel a queued purchase** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**. 1. Select one or more Reserved Instances. 1. Choose **Actions**, **Delete queued Reserved Instances**. 1. When prompted for confirmation, choose **Delete**, and then **Close**. ------ #### [ AWS CLI ] **To cancel a queued purchase** Use the [delete-queued-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-queued-reserved-instances.html) command. ``` aws ec2 delete-queued-reserved-instances \ --reserved-instances-ids b847fa93-e282-4f55-b59a-1342fec06327 ``` ------ #### [ PowerShell ] **To cancel a queued purchase** Use the [Remove-EC2QueuedReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2QueuedReservedInstance.html) cmdlet. ``` Remove-EC2QueuedReservedInstance ` -ReservedInstancesId b847fa93-e282-4f55-b59a-1342fec06327 ``` ------ ## Renew a Reserved Instance You can renew a Reserved Instance before it is scheduled to expire. Renewing a Reserved Instance queues the purchase of a Reserved Instance with the same configuration until the current Reserved Instance expires. You must renew a Reserved Instance using the Amazon EC2 console. **To renew a Reserved Instance using a queued purchase** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**. 1. Select the Reserved Instance to renew. 1. Choose **Actions**, **Renew Reserved Instances**. 1. To complete the order, choose **Order all**, and then **Close**. # Sell Reserved Instances for Amazon EC2 in the Reserved Instance Marketplace Sell Reserved Instances The Amazon EC2 Reserved Instance Marketplace is a platform that facilitates the sale of unused Standard Reserved Instances from AWS customers and third-party sellers. These Reserved Instances can vary in term lengths and pricing options. You might want to sell your Reserved Instances when you no longer need them, such as when you move your instances to a new AWS Region, change to a different instance type, finish projects before the Reserved Instance term expires, your business needs change, or you have excess capacity. As soon as you list your Reserved Instances in the Reserved Instance Marketplace, they are available for potential buyers to find. All Reserved Instances are grouped according to the duration of the term remaining and the hourly price. To fulfill a buyer's request to purchase a third-party seller’s Reserved Instance via the Reserved Instance Marketplace, AWS first sells the Reserved Instance with the lowest upfront price in the specified grouping. Then, AWS sells the Reserved Instance with the next lowest price, until the buyer's entire order is fulfilled. AWS then processes the transactions and transfers ownership of the Reserved Instances to the buyer. You own your Reserved Instance until it's sold. After the sale, you've given up the capacity reservation and the discounted recurring fees. If you continue to use your instance, AWS charges you the On-Demand price starting from the time that your Reserved Instance was sold. If you want to sell your unused Reserved Instances on the Reserved Instance Marketplace, you must meet certain eligibility criteria. For information about buying Reserved Instances on the Reserved Instance Marketplace, see [Buy from the Reserved Instance Marketplace](ri-market-concepts-buying.md#ri-market-buying-guide). **Topics** + [ ## Restrictions and limitations ](#ri-seller-limits) + [ ## Register as a seller ](#ri-market-seller-profile) + [ ## Bank account for disbursement ](#ri-market-concepts-bank) + [ ## Tax information ](#ri-market-concepts-taxinfo) + [ ## Price your Reserved Instances ](#ri-market-concepts-pricing) + [ ## List your Reserved Instances ](#ri-market-selling-listing) + [ ## Reserved Instance listing states ](#ri-listing-states) + [ ## Lifecycle of a listing ](#ri-market-concepts-sold-partial) + [ ## After your Reserved Instance is sold ](#ri-market-concepts-sold) + [ ## Getting paid ](#ri-market-sold-gettingpaid) + [ ## Information shared with the buyer ](#ri-market-seller-disclosure) ## Restrictions and limitations Before you can sell your unused reservations, you must register as a seller in the Reserved Instance Marketplace. For information, see [Register as a seller](#ri-market-seller-profile). The following limitations and restrictions apply when selling Reserved Instances: + Only Amazon EC2 Standard regional and zonal Reserved Instances can be sold in the Reserved Instance Marketplace. + Amazon EC2 Convertible Reserved Instances can't be sold in the Reserved Instance Marketplace. + Reserved Instances for other AWS services, such as Amazon RDS and Amazon ElastiCache, cannot be sold in the Reserved Instance Marketplace. + There must be at least one month remaining in the term of the Standard Reserved Instance. + You can't sell a Standard Reserved Instance in a Region that is [disabled by default](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html). + The minimum price allowed in the Reserved Instance Marketplace is \$10.00. + You can sell No Upfront, Partial Upfront, or All Upfront Reserved Instances in the Reserved Instance Marketplace as long as they have been active in your account for at least 30 days. Additionally, if there is an upfront payment on a Reserved Instance, it can only be sold after AWS has received the upfront payment. + You can't sell a Reserved Instance in the Reserved Instance Marketplace if you purchased it using a volume discount. + You cannot modify your listing in the Reserved Instance Marketplace directly. However, you can change your listing by first canceling it and then creating another listing with new parameters. For information, see [Price your Reserved Instances](#ri-market-concepts-pricing). You can also modify your Reserved Instances before listing them. For information, see [Modify Reserved Instances](ri-modifying.md). + AWS charges a service fee of 12 percent of the total upfront price of each Standard Reserved Instance you sell in the Reserved Instance Marketplace. The upfront price is the price the seller is charging for the Standard Reserved Instance. + When you register as a seller, the bank you specify must have a US address. For more information, see [Additional seller requirements for paid products](https://docs.aws.amazon.com/marketplace/latest/userguide/user-guide-for-sellers.html#additional-seller-requirements-for-paid-products) in the *AWS Marketplace Seller Guide*. + Amazon Web Services India Private Limited (AWS India) customers can't register as a seller on EC2 Reserved Instance Marketplace and can't list or sell Reserved Instances in the EC2 Reserved Instance Marketplace, even if they have a US bank account. For more information, see [What are the differences between AWS accounts and AWS India accounts?](https://repost.aws/knowledge-center/aws-india-differences) + If you change your seller of record to Amazon Web Services India Private Limited (AWS India), you'll be deregistered as a seller from the EC2 Reserved Instance Marketplace and all of your existing active listings on the EC2 Reserved Instance Marketplace will be removed. To restore your seller status, you must change your account location to a country other than India and complete the seller registration process again. ## Register as a seller **Note** Only the AWS account root user can register an account as a seller. To sell in the Reserved Instance Marketplace, you must first register as a seller. During registration, you provide the following information: + **Bank information**—AWS must have your bank information in order to disburse funds collected when you sell your reservations. The bank you specify must have a US address. For more information, see [Bank account for disbursement](#ri-market-concepts-bank). + **Tax information**—All sellers are required to complete a tax information interview to determine any necessary tax reporting obligations. For more information, see [Tax information](#ri-market-concepts-taxinfo). After AWS receives your completed seller registration, you receive an email confirming your registration and informing you that you can get started selling in the Reserved Instance Marketplace. ## Bank account for disbursement AWS must have your bank information in order to disburse funds collected when you sell your Reserved Instance. The bank you specify must have a US address. For more information, see [Additional seller requirements for paid products](https://docs.aws.amazon.com/marketplace/latest/userguide/user-guide-for-sellers.html#additional-seller-requirements-for-paid-products) in the *AWS Marketplace Seller Guide*. **To register a default bank account for disbursements** 1. Open the [Reserved Instance Marketplace Seller Registration](https://us-east-1.console.aws.amazon.com/rimarketplace/home?region=us-east-1) page and sign in using your AWS credentials. 1. On the **Manage Bank Account** page, provide the following information about the bank through to receive payment: + Bank account holder name + Routing number + Account number + Bank account type **Note** If you are using a corporate bank account, you are prompted to send the information about the bank account via fax (1-206-765-3424). After registration, the bank account provided is set as the default, pending verification with the bank. It can take up to two weeks to verify a new bank account, during which time you can't receive disbursements. For an established account, it usually takes about two days for disbursements to complete. **To change the default bank account for disbursement** 1. On the [Reserved Instance Marketplace Seller Registration](https://us-east-1.console.aws.amazon.com/rimarketplace/home?region=us-east-1) page, sign in with the account that you used when you registered. 1. On the **Manage Bank Account** page, add a new bank account or modify the default bank account as needed. ## Tax information Your sale of Reserved Instances might be subject to a transaction-based tax, such as sales tax or value-added tax. You should check with your business's tax, legal, finance, or accounting department to determine if transaction-based taxes are applicable. You are responsible for collecting and sending the transaction-based taxes to the appropriate tax authority. As part of the seller registration process, you must complete a tax interview in the [Seller Registration Portal](https://portal.aws.amazon.com/ec2/ri/seller_registration?action=taxInterview). The interview collects your tax information and populates an IRS form W-9, W-8BEN, or W-8BEN-E, which is used to determine any necessary tax reporting obligations. The tax information you enter as part of the tax interview might differ depending on whether you operate as an individual or business, and whether you or your business are a US or non-US person or entity. As you fill out the tax interview, keep in mind the following: + Information provided by AWS, including the information in this topic, does not constitute tax, legal, or other professional advice. To find out how the IRS reporting requirements might affect your business, or if you have other questions, contact your tax, legal, or other professional advisor. + To fulfill the IRS reporting requirements as efficiently as possible, answer all questions and enter all information requested during the interview. + Check your answers. Avoid misspellings or entering incorrect tax identification numbers. They can result in an invalidated tax form. Based on your tax interview responses and IRS reporting thresholds, Amazon might file Form 1099-K. Amazon mails a copy of your Form 1099-K on or before January 31 in the year following the year that your tax account reaches the threshold levels. For example, if your account reaches the threshold in 2018, your Form 1099-K is mailed on or before January 31, 2019. For more information about IRS requirements and Form 1099-K, see [Form 1099-K FAQs](https://www.irs.gov/newsroom/form-1099-k-faqs-third-party-filers-of-form-1099-k) on the IRS website. ## Price your Reserved Instances When setting the price for your Reserved Instances, consider the following: + **Upfront price** – The upfront price is the only price that you can specify for the Reserved Instance that you're selling. The upfront price is the one-time price that the buyer pays when they purchase each Reserved Instance. Because the value of Reserved Instances decreases over time, by default, AWS can set prices to decrease in equal increments month over month. However, you can set different upfront prices based on when your reservation sells. For example, if your Reserved Instance has nine months of its term remaining, you can specify the amount that you would accept if a customer were to purchase that Reserved Instance with nine months remaining. You could set another price with five months remaining, and yet another price with one month remaining. The minimum allowed price in the Reserved Instance Marketplace is \$10.00. + **Limits** – The following limits for selling Reserved Instances apply to the *lifetime* of your AWS account. They are not annual limits and they can't be increased. + **You can sell up to \$150,000 in Reserved Instances**. + **You can sell up to 5,000 Reserved Instances**. + **Can't modify** – You cannot modify your listing directly. However, you can change your listing by first canceling it and then creating another listing with new parameters. + **Can cancel** – You can cancel your listing at any time, as long as it's in the `active` state. You cannot cancel the listing if it's already matched or being processed for a sale. If some of the instances in your listing are matched and you cancel the listing, only the remaining unmatched instances are removed from the listing. ## List your Reserved Instances As a registered seller, you can choose to sell one or more of your Reserved Instances. You can choose to sell all of them in one listing or in portions. In addition, you can list Reserved Instances with any configuration of instance type, platform, and scope. The console determines a suggested price. It checks for offerings that match your Reserved Instance and matches the one with the lowest price. Otherwise, it calculates a suggested price based on the cost of the Reserved Instance for its remaining time. If the calculated value is less than \$11.01, the suggested price is \$11.01. If you cancel your listing and a portion of that listing has already been sold, the cancellation is not effective on the portion that has been sold. Only the unsold portion of the listing is no longer available in the Reserved Instance Marketplace. ------ #### [ Console ] **To list a Reserved Instance in the Reserved Instance Marketplace** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**. 1. Select the Reserved Instances to list, and choose **Actions**, **Sell Reserved Instances**. 1. On the **Configure Your Reserved Instance Listing** page, set the number of instances to sell and the upfront price for the remaining term in the relevant columns. See how the value of your reservation changes over the remainder of the term by selecting the arrow next to the **Months Remaining** column. 1. If you are an advanced user and you want to customize the pricing, you can enter different values for the subsequent months. To return to the default linear price drop, choose **Reset**. 1. Choose **Continue** when you are finished configuring your listing. 1. Confirm the details of your listing, on the **Confirm Your Reserved Instance Listing** page and if you're satisfied, choose **List Reserved Instance**. **To view your listings in the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**. 1. Select the Reserved Instance that you've listed and choose the **My Listings** tab near the bottom of the page. ------ #### [ AWS CLI ] **To manage Reserved Instances in the Reserved Instance Marketplace** 1. Get a list of your Reserved Instances by using the [describe-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances.html) command. Note that ID of the Reserved Instance that you want to list. 1. Use the [create-reserved-instances-listing](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-reserved-instances-listing.html) command. You must specify the ID of the Reserved Instance, the number of instances, and the pricing schedule. 1. To view your listing, use the [describe-reserved-instances-listings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances-listings.html) command. 1. To cancel your listing, use the [cancel-reserved-instances-listing](https://docs.aws.amazon.com/cli/latest/reference/ec2/cancel-reserved-instances-listing.html) command. ------ #### [ PowerShell ] **To manage Reserved Instances in the Reserved Instance Marketplace** 1. Get a list of your Reserved Instances by using the [Get-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstance.html) cmdlet. Note that ID of the Reserved Instance that you want to list. 1. Use the [New-EC2ReservedInstancesListing](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2ReservedInstancesListing.html) cmdlet. You must specify the ID of the Reserved Instance, the number of instances, and the pricing schedule. 1. To view your listing, use the [Get-EC2ReservedInstancesListing](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesListing.html) cmdlet. 1. To cancel your listing, use the [Stop-EC2ReservedInstancesListing](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2ReservedInstancesListing.html) cmdlet. ------ ## Reserved Instance listing states **Listing State** on the **My Listings** tab of the Reserved Instances page displays the current status of your listings: The information displayed by **Listing State** is about the status of your listing in the Reserved Instance Marketplace. It is different from the status information that is displayed by the **State** column in the **Reserved Instances** page. This **State** information is about your reservation. + **active**—The listing is available for purchase. + **canceled**—The listing is canceled and isn't available for purchase in the Reserved Instance Marketplace. + **closed**—The Reserved Instance is not listed. A Reserved Instance might be `closed` because the sale of the listing was completed. ## Lifecycle of a listing When all the instances in your listing are matched and sold, the **My Listings** tab shows that the **Total instance count** matches the count listed under **Sold**. Also, there are no **Available** instances left for your listing, and its **Status** is `closed`. When only a portion of your listing is sold, AWS retires the Reserved Instances in the listing and creates the number of Reserved Instances equal to the Reserved Instances remaining in the count. So, the listing ID and the listing that it represents, which now has fewer reservations for sale, is still active. Any future sales of Reserved Instances in this listing are processed this way. When all the Reserved Instances in the listing are sold, AWS marks the listing as `closed`. For example, you create a listing *Reserved Instances listing ID 5ec28771-05ff-4b9b-aa31-9e57dexample* with a listing count of 5. The **My Listings** tab in the **Reserved Instance** console page displays the listing this way: *Reserved Instance listing ID 5ec28771-05ff-4b9b-aa31-9e57dexample* + Total reservation count = 5 + Sold = 0 + Available = 5 + Status = active A buyer purchases two of the reservations, which leaves a count of three reservations still available for sale. Because of this partial sale, AWS creates a new reservation with a count of three to represent the remaining reservations that are still for sale. This is how your listing looks in the **My Listings** tab: *Reserved Instance listing ID 5ec28771-05ff-4b9b-aa31-9e57dexample* + Total reservation count = 5 + Sold = 2 + Available = 3 + Status = active If you cancel your listing and a portion of that listing has already sold, the cancelation is not effective on the portion that has been sold. Only the unsold portion of the listing is no longer available in the Reserved Instance Marketplace. ## After your Reserved Instance is sold When your Reserved Instance is sold, AWS sends you an email notification. Each day that there is any kind of activity, you receive one email notification capturing all the activities of the day. Activities can include when you create or sell a listing, or when AWS sends funds to your account. ------ #### [ Console ] **To track the status of a Reserved Instance listing** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation page, choose **Reserved Instances**. 1. On the **My Listings** tab, find the value of **Listing State**. The tab also contains information about the term, listing price, and a breakdown of how many instances in the listing are available, pending, sold, and canceled. ------ #### [ AWS CLI ] **To track the status of a Reserved Instance listing** Use the [describe-reserved-instances-listings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances-listings.html) command with the appropriate filter to obtain information about your listings. ``` aws ec2 describe-reserved-instances-listings ``` ------ #### [ PowerShell ] **To track the status of a Reserved Instance listing** Use the [Get-EC2ReservedInstancesListing](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesListing.html) cmdlet. ``` Get-EC2ReservedInstancesListing ``` ------ ## Getting paid As soon as AWS receives funds from the buyer, a message is sent to the registered owner account email for the sold Reserved Instance. AWS sends an Automated Clearing House (ACH) wire transfer to your specified bank account. Typically, this transfer occurs between one to three days after your Reserved Instance has been sold. Disbursements take place once a day. You will receive an email with a disbursement report after the funds are released. Keep in mind that you can't receive disbursements until AWS receives verification from your bank. This can take up to two weeks. The Reserved Instance that you sold continues to appear when you describe your Reserved Instances. You receive a cash disbursement for your Reserved Instances through a wire transfer directly into your bank account. AWS charges a service fee of 12 percent of the total upfront price of each Reserved Instance you sell in the Reserved Instance Marketplace. ## Information shared with the buyer When you sell in the Reserved Instance Marketplace, AWS shares your company’s legal name on the buyer’s statement in accordance with US regulations. In addition, if the buyer calls Support because the buyer needs to contact you for an invoice or for some other tax-related reason, AWS might need to provide the buyer with your email address so that the buyer can contact you directly. For similar reasons, the buyer's ZIP code and country information are provided to the seller in the disbursement report. As a seller, you might need this information to accompany any necessary transaction taxes that you remit to the government (such as sales tax and value-added tax). AWS cannot offer tax advice, but if your tax specialist determines that you need specific additional information, [contact Support](https://aws.amazon.com/contact-us/). # Modify Reserved Instances When your needs change, you can modify your Standard or Convertible Reserved Instances and continue to benefit from the billing benefit. You can modify attributes such as the Availability Zone, instance size (within the same instance family and generation), and scope of your Reserved Instance. **Note** You can also exchange a Convertible Reserved Instance for another Convertible Reserved Instance with a different configuration. For more information, see [Exchange Convertible Reserved Instances](ri-convertible-exchange.md). You can modify all or a subset of your Reserved Instances. You can separate your original Reserved Instances into two or more new Reserved Instances. For example, if you have a reservation for 10 instances in `us-east-1a` and decide to move 5 instances to `us-east-1b`, the modification request results in two new reservations: one for 5 instances in `us-east-1a` and the other for 5 instances in `us-east-1b`. You can also *merge* two or more Reserved Instances into a single Reserved Instance. For example, if you have four `t2.small` Reserved Instances of one instance each, you can merge them to create one `t2.large` Reserved Instance. For more information, see [Support for modifying instance sizes](#ri-modification-instancemove). After modification, the benefit of the Reserved Instances is applied only to instances that match the new parameters. For example, if you change the Availability Zone of a reservation, the capacity reservation and pricing benefits are automatically applied to instance usage in the new Availability Zone. Instances that no longer match the new parameters are charged at the On-Demand rate, unless your account has other applicable reservations. If your modification request succeeds: + The modified reservation becomes effective immediately and the pricing benefit is applied to the new instances beginning at the hour of the modification request. For example, if you successfully modify your reservations at 9:15PM, the pricing benefit transfers to your new instance at 9:00PM. You can get the effective date of the modified Reserved Instances by using the [describe-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances.html) command. + The original reservation is retired. Its end date is the start date of the new reservation, and the end date of the new reservation is the same as the end date of the original Reserved Instance. If you modify a three-year reservation that had 16 months left in its term, the resulting modified reservation is a 16-month reservation with the same end date as the original one. + The modified reservation lists a \$10 fixed price and not the fixed price of the original reservation. + The fixed price of the modified reservation does not affect the discount pricing tier calculations applied to your account, which are based on the fixed price of the original reservation. If your modification request fails, your Reserved Instances maintain their original configuration, and are immediately available for another modification request. There is no fee for modification, and you do not receive any new bills or invoices. You can modify your reservations as frequently as you like, but you cannot change or cancel a pending modification request after you submit it. After the modification has completed successfully, you can submit another modification request to roll back any changes you made, if needed. **Topics** + [ ## Requirements and restrictions for modification ](#ri-modification-limits) + [ ## Support for modifying instance sizes ](#ri-modification-instancemove) + [ ## Submit modification requests ](#ri-modification-process) + [ ## Troubleshoot modification requests ](#ri-modification-process-messages) ## Requirements and restrictions for modification You can modify these attributes as follows. | Modifiable attribute | Supported platforms | Limitations and considerations | | --- | --- | --- | | Change **Availability Zones** within the same Region | Linux and Windows | - | | Change the **scope** from Availability Zone to Region and vice versa | Linux and Windows | A zonal Reserved Instance is scoped to an Availability Zone and reserves capacity in that Availability Zone. If you change the scope from Availability Zone to Region (in other words, from zonal to regional), you lose the capacity reservation benefit. A regional Reserved Instance is scoped to a Region. Your Reserved Instance discount can apply to instances running in any Availability Zone in that Region. Furthermore, the Reserved Instance discount applies to instance usage across all sizes in the selected instance family. If you change the scope from Region to Availability Zone (in other words, from regional to zonal), you lose Availability Zone flexibility and instance size flexibility (if applicable). For more information, see [How Reserved Instance discounts are applied](apply_ri.md). | | Change the **instance size** within the same instance family and generation | Linux/UNIX only Instance size flexibility is not available for Reserved Instances on the other platforms, which include Linux with SQL Server Standard, Linux with SQL Server Web, Linux with SQL Server Enterprise, Red Hat Enterprise Linux, SUSE Linux, Windows, Windows with SQL Standard, Windows with SQL Server Enterprise, and Windows with SQL Server Web. | The reservation must use default tenancy. Some instance families are not supported, because there are no other sizes available. For more information, see [Support for modifying instance sizes](#ri-modification-instancemove) | **Requirements** Amazon EC2 processes your modification request if there is sufficient capacity for your new configuration (if applicable), and if the following conditions are met: + The Reserved Instance cannot be modified before or at the same time that you purchase it + The Reserved Instance must be active + There cannot be a pending modification request + The Reserved Instance is not listed in the Reserved Instance Marketplace + There must be a match between the instance size footprint of the original reservation and the new configuration. For more information, see [Support for modifying instance sizes](#ri-modification-instancemove). + The original Reserved Instances are all Standard Reserved Instances or all Convertible Reserved Instances, not some of each type + The original Reserved Instances must expire within the same hour, if they are Standard Reserved Instances + For modifying instance size, the Reserved Instance must support instance size flexibility. For the list of Reserved Instances that don't support instance size flexibility, see [Instance size flexibility](apply_ri.md#ri-instance-size-flexibility). ## Support for modifying instance sizes You can modify the instance size of a Reserved Instance if the following requirements are met. **Requirements** + The platform is Linux/UNIX. + You must select another instance size in the same [instance family](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html) (indicated by a letter, for example, T) and [generation](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html) (indicated by a number, for example, 2). For example, you can modify a Reserved Instance from `t2.small` to `t2.large` because they're both in the same T2 family and generation. But you can't modify a Reserved Instance from T2 to M2 or from T2 to T3, because in both these examples, the target instance family and generation are not the same as the original Reserved Instance. + You can modify the instance size of a Reserved Instance only if it supports instance size flexibility. For the list of Reserved Instances that don't support instance size flexibility, see [Instance size flexibility](apply_ri.md#ri-instance-size-flexibility). + You can't modify the instance size of Reserved Instances for `t1.micro` instances, because `t1.micro` has only one size. + The original and new Reserved Instance must have the same instance size footprint. **Topics** + [ ### Instance size footprint ](#ri-modification-instance-size-footprint) + [ ### Normalization factors for bare metal instances ](#ri-normalization-factor-bare-metal-2) ### Instance size footprint Each Reserved Instance has an *instance size footprint*, which is determined by the normalization factor of the instance size and the number of instances in the reservation. When you modify the instance sizes in an Reserved Instance, the footprint of the new configuration must match that of the original configuration, otherwise the modification request is not processed. To calculate the instance size footprint of a Reserved Instance, multiply the number of instances by the normalization factor. In the Amazon EC2 console, the normalization factor is measured in units. The following table describes the normalization factor for the instance sizes in an instance family. For example, `t2.medium` has a normalization factor of 2, so a reservation for four `t2.medium` instances has a footprint of 8 units. | Instance size | Normalization factor | | --- | --- | | nano | 0.25 | | micro | 0.5 | | small | 1 | | medium | 2 | | large | 4 | | xlarge | 8 | | 2xlarge | 16 | | 3xlarge | 24 | | 4xlarge | 32 | | 6xlarge | 48 | | 8xlarge | 64 | | 9xlarge | 72 | | 10xlarge | 80 | | 12xlarge | 96 | | 16xlarge | 128 | | 18xlarge | 144 | | 24xlarge | 192 | | 32xlarge | 256 | | 48xlarge | 384 | | 56xlarge | 448 | | 112xlarge | 896 | You can allocate your reservations into different instance sizes across the same instance family as long as the instance size footprint of your reservation remains the same. For example, you can divide a reservation for one `t2.large` (1 @ 4 units) instance into four `t2.small` (4 @ 1 unit) instances. Similarly, you can combine a reservation for four `t2.small` instances into one `t2.large` instance. However, you cannot change your reservation for two `t2.small` instances into one `t2.large` instance because the footprint of the new reservation (4 units) is larger than the footprint of the original reservation (2 units). In the following example, you have a reservation with two `t2.micro` instances (1 unit) and a reservation with one `t2.small` instance (1 unit). If you merge both of these reservations to a single reservation with one `t2.medium` instance (2 units), the footprint of the new reservation equals the footprint of the combined reservations. ![\[Modifying Reserved Instances.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-modify-merge.png) You can also modify a reservation to divide it into two or more reservations. In the following example, you have a reservation with a `t2.medium` instance (2 units). You can divide the reservation into two reservations, one with two `t2.nano` instances (.5 units) and the other with three `t2.micro` instances (1.5 units). ![\[Modifying Reserved Instances.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-modify-divide.png) ### Normalization factors for bare metal instances You can modify a reservation with `metal` instances using other sizes within the same instance family. Similarly, you can modify a reservation with instances other than bare metal instances using the `metal` size within the same instance family. Generally, a bare metal instance is the same size as the largest available instance size within the same instance family. For example, an `i3.metal` instance is the same size as an `i3.16xlarge` instance, so they have the same normalization factor. The following table describes the normalization factor for the bare metal instance sizes in the instance families that have bare metal instances. The normalization factor for `metal` instances depends on the instance family, unlike the other instance sizes. | Instance size | Normalization factor | | --- | --- | | a1.metal | 32 | | m5zn.metal \$1 x2iezn.metal z1d.metal | 96 | | c6g.metal \$1 c6gd.metal \$1 i3.metal \$1 m6g.metal \$1 m6gd.metal \$1 r6g.metal \$1 r6gd.metal \$1 x2gd.metal | 128 | | c5n.metal | 144 | | c5.metal \$1 c5d.metal \$1 i3en.metal \$1 m5.metal \$1 m5d.metal \$1 m5dn.metal \$1 m5n.metal \$1 r5.metal \$1 r5b.metal \$1 r5d.metal \$1 r5dn.metal \$1 r5n.metal | 192 | | c6i.metal \$1 c6id.metal \$1 m6i.metal \$1 m6id.metal \$1 r6d.metal \$1 r6id.metal | 256 | | u-18tb1.metal \$1 u-24tb1.metal | 448 | | u-6tb1.metal \$1 u-9tb1.metal \$1 u-12tb1.metal | 896 | For example, an `i3.metal` instance has a normalization factor of 128. If you purchase an `i3.metal` default tenancy Amazon Linux/Unix Reserved Instance, you can divide the reservation as follows: + An `i3.16xlarge` is the same size as an `i3.metal` instance, so its normalization factor is 128 (128/1). The reservation for one `i3.metal` instance can be modified into one `i3.16xlarge` instance. + An `i3.8xlarge` is half the size of an `i3.metal` instance, so its normalization factor is 64 (128/2). The reservation for one `i3.metal` instance can be divided into two `i3.8xlarge` instances. + An `i3.4xlarge` is a quarter the size of an `i3.metal` instance, so its normalization factor is 32 (128/4). The reservation for one `i3.metal` instance can be divided into four `i3.4xlarge` instances. ## Submit modification requests Before you modify your Reserved Instances, ensure that you have read the applicable [restrictions](#ri-modification-limits). Before you modify the instance size, calculate the total [instance size footprint](#ri-modification-instancemove) of the original reservations that you want to modify and ensure that it matches the total instance size footprint of your new configurations. ------ #### [ Console ] **To modify your Reserved Instances** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the **Reserved Instances** page, select one or more Reserved Instances to modify, and choose **Actions**, **Modify Reserved Instances**. If your Reserved Instances are not in the active state or cannot be modified, **Modify Reserved Instances** is disabled. 1. The first entry in the modification table displays attributes of the selected Reserved Instances, and at least one target configuration beneath it. The **Units** column displays the total instance size footprint. Choose **Add** for each new configuration to add. Modify the attributes as needed for each configuration. + **Scope**: Choose whether the configuration applies to an Availability Zone or to the whole Region. + **Availability Zone**: Choose the required Availability Zone. Not applicable for regional Reserved Instances. + **Instance type**: Select the required instance type. The combined configurations must equal the instance size footprint of your original configurations. + **Count**: Specify the number of instances. To split the Reserved Instances into multiple configurations, reduce the count, choose **Add**, and specify a count for the additional configuration. For example, if you have a single configuration with a count of 10, you can change its count to 6 and add a configuration with a count of 4. This process retires the original Reserved Instance after the new Reserved Instances are activated. 1. Choose **Continue**. 1. To confirm your modification choices when you finish specifying your target configurations, choose **Submit modifications**. 1. You can determine the status of your modification request by looking at the **State** column in the Reserved Instances screen. The following are the possible states. + **active* (pending modification)*** — Transition state for original Reserved Instances + **retired* (pending modification)*** — Transition state for original Reserved Instances while new Reserved Instances are being created + **retired** — Reserved Instances successfully modified and replaced + **active** — One of the following: + New Reserved Instances created from a successful modification request + Original Reserved Instances after a failed modification request ------ #### [ AWS CLI ] **To modify your Reserved Instances** Use the [modify-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-reserved-instances.html) command. You can provide the configuration details in a JSON file. ``` aws ec2 modify-reserved-instances \ --reserved-instances-ids b847fa93-e282-4f55-b59a-1342f5bd7c02 \ --target-configurations file://configuration.json ``` **To get the status of your modification request** Use the [describe-reserved-instances-modifications](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances-modifications.html) command. The status is `processing`, `fulfilled`, or `failed`. ``` aws ec2 describe-reserved-instances-modifications \ --reserved-instances-modification-ids rimod-d3ed4335-b1d3-4de6-ab31-0f13aaf46687 \ --query ReservedInstancesModifications[].Status ``` ------ #### [ PowerShell ] **To modify your Reserved Instances** Use the [Edit-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2ReservedInstance.html) cmdlet. You can provide the configuration details in an object of type `Amazon.EC2.Model.ReservedInstancesConfiguration`. ``` Edit-EC2ReservedInstance ` -ReservedInstancesId b847fa93-e282-4f55-b59a-1342f5bd7c02 ` -TargetConfiguration $configuration ``` **To get the status of your modification request** Use the [Get-EC2ReservedInstancesModification](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesModification.html) cmdlet. The status is `processing`, `fulfilled`, or `failed`. ``` Get-EC2ReservedInstancesModification ` -ReservedInstancesModificationId rimod-d3ed4335-b1d3-4de6-ab31-0f13aaf46687 | ` Select Status ``` ------ ## Troubleshoot modification requests If the target configuration settings that you requested were unique, you receive a message that your request is being processed. At this point, Amazon EC2 has only determined that the parameters of your modification request are valid. Your modification request can still fail during processing due to unavailable capacity. In some situations, you might get a message indicating incomplete or failed modification requests instead of a confirmation. Use the information in such messages as a starting point for resubmitting another modification request. Ensure that you have read the applicable [restrictions](#ri-modification-limits) before submitting the request. **Not all selected Reserved Instances can be processed for modification** Amazon EC2 identifies and lists the Reserved Instances that cannot be modified. If you receive a message like this, go to the **Reserved Instances** page in the Amazon EC2 console and check the information for the Reserved Instances. **Error in processing your modification request** You submitted one or more Reserved Instances for modification and none of your requests can be processed. Depending on the number of reservations you are modifying, you can get different versions of the message. Amazon EC2 displays the reasons why your request cannot be processed. For example, you might have specified the same target configuration—a combination of Availability Zone and platform—for one or more subsets of the Reserved Instances you are modifying. Try submitting the modification requests again, but ensure that the instance details of the reservations match, and that the target configurations for all subsets being modified are unique. # Exchange Convertible Reserved Instances You can exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy. There are no limits to how many times you perform an exchange, as long as the new Convertible Reserved Instance is of an equal or higher value than the Convertible Reserved Instances that you are exchanging. When you exchange your Convertible Reserved Instance, the number of instances for your current reservation is exchanged for a number of instances that cover the equal or higher value of the configuration of the new Convertible Reserved Instance. Amazon EC2 calculates the number of Reserved Instances that you can receive as a result of the exchange. You can't exchange Standard Reserved Instances, but you can modify them. For more information, see [Modify Reserved Instances](ri-modifying.md) . **Topics** + [ ## Requirements for exchanging Convertible Reserved Instances ](#riconvertible-exchange-limits) + [ ## Calculate Convertible Reserved Instances exchanges ](#riconvertible-exchange-cost) + [ ## Merge Convertible Reserved Instances ](#ri-merge-convertible) + [ ## Exchange a portion of a Convertible Reserved Instance ](#ri-split-convertible) + [ ## Submit exchange requests ](#ri-exchange-process) ## Requirements for exchanging Convertible Reserved Instances If the following conditions are met, Amazon EC2 processes your exchange request. Your Convertible Reserved Instance must be: + Active + Not pending a previous exchange request + Have at least 24 hours remaining before it expires The following rules apply: + Convertible Reserved Instances must be exchanged for other Convertible Reserved Instances currently offered by AWS. + Convertible Reserved Instances are associated with a specific Region, which is fixed for the duration of the reservation's term. You can't exchange a Convertible Reserved Instance for a Convertible Reserved Instance in a different Region. + To exchange a zonal Convertible Reserved Instance, AWS must have enough capacity for the new instance type in the Region. + You can exchange one or more Convertible Reserved Instances at a time for one Convertible Reserved Instance only. + To exchange a portion of a Convertible Reserved Instance, you can modify it into two or more reservations, and then exchange one or more of the reservations for a new Convertible Reserved Instance. For more information, see [Exchange a portion of a Convertible Reserved Instance](#ri-split-convertible). For more information about modifying your Reserved Instances, see [Modify Reserved Instances](ri-modifying.md). + All Upfront Convertible Reserved Instances can be exchanged for Partial Upfront Convertible Reserved Instances, and vice versa. **Note** If the total upfront payment required for the exchange (true-up cost) is less than \$10.00, AWS automatically gives you a quantity of instances in the Convertible Reserved Instance that ensures that true-up cost is \$10.00 or more. **Note** If the total value (upfront price \$1 hourly price \$1 number of remaining hours) of the new Convertible Reserved Instance is less than the total value of the exchanged Convertible Reserved Instance, AWS automatically gives you a quantity of instances in the Convertible Reserved Instance that ensures that the total value is the same or higher than that of the exchanged Convertible Reserved Instance. + To benefit from better pricing, you can exchange a No Upfront Convertible Reserved Instance for an All Upfront or Partial Upfront Convertible Reserved Instance. + You can't exchange All Upfront and Partial Upfront Convertible Reserved Instances for No Upfront Convertible Reserved Instances. + You can exchange a No Upfront Convertible Reserved Instance for another No Upfront Convertible Reserved Instance only if the new Convertible Reserved Instance's hourly price is the same or higher than the exchanged Convertible Reserved Instance's hourly price. **Note** If the total value (hourly price \$1 number of remaining hours) of the new Convertible Reserved Instance is less than the total value of the exchanged Convertible Reserved Instance, AWS automatically gives you a quantity of instances in the Convertible Reserved Instance that ensures that the total value is the same or higher than that of the exchanged Convertible Reserved Instance. + If you exchange multiple Convertible Reserved Instances that have different expiration dates, the expiration date for the new Convertible Reserved Instance is the date that's furthest in the future. + If you exchange a single Convertible Reserved Instance, it must have the same term (1-year or 3-years) as the new Convertible Reserved Instance. If you merge multiple Convertible Reserved Instances with different term lengths, the new Convertible Reserved Instance has a 3-year term. For more information, see [Merge Convertible Reserved Instances](#ri-merge-convertible). + When Amazon EC2 exchanges a Convertible Reserved Instance, it retires the associated reservation, and transfers the end date to the new reservation. After the exchange, Amazon EC2 sets both the end date for the old reservation and the start date for the new reservation equal to the date of the exchange. For example, if you exchange a three-year reservation that had 16 months left in its term, the new reservation is a 16-month reservation with the same end date as the reservation from the Convertible Reserved Instance that you exchanged. ## Calculate Convertible Reserved Instances exchanges Exchanging Convertible Reserved Instances is free. However, you might be required to pay a true-up cost, which is a prorated upfront cost of the difference between the Convertible Reserved Instances that you had and the new Convertible Reserved Instances that you receive from the exchange. Each Convertible Reserved Instance has a list value. This list value is compared to the list value of the Convertible Reserved Instances that you want in order to determine how many instance reservations you can receive from the exchange. For example: You have 1 x \$135-list value Convertible Reserved Instance that you want to exchange for a new instance type with a list value of \$110. ``` $35/$10 = 3.5 ``` You can exchange your Convertible Reserved Instance for three \$110 Convertible Reserved Instances. It's not possible to purchase half reservations; therefore you must purchase an additional Convertible Reserved Instance to cover the remainder: ``` 3.5 = 3 whole Convertible Reserved Instances + 1 additional Convertible Reserved Instance ``` The fourth Convertible Reserved Instance has the same end date as the other three. If you are exchanging Partial or All Upfront Convertible Reserved Instances, you pay the true-up cost for the fourth reservation. If the remaining upfront cost of your Convertible Reserved Instances is \$1500, and the new reservation would normally cost \$1600 on a prorated basis, you are charged \$1100. ``` $600 prorated upfront cost of new reservations - $500 remaining upfront cost of old reservations = $100 difference ``` ## Merge Convertible Reserved Instances If you merge two or more Convertible Reserved Instances, the term of the new Convertible Reserved Instance must be the same as the old Convertible Reserved Instances, or the highest of the Convertible Reserved Instances. The expiration date for the new Convertible Reserved Instance is the expiration date that's furthest in the future. For example, you have the following Convertible Reserved Instances in your account: | Reserved Instance ID | Term | Expiration date | | --- | --- | --- | | aaaa1111 | 1-year | 2018-12-31 | | bbbb2222 | 1-year | 2018-07-31 | | cccc3333 | 3-year | 2018-06-30 | | dddd4444 | 3-year | 2019-12-31 | + You can merge `aaaa1111` and `bbbb2222` and exchange them for a 1-year Convertible Reserved Instance. You cannot exchange them for a 3-year Convertible Reserved Instance. The expiration date of the new Convertible Reserved Instance is 2018-12-31. + You can merge `bbbb2222` and `cccc3333` and exchange them for a 3-year Convertible Reserved Instance. You cannot exchange them for a 1-year Convertible Reserved Instance. The expiration date of the new Convertible Reserved Instance is 2018-07-31. + You can merge `cccc3333` and `dddd4444` and exchange them for a 3-year Convertible Reserved Instance. You cannot exchange them for a 1-year Convertible Reserved Instance. The expiration date of the new Convertible Reserved Instance is 2019-12-31. ## Exchange a portion of a Convertible Reserved Instance You can use the modification process to split your Convertible Reserved Instance into smaller reservations, and then exchange one or more of the new reservations for a new Convertible Reserved Instance. The following examples demonstrate how you can do this. **Example: Convertible Reserved Instance with multiple instances** In this example, you have a `t2.micro` Convertible Reserved Instance with four instances in the reservation. To exchange two `t2.micro` instances for an `m4.xlarge` instance: 1. Modify the `t2.micro` Convertible Reserved Instance by splitting it into two `t2.micro` Convertible Reserved Instances with two instances each. 1. Exchange one of the new `t2.micro` Convertible Reserved Instances for an `m4.xlarge` Convertible Reserved Instance. ![\[Modifying and exchange Reserved Instances.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-split-cri-multiple.png) **Example: Convertible Reserved Instance with a single instance** In this example, you have a `t2.large` Convertible Reserved Instance. To change it to a smaller `t2.medium` instance and a `m3.medium` instance: 1. Modify the `t2.large` Convertible Reserved Instance by splitting it into two `t2.medium` Convertible Reserved Instances. A single `t2.large` instance has the same instance size footprint as two `t2.medium` instances. 1. Exchange one of the new `t2.medium` Convertible Reserved Instances for an `m3.medium` Convertible Reserved Instance. ![\[Modify and exchange Reserved Instances.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-split-cri-single.png) For more information, see [Support for modifying instance sizes](ri-modifying.md#ri-modification-instancemove) and [Submit exchange requests](#ri-exchange-process). ## Submit exchange requests You can exchange your Convertible Reserved Instances. Reserved Instances that are exchanged are retired. ------ #### [ Console ] **To exchange Convertible Reserved Instances** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Reserved Instances**, select the Convertible Reserved Instances to exchange, and choose **Actions**, **Exchange Reserved Instance**. 1. Select the attributes of the desired configuration, and choose **Find offering**. 1. Select a new Convertible Reserved Instance. At the bottom of the screen, you can view the number of Reserved Instances that you receive for the exchange, and any additional costs. 1. When you have selected a Convertible Reserved Instance that meets your needs, choose **Review**. 1. Choose **Exchange**, and then **Close**. ------ #### [ AWS CLI ] **To exchange a Convertible Reserved Instance** 1. Find a new Convertible Reserved Instance that meets your needs by using the [describe-reserved-instances-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances-offerings.html) command. 1. Get a quote for the exchange by using the [get-reserved-instances-exchange-quote](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-reserved-instances-exchange-quote.html) command. This includes the number of Reserved Instances you get from the exchange, and the true-up cost for the exchange: 1. Perform the exchange by using the [accept-reserved-instances-exchange-quote](https://docs.aws.amazon.com/cli/latest/reference/ec2/accept-reserved-instances-exchange-quote.html) command. ------ #### [ PowerShell ] **To exchange a Convertible Reserved Instance** 1. Find a new Convertible Reserved Instance that meets your needs by using the [Get-EC2ReservedInstancesOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesOffering.html) cmdlet. 1. Get a quote for the exchange by using the [GetEC2-ReservedInstancesExchangeQuote](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstancesExchangeQuote.html) cmdlet. This includes the number of Reserved Instances you get from the exchange, and the true-up cost for the exchange: 1. Perform the exchange by using the [Approve-EC2ReservedInstancesExchangeQuote](https://docs.aws.amazon.com/powershell/latest/reference/items/Approve-EC2ReservedInstancesExchangeQuote.html) cmdlet ------ # Reserved Instance quotas You can purchase new Reserved Instances each month. The number of new Reserved Instances that you can purchase each month is determined by your monthly quota, as follows: **** | Quota description | Default quota | | --- | --- | | New [regional](apply_ri.md#apply-regional-ri) Reserved Instances | 20 per Region per month | | New [zonal](apply_ri.md#apply-zonal-ri) Reserved Instances | 20 per Availability Zone per month | For example, in a Region with three Availability Zones, the default quota is 80 new Reserved Instances per month, calculated as follows: + 20 regional Reserved Instances for the Region + Plus 60 zonal Reserved Instances (20 for each of the three Availability Zones) Instances in the `running` state count toward your quota. Instances that are in the `pending`, `stopping`, `stopped`, and `hibernated` states do not count towards your quota. ## View the number of Reserved Instances you have purchased The number of Reserved Instances that you purchase is indicated by the **Instance count** field (console) or the `InstanceCount` parameter (AWS CLI). When you purchase new Reserved Instances, the quota is measured against the total instance count. For example, if you purchase a single Reserved Instance configuration with an instance count of 10, the purchase counts towards your quota as 10, not 1. You can view how many Reserved Instances you have purchased by using the Amazon EC2 or the AWS CLI. ------ #### [ Console ] **To view the number of Reserved Instances you have purchased** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Reserved Instances**. 1. Select a Reserved Instance configuration from the table, and check the **Instance count** field. In the following screenshot, the selected line represents a single Reserved Instance configuration for a `t3.micro` instance type. The **Instance count** column in the table view and the **Instance count** field in the detail view (outlined in the screenshot) indicate that there are 10 Reserved Instances for this configuration. ![\[This image shows the Reserved Instances screen in the Amazon EC2 console. The Instance count field is outlined in the screenshot.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ri-instance-count.png) ------ #### [ AWS CLI ] **To view the number of Reserved Instances you have purchased** Use the [ describe-reserved-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-reserved-instances.html) command and specify the ID of the Reserved Instance configuration. ``` aws ec2 describe-reserved-instances \ --reserved-instances-ids a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ --output table ``` The following is example output. The `InstanceCount` field indicates that there are 10 Reserved Instances for this configuration. ``` ------------------------------------------------------------------- | DescribeReservedInstances | +-----------------------------------------------------------------+ || ReservedInstances || |+----------------------+----------------------------------------+| || CurrencyCode | USD || || Duration | 31536000 || || End | 2023-08-27T13:29:44+00:00 || || FixedPrice | 59.0 || || InstanceCount | 10 || || InstanceTenancy | default || || InstanceType | t3.micro || || OfferingClass | standard || || OfferingType | All Upfront || || ProductDescription | Linux/UNIX || || ReservedInstancesId | a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 || || Scope | Region || || Start | 2022-08-27T13:29:45.938000+00:00 || || State | active || || UsagePrice | 0.0 || |+----------------------+----------------------------------------+| ||| RecurringCharges ||| ||+----------------------------------+--------------------------+|| ||| Amount | 0.0 ||| ||| Frequency | Hourly ||| ||+----------------------------------+--------------------------+|| ``` ------ #### [ PowerShell ] **To view the number of Reserved Instances you have purchased** Use the [ Get-EC2ReservedInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ReservedInstance.html) Cmdlet and specify the ID of the Reserved Instance configuration. ``` Get-EC2ReservedInstance -ReservedInstancesId a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` The following is example output. The `InstanceCount` field indicates that there are 10 Reserved Instances for this configuration. ``` AvailabilityZone : CurrencyCode : USD Duration : 31536000 End : 1/12/2017 8:57:08 PM FixedPrice : 0 InstanceCount : 10 InstanceTenancy : default InstanceType : t3.medium OfferingClass : standard OfferingType : All Upfront ProductDescription : Windows RecurringCharges : {} ReservedInstancesId : a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 Scope : Region Start : 10/12/2016 4:00:00 PM State : active Tags : {} UsagePrice : 0 ``` ------ ## Considerations A regional Reserved Instance applies a discount to a running On-Demand Instance. The default On-Demand Instance limit is 20. You cannot exceed your running On-Demand Instance limit by purchasing regional Reserved Instances. For example, if you already have 20 running On-Demand Instances, and you purchase 20 regional Reserved Instances, the 20 regional Reserved Instances are used to apply a discount to the 20 running On-Demand Instances. If you purchase more regional Reserved Instances, you will not be able to launch more instances because you have reached your On-Demand Instance limit. Before purchasing regional Reserved Instances, make sure your On-Demand Instance limit matches or exceeds the number of regional Reserved Instances you intend to own. If required, make sure you request an increase to your On-Demand Instance limit *before* purchasing more regional Reserved Instances. A zonal Reserved Instance—a Reserved Instance that is purchased for a specific Availability Zone—provides a capacity reservation as well as a discount. You *can exceed* your running On-Demand Instance limit by purchasing zonal Reserved Instances. For example, if you already have 20 running On-Demand Instances, and you purchase 20 zonal Reserved Instances, you can launch a further 20 On-Demand Instances that match the specifications of your zonal Reserved Instances, giving you a total of 40 running instances. ## View your Reserved Instance quotas and request a quota increase The Amazon EC2 console provides quota information. You can also request an increase in your quotas. For more information, see [View your current quotas](ec2-resource-limits.md#view-limits) and [Request an increase](ec2-resource-limits.md#request-increase). # Spot Instances A Spot Instance is an instance that uses spare EC2 capacity that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and is adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. For more information, see [Amazon EC2 Spot Instances](https://aws.amazon.com/ec2/spot/). For a comparison of the different purchasing options for EC2 instances, see [Amazon EC2 billing and purchasing options](instance-purchasing-options.md). ## Concepts Before you get started with Spot Instances, you should be familiar with the following concepts: + *Spot capacity pool* – A set of unused EC2 instances with the same instance type (for example, `m5.large`) and Availability Zone. + *Spot price* – The current price of a Spot Instance per hour. + *Spot Instance request* – Requests a Spot Instance. When capacity is available, Amazon EC2 fulfills your request. A Spot Instance request is either *one-time* or *persistent*. Amazon EC2 automatically resubmits a persistent Spot Instance request after the Spot Instance associated with the request is interrupted. + *EC2 instance rebalance recommendation* – Amazon EC2 emits an instance rebalance recommendation signal to notify you that a Spot Instance is at an elevated risk of interruption. This signal provides an opportunity to proactively rebalance your workloads across existing or new Spot Instances without having to wait for the two-minute Spot Instance interruption notice. + *Spot Instance interruption* – Amazon EC2 terminates, stops, or hibernates your Spot Instance when Amazon EC2 needs the capacity back. Amazon EC2 provides a Spot Instance interruption notice, which gives the instance a two-minute warning before it is interrupted. ## Differences between Spot Instances and On-Demand Instances The following table lists the key differences between Spot Instances and [On-Demand Instances](ec2-on-demand-instances.md). | | Spot Instances | On-Demand Instances | | --- | --- | --- | | Launch time | Can only be launched immediately if the Spot Instance request is active and capacity is available. | Can only be launched immediately if you make a manual launch request and capacity is available. | | Available capacity | If capacity is not available, the Spot Instance request continues to automatically make the launch request until capacity becomes available. | If capacity is not available when you make a launch request, you get an insufficient capacity error (ICE). | | Hourly price | The hourly price for Spot Instances varies based on long-term supply and demand. | The hourly price for On-Demand Instances is static. | | Rebalance recommendation | The signal that Amazon EC2 emits for a running Spot Instance when the instance is at an elevated risk of interruption. | You determine when an On-Demand Instance is interrupted (stopped, hibernated, or terminated). | | Instance interruption | You can stop and start an Amazon EBS-backed Spot Instance. In addition, Amazon EC2 can [interrupt](spot-interruptions.md) an individual Spot Instance if capacity is no longer available. | You determine when an On-Demand Instance is interrupted (stopped, hibernated, or terminated). | ## Pricing and savings You pay the Spot price for Spot Instances, which is set by Amazon EC2 and adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instances run until you terminate them, capacity is no longer available, or your Amazon EC2 Auto Scaling group terminates them during [scale in](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-lifecycle.html#as-lifecycle-scale-in). If you or Amazon EC2 interrupts a running Spot Instance, you are charged for the seconds used or the full hour, or you receive no charge, depending on the operating system used and who interrupted the Spot Instance. For more information, see [Billing for interrupted Spot Instances](billing-for-interrupted-spot-instances.md). Spot Instances are not covered by Savings Plans. If you have a Savings Plans, it does not provide additional savings on top of the savings that you already get from using Spot Instances. Furthermore, your spend on Spot Instances does not apply the commitments in your Compute Savings Plans. ### View prices To view the current (updated every five minutes) lowest Spot price per AWS Region and instance type, see the [Amazon EC2 Spot Instances Pricing](https://aws.amazon.com/ec2/spot/pricing/) page. To view the Spot price history for the past three months, use the Amazon EC2 console or the [describe-spot-price-history](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-spot-price-history.html) command. For more information, see [View Spot Instance pricing history](using-spot-instances-history.md). We independently map Availability Zones to codes for each AWS account. Therefore, you can get different results for the same Availability Zone code (for example, `us-west-2a`) between different accounts. ### View savings You can view the savings made from using Spot Instances for a single [Spot Fleet](Fleets.md) or for all Spot Instances. You can view the savings made in the last hour or the last three days, and you can view the average cost per vCPU hour and per memory (GiB) hour. Savings are estimated and may differ from actual savings because they do not include the billing adjustments for your usage. For more information about viewing savings information, see [Savings from purchasing Spot Instances](spot-savings.md). ### View billing Your bill provides details about your service usage. For more information, see [Viewing your bill](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/getting-viewing-bill.html) in the *AWS Billing User Guide*. # Best practices for Amazon EC2 Spot Best practices Amazon EC2 provides access to spare EC2 compute capacity in the AWS Cloud through Spot Instances at savings of up to 90% compared to On-Demand prices. The only difference between On-Demand Instances and Spot Instances is that Spot Instances can be interrupted by Amazon EC2, with two minutes of notice, if Amazon EC2 needs to reclaim the capacity. To ensure the best experience with Spot Instances, it's important to understand and apply best practices for their use. Spot Instances are recommended for stateless, fault-tolerant, flexible applications. For example, Spot Instances work well for big data, containerized workloads, CI/CD, stateless web servers, high performance computing (HPC), and rendering workloads. While running, Spot Instances are exactly the same as On-Demand Instances. However, Spot does not guarantee that you can keep your running instances long enough to finish your workloads. Spot also does not guarantee that you can get immediate availability of the instances that you are looking for, or that you can always get the aggregate capacity that you requested. Moreover, Spot Instance interruptions and capacity can change over time because Spot Instance availability varies based on supply and demand, and past performance isn’t a guarantee of future results. Spot Instances are not suitable for workloads that are inflexible, stateful, fault-intolerant, or tightly coupled between instance nodes. We do not recommend Spot Instances for workloads that are intolerant of occasional periods when the entire target capacity is not completely available. While following Spot best practices to be flexible about instance types and Availability Zones provides the best chance for high availability, there are no guarantees that capacity will be available, because surges in demand for On-Demand Instances can disrupt workloads on Spot Instances. We strongly discourage using Spot Instances for these workloads or attempting to fail over to On-Demand Instances to handle interruptions or periods of unavailability. Failing over to On-Demand Instances can inadvertently drive interruptions for your other Spot Instances. In addition if Spot Instances for a combination of instance type and Availability Zone get interrupted, it might become difficult for you to get On-Demand Instances with that same combination. Regardless of whether you're an experienced Spot user or new to Spot Instances, if you are currently experiencing issues with Spot Instance interruptions or availability, we recommend that you follow these best practices to have the best experience using the Spot service. **Topics** + [ ## Prepare individual instances for interruptions ](#prep-instances-for-interruptions) + [ ## Be flexible about instance types and Availability Zones ](#be-instance-type-flexible) + [ ## Use attribute-based instance type selection ](#use-attribute-based-instance-type-selection) + [ ## Use Spot placement scores to identify optimal Regions and Availability Zones ](#use-spot-placement-scores-to-identify-optimal-regions-and-availability-zones) + [ ## Use EC2 Auto Scaling groups or EC2 Fleet to manage your aggregate capacity ](#use-sf-asg-for-aggregate-capacity) + [ ## Use the price and capacity optimized allocation strategy ](#use-capacity-optimized-allocation-strategy) + [ ## Use integrated AWS services to manage your Spot Instances ](#use-integrated-aws-services) + [ ## Which is the best Spot request method to use? ](#which-spot-request-method-to-use) ## Prepare individual instances for interruptions The best way for you to gracefully handle Spot Instance interruptions is to architect your application to be fault-tolerant. To accomplish this, you can take advantage of EC2 instance rebalance recommendations and Spot Instance interruption notices. An EC2 Instance rebalance recommendation is a signal that notifies you when a Spot Instance is at an elevated risk of interruption. The signal gives you the opportunity to proactively manage the Spot Instance in advance of the two-minute Spot Instance interruption notice. You can decide to rebalance your workload to new or existing Spot Instances that are not at an elevated risk of interruption. We've made it easy for you to use this signal by using the Capacity Rebalancing feature in Auto Scaling groups and EC2 Fleet. A Spot Instance interruption notice is a warning that is issued two minutes before Amazon EC2 interrupts a Spot Instance. If your workload is "time-flexible," you can configure your Spot Instances to be stopped or hibernated, instead of being terminated, when they are interrupted. Amazon EC2 automatically stops or hibernates your Spot Instances on interruption, and automatically resumes the instances when we have available capacity. We recommend that you create a rule in [Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/index.html) that captures the rebalance recommendations and interruption notifications, and then triggers a checkpoint for the progress of your workload or gracefully handles the interruption. For more information, see [Monitor rebalance recommendation signals](rebalance-recommendations.md#monitor-rebalance-recommendations). For a detailed example that walks you through how to create and use event rules, see [Taking Advantage of Amazon EC2 Spot Instance Interruption Notices](https://aws.amazon.com/blogs/compute/taking-advantage-of-amazon-ec2-spot-instance-interruption-notices/). For more information, see [EC2 instance rebalance recommendations](rebalance-recommendations.md) and [Spot Instance interruptions](spot-interruptions.md). ## Be flexible about instance types and Availability Zones A Spot capacity pool is a set of unused EC2 instances with the same instance type (for example, `m5.large`) and Availability Zone (for example, us-east-1a). You should be flexible about which instance types you request and in which Availability Zones you can deploy your workload. This gives Spot a better chance to find and allocate your required amount of compute capacity. For example, don't just ask for `c5.large` if you'd be willing to use larges from the c4, m5, and m4 families. Depending on your specific needs, you can evaluate which instance types you can be flexible across to fulfill your compute requirements. If a workload can be vertically scaled, you should include larger instance types (more vCPUs and memory) in your requests. If you can only scale horizontally, you should include older generation instance types because they are less in demand from On-Demand customers. A good rule of thumb is to be flexible across at least 10 instance types for each workload. In addition, make sure that all Availability Zones are configured for use in your VPC and selected for your workload. ## Use attribute-based instance type selection With attribute-based instance type selection, you can specify instance attributes—such as vCPUs, memory, and storage—for the workload you want to run. EC2 Auto Scaling or EC2 Fleet will then automatically identify and launch instances that match your specified attributes. This removes the effort required to manually select specific instance types, which requires an in-depth understanding of each instance type's offering. Moreover, attribute-based instance type selection enables you to automatically use newly released instance types as they become available. This ensures seamless access to an increasingly broad range of Spot Instance capacity. Attribute-based instance type selection is ideal for workloads and frameworks that can be flexible about the instance types they run on, such as High Performance Computing (HPC) and big data workloads. For more information, see [Create mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) in the *Amazon EC2 Auto Scaling User Guide* and [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](ec2-fleet-attribute-based-instance-type-selection.md) in this guide. ## Use Spot placement scores to identify optimal Regions and Availability Zones Spot Instances are unused EC2 capacity, and this capacity fluctuates based on EC2 supply and demand. As a result, you might not always get the exact Spot capacity that you require in a specific location at a specific time. To mitigate this unpredictability, you can use the Spot placement score feature. This feature provides recommendations for Regions or Availability Zones that are more likely to have sufficient capacity to meet your Spot capacity needs without requiring you to launch Spot Instances in those locations first. Spot placement score is best used for workloads that can be flexible about the instance types and the Region or Availability Zone they can use. All you need to do is specify the Spot capacity that you need, your instance type requirements, and whether you want a recommendations for Regions or Availability Zones. In return, you receive a score ranging from 1 to 10 for each Region or Availability Zone, indicating the likelihood of successfully provisioning your requested Spot capacity in that location. A score of 10 indicates that your Spot request is highly likely to succeed. It's important to note that a Spot placement score is a point-in-time recommendation, because capacity can vary over time. It does not guarantee available capacity or predict the risk of interruption. You can use the Spot placement score feature in the Amazon EC2 console, AWS CLI, or an SDK. For more information, see [Spot placement score](spot-placement-score.md). ## Use EC2 Auto Scaling groups or EC2 Fleet to manage your aggregate capacity Spot enables you to think in terms of aggregate capacity—in units that include vCPUs, memory, storage, or network throughput—rather than thinking in terms of individual instances. Auto Scaling groups and EC2 Fleet enable you to launch and maintain a target capacity, and to automatically request resources to replace any that are disrupted or manually terminated. When you configure an Auto Scaling group or an EC2 Fleet, you need only specify the instance types and target capacity based on your application needs. For more information, see [Auto Scaling groups](https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-groups.html) in the *Amazon EC2 Auto Scaling User Guide* and [Create an EC2 Fleet](create-ec2-fleet.md) in this user guide. ## Use the price and capacity optimized allocation strategy Allocation strategies in Auto Scaling groups help you to provision your target capacity without the need to manually look for the Spot capacity pools with spare capacity. We recommend using the `price-capacity-optimized` strategy because this strategy automatically provisions instances from the most-available Spot capacity pools that also have the lowest possible price. You can also take advantage of the `price-capacity-optimized` allocation strategy in EC2 Fleet. Because your Spot Instance capacity is sourced from pools with optimal capacity, this decreases the possibility that your Spot Instances are reclaimed. For more information, see [Allocation strategies for multiple instance types](https://docs.aws.amazon.com/autoscaling/ec2/userguide/allocation-strategies.html) in the *Amazon EC2 Auto Scaling User Guide* and [When workloads have a high cost of interruption](ec2-fleet-allocation-strategy.md#ec2-fleet-strategy-capacity-optimized) in this user guide. ## Use integrated AWS services to manage your Spot Instances Other AWS services integrate with Spot to reduce overall compute costs without the need to manage the individual instances or fleets. We recommend that you consider the following solutions for your applicable workloads: Amazon EMR, Amazon Elastic Container Service, AWS Batch, Amazon Elastic Kubernetes Service, Amazon SageMaker AI, AWS Elastic Beanstalk, and Amazon GameLift Servers. To learn more about Spot best practices with these services, see the [Amazon EC2 Spot Instances Workshops Website](https://ec2spotworkshops.com/). ## Which is the best Spot request method to use? Use the following table to determine which API to use when requesting Spot Instances. **** | API | When to use? | Use case | Should I use this API? | | --- | --- | --- | --- | | [CreateAutoScalingGroup](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CreateAutoScalingGroup.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html) | Create an Auto Scaling group that manages the lifecycle of your instances while maintaining the desired number of instances. Supports horizontal scaling (adding more instances) between specified minimum and maximum limits. | Yes | | [CreateFleet](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html) | Create a fleet of both On-Demand Instances and Spot Instances in a single request, with multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. The Spot Instance allocation strategy defaults to `lowest-price` per unit, but you can change it to `price-capacity-optimized`, `capacity-optimized`, or `diversified`. | Yes – in `instant` mode if you don’t need auto scaling | | [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html) | Launch a specified number of instances using an AMI and one instance type. | No – because RunInstances does not allow mixed instance types in a single request | | [RequestSpotFleet](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotFleet.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html) | DO NOT USE. RequestSpotFleet is legacy API with no planned investment. | No | | [RequestSpotInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html) | DO NOT USE. RequestSpotInstances is legacy API with no planned investment. | No | # How Spot Instances work To launch a Spot Instance, either you create a *Spot Instance request*, or Amazon EC2 creates a Spot Instance request on your behalf. The Spot Instance launches when the Spot Instance request is fulfilled. You can launch a Spot Instance using several different services. For more information, see [Getting Started with Amazon EC2 Spot Instances](https://aws.amazon.com/ec2/spot/getting-started/). In this user guide, we describe the following ways to launch a Spot Instance using EC2: + You can create a Spot Instance request by using the [launch instance wizard](ec2-launch-instance-wizard.md) in the Amazon EC2 console or the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command. For more information, see [Manage your Spot Instances](using-spot-instances-request.md). + You can create an EC2 Fleet, in which you specify the desired number of Spot Instances. Amazon EC2 creates a Spot Instance request on your behalf for every Spot Instance that is specified in the EC2 Fleet. For more information, see [Create an EC2 Fleet](create-ec2-fleet.md). + You can create a Spot Fleet request, in which you specify the desired number of Spot Instances. Amazon EC2 creates a Spot Instance request on your behalf for every Spot Instance that is specified in the Spot Fleet request. For more information, see [Create a Spot Fleet](create-spot-fleet.md). Your Spot Instance launches if there is available capacity. Your Spot Instance runs until you stop or terminate it, or until Amazon EC2 interrupts it (known as a *Spot Instance interruption*). Amazon EC2 can stop, terminate, or hibernate a Spot Instance when it interrupts it. When you use Spot Instances, you must be prepared for interruptions. Amazon EC2 can interrupt your Spot Instance when the demand for Spot Instances rises or when the supply of Spot Instances decreases. When Amazon EC2 interrupts a Spot Instance, it provides a Spot Instance interruption notice, which gives the instance a two-minute warning before Amazon EC2 interrupts it. You can't enable termination protection for Spot Instances. For more information, see [Spot Instance interruptions](spot-interruptions.md). **Topics** + [ ## Spot Instance request states ](#creating-spot-request-status) + [ ## Launch Spot Instances in a launch group ](#spot-launch-group) + [ ## Launch Spot Instances in an Availability Zone group ](#spot-az-group) + [ ## Launch Spot Instances in a VPC ](#concepts-spot-instances-vpcs) + [ ## Launch burstable performance instances ](#burstable-spot-instances) + [ ## Launch on single-tenant hardware ](#spot-instance-tenancy) ## Spot Instance request states A Spot Instance request can be in one of the following states: + `open` – The request is waiting to be fulfilled. + `active` – The request is fulfilled and has an associated Spot Instance. + `failed` – The request has one or more bad parameters. + `closed` – The Spot Instance was interrupted or terminated. + `disabled` – You stopped the Spot Instance. + `cancelled` – You canceled the request, or the request expired. The following illustration represents the transitions between the request states. Notice that the transitions depend on the request type (one-time or persistent). ![\[Spot Instance request states.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/spot_request_states.png) A one-time Spot Instance request remains active until Amazon EC2 launches the Spot Instance, the request expires, or you cancel the request. If capacity is not available, your Spot Instance is terminated and the Spot Instance request is closed. A persistent Spot Instance request remains active until it expires or you cancel it, even if the request is fulfilled. If capacity is not available, your Spot Instance is interrupted. After your instance is interrupted, when capacity becomes available again, the Spot Instance is started if stopped or resumed if hibernated. You can stop a Spot Instance and start it again if capacity is available. If the Spot Instance is terminated (irrespective of whether the Spot Instance is in a stopped or running state), the Spot Instance request is opened again and Amazon EC2 launches a new Spot Instance. For more information, see [Stop a Spot Instance](using-spot-instances-request.md#stopping-a-spot-instance), [Start a Spot Instance](using-spot-instances-request.md#starting-a-spot-instance), and [Terminate a Spot Instance](using-spot-instances-request.md#terminating-a-spot-instance). You can track the status of your Spot Instance requests, as well as the status of the Spot Instances launched, through the status. For more information, see [Get the status of a Spot Instance request](spot-request-status.md). ## Launch Spot Instances in a launch group Specify a launch group in your Spot Instance request to tell Amazon EC2 to launch a set of Spot Instances only if it can launch them all. In addition, if the Spot service must terminate one of the instances in a launch group, it must terminate them all. However, if you terminate one or more of the instances in a launch group, Amazon EC2 does not terminate the remaining instances in the launch group. Although this option can be useful, adding this constraint can decrease the chances that your Spot Instance request is fulfilled and increase the chances that your Spot Instances are terminated. For example, your launch group includes instances in multiple Availability Zones. If capacity in one of these Availability Zones decreases and is no longer available, then Amazon EC2 terminates all instances for the launch group. If you create another successful Spot Instance request that specifies the same (existing) launch group as an earlier successful request, then the new instances are added to the launch group. Subsequently, if an instance in this launch group is terminated, all instances in the launch group are terminated, which includes instances launched by the first and second requests. ## Launch Spot Instances in an Availability Zone group Specify an Availability Zone group in your Spot Instance request to tell Amazon EC2 to launch a set of Spot Instances in the same Availability Zone. Amazon EC2 need not interrupt all instances in an Availability Zone group at the same time. If Amazon EC2 must interrupt one of the instances in an Availability Zone group, the others remain running. Although this option can be useful, adding this constraint can lower the chances that your Spot Instance request is fulfilled. If you specify an Availability Zone group but don't specify an Availability Zone in the Spot Instance request, the result depends on the network you specified. **Default VPC** Amazon EC2 uses the Availability Zone for the specified subnet. If you don't specify a subnet, it selects an Availability Zone and its default subnet, but not necessarily the lowest-priced zone. If you deleted the default subnet for an Availability Zone, then you must specify a different subnet. **Nondefault VPC** Amazon EC2 uses the Availability Zone for the specified subnet. ## Launch Spot Instances in a VPC You specify a subnet for your Spot Instances the same way that you specify a subnet for your On-Demand Instances. + [Default VPC] If you want your Spot Instance launched in a specific low-priced Availability Zone, you must specify the corresponding subnet in your Spot Instance request. If you do not specify a subnet, Amazon EC2 selects one for you, and the Availability Zone for this subnet might not have the lowest Spot price. + [Nondefault VPC] You must specify the subnet for your Spot Instance. ## Launch burstable performance instances The T instance types are [burstable performance instances](burstable-performance-instances.md). If you launch your Spot Instances using a burstable performance instance type, and if you plan to use your burstable performance Spot Instances immediately and for a short duration, with no idle time for accruing CPU credits, we recommend that you launch them in [Standard mode](burstable-performance-instances-standard-mode.md) to avoid paying higher costs. If you launch burstable performance Spot Instances in [Unlimited mode](burstable-performance-instances-unlimited-mode.md) and burst CPU immediately, you'll spend surplus credits for bursting. If you use the instance for a short duration, the instance doesn't have time to accrue CPU credits to pay down the surplus credits, and you are charged for the surplus credits when you terminate the instance. Unlimited mode is suitable for burstable performance Spot Instances only if the instance runs long enough to accrue CPU credits for bursting. Otherwise, paying for surplus credits makes burstable performance Spot Instances more expensive than using other instances. For more information, see [When to use unlimited mode versus fixed CPU](burstable-performance-instances-unlimited-mode-concepts.md#when-to-use-unlimited-mode). T2 instances, when configured in [Standard mode](burstable-performance-instances-standard-mode.md), get [launch credits](burstable-performance-instances-standard-mode-concepts.md#launch-credits). T2 instances are the only burstable performance instances that get launch credits. Launch credits are meant to provide a productive initial launch experience for T2 instances by providing sufficient compute resources to configure the instance. Repeated launches of T2 instances to access new launch credits is not permitted. If you require sustained CPU, you can earn credits (by idling over some period), use [Unlimited mode](burstable-performance-instances-unlimited-mode.md) for T2 Spot Instances, or use an instance type with dedicated CPU. ## Launch on single-tenant hardware You can run a Spot Instance on single-tenant hardware. Dedicated Spot Instances are physically isolated from instances that belong to other AWS accounts. For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md) and the [Amazon EC2 Dedicated Instances](https://aws.amazon.com/ec2/pricing/dedicated-instances/). To run a Dedicated Spot Instance, do one of the following: + Specify a tenancy of `dedicated` when you create the Spot Instance request. For more information, see [Manage your Spot Instances](using-spot-instances-request.md). + Request a Spot Instance in a VPC with an instance tenancy of `dedicated`. For more information, see [Launch Dedicated Instances into a VPC with default tenancy](dedicatedinstancesintovpc.md). You can't request a Spot Instance with a tenancy of `default` if you request it in a VPC with an instance tenancy of `dedicated`. All instance families support Dedicated Spot Instances except T instances. For each supported instance family, only the largest instance size or metal size supports Dedicated Spot Instances. # View Spot Instance pricing history View pricing history Spot Instance prices are set by Amazon EC2 and adjust gradually based on long-term trends in supply and demand for Spot Instance capacity. When your Spot request is fulfilled, your Spot Instances launch at the current Spot price, not exceeding the On-Demand price. You can view the Spot price history for the last 90 days, filtering by instance type, operating system, and Availability Zone. For the *current* Spot Instance prices, see [Amazon EC2 Spot Instances Pricing](https://aws.amazon.com/ec2/spot/pricing/). ------ #### [ Console ] **To view the Spot price history** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Choose **Pricing history**. 1. For **Graph**, choose to compare the price history by **Availability Zones** or by **Instance Types**. + If you choose **Availability Zones**, then choose the **Instance type**, operating system (**Platform**), and **Date range** for which to view the price history. + If you choose **Instance Types**, then choose up to five **Instance type(s)**, the **Availability Zone**, operating system (**Platform**), and **Date range** for which to view the price history. The following screenshot shows a price comparison for different instance types. ![\[The Spot Instance pricing history tool in the Amazon EC2 console.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/spot-instance-pricing-history.png) 1. Hover (move your pointer) over the graph to display the prices at specific times in the selected date range. The prices are displayed in the information blocks above the graph. The price displayed in the top row shows the price on a specific date. The price displayed in the second row shows the average price over the selected date range. 1. To display the price per vCPU, toggle on **Display normalized prices**. To display the price for the instance type, toggle off **Display normalized prices**. ------ #### [ AWS CLI ] **To view the Spot price history** Use the following [describe-spot-price-history](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-spot-price-history.html) command. ``` aws ec2 describe-spot-price-history \ --instance-types c6i.xlarge \ --product-descriptions "Linux/UNIX" \ --start-time 2025-04-01T00:00:00 \ --end-time 2025-04-02T00:00:0 ``` ------ #### [ PowerShell ] **To view the Spot price history** Use the [Get-EC2SpotPriceHistory](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2SpotPriceHistory.html) cmdlet. ``` Get-EC2SpotPriceHistory ` -InstanceType c6i.xlarge ` -ProductDescription "Linux/UNIX" ` -UtcStartTime 2025-04-01T00:00:00 ` -UtcEndTime 2025-04-02T00:00:0 ``` ------ # Savings from purchasing Spot Instances View savings You can view the usage and savings information for Spot Instances at the per-fleet level, or for all running Spot Instances. At the per-fleet level, the usage and savings information includes all instances launched and terminated by the fleet. You can view this information from the last hour or the last three days. The following screenshot from the **Savings** section shows the Spot usage and savings information for a Spot Fleet. ![\[The Savings section on the Spot Fleet details page.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/spot-savings.png) You can view the following usage and savings information: + **Spot Instances** – The number of Spot Instances launched and terminated by the Spot Fleet. When viewing the savings summary, the number represents all your running Spot Instances. + **vCPU-hours** – The number of vCPU hours used across all the Spot Instances for the selected time frame. + **Mem(GiB)-hours** – The number of GiB hours used across all the Spot Instances for the selected time frame. + **On-Demand total** – The total amount you would've paid for the selected time frame had you launched these instances as On-Demand Instances. + **Spot total** – The total amount to pay for the selected time frame. + **Savings** – The percentage that you are saving by not paying the On-Demand price. + **Average cost per vCPU-hour** – The average hourly cost of using the vCPUs across all the Spot Instances for the selected time frame, calculated as follows: **Average cost per vCPU-hour** = **Spot total** / **vCPU-hours**. + **Average cost per mem(GiB)-hour** – The average hourly cost of using the GiBs across all the Spot Instances for the selected time frame, calculated as follows: **Average cost per mem(GiB)-hour** = **Spot total** / **Mem(GiB)-hours**. + **Details** table – The different instance types (the number of instances per instance type is in parentheses) that comprise the Spot Fleet. When viewing the savings summary, these comprise all your running Spot Instances. Savings information can only be viewed using the Amazon EC2 console. **To view the savings information for a Spot Fleet** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the navigation pane, choose **Spot Requests**. 1. Select the ID of a Spot Fleet request and scroll to the **Savings** section. Alternatively, select the checkbox next to the Spot Fleet request ID and choose the **Savings** tab. 1. By default, the page displays usage and savings information for the last three days. You can choose **last hour** or the **last three days**. For Spot Fleets that were launched less than an hour ago, the page shows the estimated savings for the hour. **To view the savings information for all running Spot Instances** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the navigation pane, choose **Spot Requests**. 1. Choose **Savings summary**. # Create a Spot Instance request To use Spot Instances, you create a Spot Instance request that includes the desired number of instances, the instance type, and the Availability Zone. If capacity is available, Amazon EC2 fulfills your request immediately. Otherwise, Amazon EC2 waits until your request can be fulfilled or until you cancel the request. You can use the [launch instance wizard](ec2-launch-instance-wizard.md) in the Amazon EC2 console or the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to request a Spot Instance in the same way that you can launch an On-Demand Instance. This method is only recommended for the following reasons: + You're already using the [launch instance wizard](ec2-launch-instance-wizard.md) or [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to launch On-Demand Instances, and you simply want to change to launching Spot Instances by changing a single parameter. + You do not need multiple instances with different instance types. This method is generally not recommended for launching Spot Instances because you can't specify multiple instance types, and you can't launch Spot Instances and On-Demand Instances in the same request. For the preferred methods for launching Spot Instances, which include launching a *fleet* that includes Spot Instances and On-Demand Instances with multiple instance types, see [Which is the best Spot request method to use?](spot-best-practices.md#which-spot-request-method-to-use) If you request multiple Spot Instances at one time, Amazon EC2 creates separate Spot Instance requests so that you can track the status of each request separately. For more information about tracking Spot Instance requests, see [Get the status of a Spot Instance request](spot-request-status.md). ------ #### [ Console ] **To create a Spot Instance request** Steps 1–9 are the same steps you'd use to launch an On-Demand Instance. At Step 10, you configure the Spot Instance request. 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, select a Region. 1. From the Amazon EC2 console dashboard, choose **Launch instance**. 1. (Optional) Under **Name and tags**, you can name your instance, and tag the Spot Instance request, the instance, the volumes, and the elastic graphics. For information about tags, see [Tag your Amazon EC2 resources](Using_Tags.md). 1. For **Name**, enter a descriptive name for your instance. The instance name is a tag, where the key is **Name**, and the value is the name that you specify. If you don't specify a name, the instance can be identified by its ID, which is automatically generated when you launch the instance. 1. To tag the Spot Instance request, the instance, the volumes, and the elastic graphics, choose **Add additional tags**. Choose **Add tag**, and then enter a key and value, and select the resource type to tag. Choose **Add tag** again for each additional tag to add. 1. Under **Application and OS Images (Amazon Machine Image)**, choose the operating system (OS) for your instance, and then select an AMI. For more information, see [Application and OS Images (Amazon Machine Image)](ec2-instance-launch-parameters.md#liw-ami). 1. Under **Instance type**, select the instance type that meets your requirements for the hardware configuration and size of your instance. For more information, see [Instance type](ec2-instance-launch-parameters.md#liw-instance-type). 1. Under **Key pair (login)**, choose an existing key pair, or choose **Create new key pair** to create a new one. For more information, see [Amazon EC2 key pairs and Amazon EC2 instances](ec2-key-pairs.md). **Important** If you choose the **Proceed without key pair (Not recommended)** option, you won't be able to connect to the instance unless you choose an AMI that is configured to allow users another way to log in. 1. Under **Network settings**, use the default settings, or choose **Edit** to configure the network settings as necessary. Security groups form part of the network settings, and define firewall rules for your instance. These rules specify which incoming network traffic is delivered to your instance. For more information, see [Network settings](ec2-instance-launch-parameters.md#liw-network-settings). 1. The AMI you selected includes one or more volumes of storage, including the root device volume. Under **Configure storage**, you can specify additional volumes to attach to the instance by choosing **Add new volume**. For more information, see [Configure storage](ec2-instance-launch-parameters.md#liw-storage). 1. Under **Advanced details**, configure the Spot Instance request as follows: 1. Under **Purchasing option**, select the **Request Spot Instances** checkbox. 1. You can either keep the default configuration for the Spot Instance request, or choose **Customize** (at the right) to specify custom settings for your Spot Instance request. When you choose **Customize**, the following fields appear. 1. **Maximum price**: You can request Spot Instances at the Spot price, capped at the On-Demand price, or you can specify the maximum amount you're willing to pay. **Warning** If you specify a maximum price, your instances will be interrupted more frequently than if you choose **No maximum price**. If you specify a maximum price, it must be more than USD \$10.001. Specifying a value below USD \$10.001 will result in a failed launch. + **No maximum price**: Your Spot Instance will launch at the current Spot price. The price will never exceed the On-Demand price. (Recommended) + **Set your maximum price (per instance/hour)**: You can specify the maximum amount you're willing pay. + If you specify a maximum price that is less than the current Spot price, your Spot Instance will not launch. + If you specify a maximum price that is more than the current Spot price, your Spot Instance will launch and be charged at the current Spot price. After your Spot Instance is running, if the Spot price rises above your maximum price, Amazon EC2 interrupts your Spot Instance. + Regardless of the maximum price you specify, you will always be charged the current Spot price. To review Spot price trends, see [View Spot Instance pricing history](using-spot-instances-history.md). 1. **Request type**: The Spot Instance request type that you choose determines what happens if your Spot Instance is interrupted. + **One-time**: Amazon EC2 places a one-time request for your Spot Instance. If your Spot Instance is interrupted, the request is not resubmitted. + **Persistent request**: Amazon EC2 places a persistent request for your Spot Instance. If your Spot Instance is interrupted, the request is resubmitted to replenish the interrupted Spot Instance. If you do not specify a value, the default is a one-time request. 1. **Valid to**: The expiration date of a *persistent* Spot Instance request. This field is not supported for one-time requests. A *one-time* request remains active until all the instances in the request launch or you cancel the request. + **No request expiry date**: The request remains active until you cancel it. + **Set your request expiry date**: The persistent request remains active until the date that you specify, or until you cancel it. 1. **Interruption behavior**: The behavior that you choose determines what happens when a Spot Instance is interrupted. + For persistent requests, valid values are **Stop** and **Hibernate**. When an instance is stopped, charges for EBS volume storage apply. **Note** Spot Instances now use the same hibernation functionality as On-Demand Instances. To enable hibernation, you can either choose **Hibernate** here, or you can choose **Enable** from the **Stop - Hibernate behavior** field, which appears lower down in the launch instance wizard. For the hibernation prerequisites, see [Prerequisites for EC2 instance hibernation](hibernating-prerequisites.md). + For one-time requests, only **Terminate** is valid. If you do not specify a value, the default is **Terminate**, which is not valid for a persistent Spot Instance request. If you keep the default and try to launch a persistent Spot Instance request, you'll get an error. For more information, see [Behavior of Spot Instance interruptions](interruption-behavior.md). 1. On the **Summary** panel, for **Number of instances**, enter the number of instances to launch. **Note** Amazon EC2 creates a separate request for each Spot Instance. 1. On the **Summary** panel, review the details of your instance, and make any necessary changes. After you submit your Spot Instance request, you can't change the parameters of the request. You can navigate directly to a section in the launch instance wizard by choosing its link in the **Summary** panel. For more information, see [Summary](ec2-instance-launch-parameters.md#liw-summary). 1. When you're ready to launch your instance, choose **Launch instance**. If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). ------ #### [ AWS CLI ] **To create a Spot Instance request using run-instances** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command and specify the Spot Instance options in the `--instance-market-options` parameter as follows. ``` --instance-market-options file://spot-options.json ``` The following is the data structure to specify in the JSON file. You can also specify `ValidUntil` and `InstanceInterruptionBehavior`. If you do not specify a field in the data structure, the default value is used. The following example creates a `persistent` request. ``` { "MarketType": "spot", "SpotOptions": { "SpotInstanceType": "persistent" } } ``` **To create a Spot Instance request using request-spot-instances** **Note** We strongly discourage using the [request-spot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-instances.html) command to request a Spot Instance because it is a legacy API with no planned investment. For more information, see [Which is the best Spot request method to use?](spot-best-practices.md#which-spot-request-method-to-use) Use the [request-spot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-instances.html) command to create a one-time request. ``` aws ec2 request-spot-instances \ --instance-count 5 \ --type "one-time" \ --launch-specification file://specification.json ``` Use the [request-spot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-instances.html) command to create a persistent request. ``` aws ec2 request-spot-instances \ --instance-count 5 \ --type "persistent" \ --launch-specification file://specification.json ``` For example launch specification files to use with these commands, see [Spot Instance request example launch specifications](spot-request-examples.md). If you download a launch specification file from the Spot Requests console, you must use the [request-spot-fleet](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-fleet.html) command instead (the Spot Requests console specifies a Spot Instance request using a Spot Fleet). ------ #### [ PowerShell ] **To create a Spot Instance request** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet and specify the Spot Instance options using the `-InstanceMarketOption` parameter. ``` -InstanceMarketOptions $marketOptions ``` Create the data structure for the Spot Instance options as follows. ``` $spotOptions = New-Object Amazon.EC2.Model.SpotMarketOptions $spotOptions.SpotInstanceType="persistent" $marketOptions = New-Object Amazon.EC2.Model.InstanceMarketOptionsRequest $marketOptions.MarketType = "spot" $marketOptions.SpotOptions = $spotOptions ``` ------ # Spot Instance request example launch specifications Example launch specifications The following examples show launch configurations that you can use with the [request-spot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-instances.html) command to create a Spot Instance request. For more information, see [Manage your Spot Instances](using-spot-instances-request.md). **Important** We strongly discourage using the [request-spot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-instances.html) command to request a Spot Instance because it is a legacy API with no planned investment. For more information, see [Which is the best Spot request method to use?](spot-best-practices.md#which-spot-request-method-to-use) **Topics** + [ ## Example 1: Launch Spot Instances ](#spot-launch-specification1) + [ ## Example 2: Launch Spot Instances in the specified Availability Zone ](#spot-launch-specification2) + [ ## Example 3: Launch Spot Instances in the specified subnet ](#spot-launch-specification3) + [ ## Example 4: Launch a Dedicated Spot Instance ](#spot-launch-specification4) ## Example 1: Launch Spot Instances The following example does not include an Availability Zone or subnet. Amazon EC2 selects an Availability Zone for you. Amazon EC2 launches the instances in the default subnet of the selected Availability Zone. ``` { "ImageId": "ami-0abcdef1234567890", "KeyName": "my-key-pair", "SecurityGroupIds": [ "sg-1a2b3c4d5e6f7g8h9" ], "InstanceType": "m5.medium", "IamInstanceProfile": { "Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role" } } ``` ## Example 2: Launch Spot Instances in the specified Availability Zone The following example includes an Availability Zone. Amazon EC2 launches the instances in the default subnet of the specified Availability Zone. ``` { "ImageId": "ami-0abcdef1234567890", "KeyName": "my-key-pair", "SecurityGroupIds": [ "sg-1a2b3c4d5e6f7g8h9" ], "InstanceType": "m5.medium", "Placement": { "AvailabilityZone": "us-west-2a" }, "IamInstanceProfile": { "Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role" } } ``` ## Example 3: Launch Spot Instances in the specified subnet The following example includes a subnet. Amazon EC2 launches the instances in the specified subnet. If the VPC is a nondefault VPC, the instance does not receive a public IPv4 address by default. ``` { "ImageId": "ami-0abcdef1234567890", "SecurityGroupIds": [ "sg-1a2b3c4d5e6f7g8h9" ], "InstanceType": "m5.medium", "SubnetId": "subnet-1a2b3c4d", "IamInstanceProfile": { "Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role" } } ``` To assign a public IPv4 address to an instance in a nondefault VPC, specify the `AssociatePublicIpAddress` field as shown in the following example. When you specify a network interface, you must include the subnet ID and security group ID using the network interface, rather than using the `SubnetId` and `SecurityGroupIds` fields shown in the previous code block. ``` { "ImageId": "ami-0abcdef1234567890", "KeyName": "my-key-pair", "InstanceType": "m5.medium", "NetworkInterfaces": [ { "DeviceIndex": 0, "SubnetId": "subnet-1a2b3c4d5e6f7g8h9", "Groups": [ "sg-1a2b3c4d5e6f7g8h9" ], "AssociatePublicIpAddress": true } ], "IamInstanceProfile": { "Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role" } } ``` ## Example 4: Launch a Dedicated Spot Instance The following example requests Spot Instance with a tenancy of `dedicated`. A Dedicated Spot Instance must be launched in a VPC. ``` { "ImageId": "ami-0abcdef1234567890", "KeyName": "my-key-pair", "SecurityGroupIds": [ "sg-1a2b3c4d5e6f7g8h9" ], "InstanceType": "c5.8xlarge", "SubnetId": "subnet-1a2b3c4d5e6f7g8h9", "Placement": { "Tenancy": "dedicated" } } ``` # Get the status of a Spot Instance request To help you track your Spot Instance requests and plan your use of Spot Instances, use the request status provided by Amazon EC2. For example, the request status can provide the reason why your Spot request isn't fulfilled yet, or list the constraints that are preventing the fulfillment of your Spot request. At each step of the process—also called the Spot request *lifecycle*—specific events determine successive request states. The following illustration shows how Spot Instance requests work. Notice that the request type (one-time or persistent) determines whether the request is opened again when Amazon EC2 interrupts a Spot Instance or if you stop a Spot Instance. If the request is persistent, the request is opened again after your Spot Instance is interrupted. If the request is persistent and you stop your Spot Instance, the request only opens after you start your Spot Instance. ![\[How Spot Instance requests work.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/spot_lifecycle.png) **Topics** + [ ## Get request status information ](#get-spot-instance-request-status) + [ ## Spot request status codes ](#spot-instance-request-status-understand) + [ ## EC2 Spot Instance Request Fulfillment event ](#spot-request-fulfillment-event) + [ # State changes for a Spot request ](spot-instances-request-status-lifecycle.md) ## Get request status information You can get status information for your Spot Instance request. ------ #### [ Console ] **To get request status information** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests** and select the Spot request. 1. To check the status, on the **Description** tab, check the **Status** field. ------ #### [ AWS CLI ] **To get request status information** Use the following [describe-spot-instance-requests](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-spot-instance-requests.html) command. ``` aws ec2 describe-spot-instance-requests --spot-instance-request-ids sir-0e54a519c9EXAMPLE ``` ------ #### [ PowerShell ] **To get request status information** Use the [Get-EC2SpotInstanceRequest](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2SpotInstanceRequest.html) cmdlet. ``` Get-EC2SpotInstanceRequest -SpotInstanceRequestId sir-0e54a519c9EXAMPLE ``` ------ ## Spot request status codes Spot request status information is composed of a status code, the update time, and a status message. Together, these help you determine the disposition of your Spot request. The following are the Spot request status codes: `az-group-constraint` Amazon EC2 cannot launch all the instances you requested in the same Availability Zone. `bad-parameters` One or more parameters for your Spot request are not valid (for example, the AMI you specified does not exist). The status message indicates which parameter is not valid. `canceled-before-fulfillment` The user canceled the Spot request before it was fulfilled. `capacity-not-available` There is not enough capacity available for the instances that you requested. `constraint-not-fulfillable` The Spot request can't be fulfilled because one or more constraints are not valid (for example, the Availability Zone does not exist). The status message indicates which constraint is not valid. `fulfilled` The Spot request is `active`, and Amazon EC2 is launching your Spot Instances. `instance-stopped-by-price` Your instance was stopped because the Spot price exceeded your maximum price. `instance-stopped-by-user` Your instance was stopped because a user stopped the instance or ran the shutdown command from the instance. `instance-stopped-no-capacity` Your instance was stopped due to EC2 capacity management needs. `instance-terminated-by-price` Your instance was terminated because the Spot price exceeded your maximum price. If your request is persistent, the process restarts, so your request is pending evaluation. `instance-terminated-by-schedule` Your Spot Instance was terminated at the end of its scheduled duration. `instance-terminated-by-service` Your instance was terminated from a stopped state. `instance-terminated-by-user` or `spot-instance-terminated-by-user` You terminated a Spot Instance that had been fulfilled, so the request state is `closed` (unless it's a persistent request) and the instance state is `terminated`. `instance-terminated-launch-group-constraint` One or more of the instances in your launch group was terminated, so the launch group constraint is no longer fulfilled. `instance-terminated-no-capacity` Your instance was terminated due to standard capacity management processes. `launch-group-constraint` Amazon EC2 cannot launch all the instances that you requested at the same time. All instances in a launch group are started and terminated together. `limit-exceeded` The limit on the number of EBS volumes or total volume storage was exceeded. For more information, see [Quotas for Amazon EBS](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-resource-quotas.html) in the *Amazon EBS User Guide*. `marked-for-stop` The Spot Instance is marked for stopping. `marked-for-termination` The Spot Instance is marked for termination. `not-scheduled-yet` The Spot request is not evaluated until the scheduled date. `pending-evaluation` After you make a Spot Instance request, it goes into the `pending-evaluation` state while the system evaluates the parameters of your request. `pending-fulfillment` Amazon EC2 is trying to provision your Spot Instances. `placement-group-constraint` The Spot request can't be fulfilled yet because a Spot Instance can't be added to the placement group at this time. `price-too-low` The request can't be fulfilled yet because your maximum price is below the Spot price. In this case, no instance is launched and your request remains `open`. `request-canceled-and-instance-running` You canceled the Spot request while the Spot Instances are still running. The request is `cancelled`, but the instances remain `running`. `schedule-expired` The Spot request expired because it was not fulfilled before the specified date. `system-error` There was an unexpected system error. If this is a recurring issue, please contact AWS Support for assistance. ## EC2 Spot Instance Request Fulfillment event When a Spot Instance request is fulfilled, Amazon EC2 sends an EC2 Spot Instance Request Fulfillment event to Amazon EventBridge. You can create a rule to take an action whenever this event occurs, such as invoking a Lambda function or notifying an Amazon SNS topic. The following is example data for this event. ``` { "version": "0", "id": "01234567-1234-0123-1234-012345678901", "detail-type": "EC2 Spot Instance Request Fulfillment", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-2", "resources": ["arn:aws:ec2:us-east-2:123456789012:instance/i-1234567890abcdef0"], "detail": { "spot-instance-request-id": "sir-0e54a519c9EXAMPLE", "instance-id": "i-1234567890abcdef0" } } ``` For more information, see the [Amazon EventBridge User Guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/). # State changes for a Spot request The following diagram shows you the paths that your Spot request can follow throughout its lifecycle, from submission to termination. Each step is depicted as a node, and the status code for each node describes the status of the Spot request and Spot Instance. ![\[Life cycle of a Spot Instance request.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/spot-request-status-diagram.png) **Pending evaluation** As soon as you create a Spot Instance request, it goes into the `pending-evaluation` state unless one or more request parameters are not valid (`bad-parameters`). | Status code | Request state | Instance state | | --- | --- | --- | | pending-evaluation | open | Not applicable | | bad-parameters | closed | Not applicable | **Holding** If one or more request constraints are valid but can't be met yet, or if there is not enough capacity, the request goes into a holding state waiting for the constraints to be met. The request options affect the likelihood of the request being fulfilled. For example, if there is no capacity, your request stays in a holding state until there is available capacity. If you specify an Availability Zone group, the request stays in a holding state until the Availability Zone constraint is met. In the event of an outage of one of the Availability Zones, there is a chance that the spare EC2 capacity available for Spot Instance requests in other Availability Zones can be affected. | Status code | Request state | Instance state | | --- | --- | --- | | capacity-not-available | open | Not applicable | | price-too-low | open | Not applicable | | not-scheduled-yet | open | Not applicable | | launch-group-constraint | open | Not applicable | | az-group-constraint | open | Not applicable | | placement-group-constraint | open | Not applicable | | constraint-not-fulfillable | open | Not applicable | **Pending evaluation/fulfillment-terminal** Your Spot Instance request can go to a `terminal` state if you create a request that is valid only during a specific time period and this time period expires before your request reaches the pending fulfillment phase. It might also happen if you cancel the request, or if a system error occurs. | Status code | Request state | Instance state | | --- | --- | --- | | schedule-expired | cancelled | Not applicable | | canceled-before-fulfillment ¹ | cancelled | Not applicable | | bad-parameters | failed | Not applicable | | system-error | closed | Not applicable | ¹ If you cancel the request. **Pending fulfillment** When the constraints you specified (if any) are met, your Spot request goes into the `pending-fulfillment` state. At this point, Amazon EC2 is getting ready to provision the instances that you requested. If the process stops at this point, it is likely to be because it was canceled by the user before a Spot Instance was launched. It might also be because an unexpected system error occurred. | Status code | Request state | Instance state | | --- | --- | --- | | pending-fulfillment | open | Not applicable | **Fulfilled** When all the specifications for your Spot Instances are met, your Spot request is fulfilled. Amazon EC2 launches the Spot Instances, which can take a few minutes. If a Spot Instance is hibernated or stopped when interrupted, it remains in this state until the request can be fulfilled again or the request is canceled. | Status code | Request state | Instance state | | --- | --- | --- | | fulfilled | active | pending → running | | fulfilled | active | stopped → running | If you stop a Spot Instance, your Spot request goes into the `marked-for-stop` or `instance-stopped-by-user` state until the Spot Instance can be started again or the request is cancelled. | Status code | Request state | Instance state | | --- | --- | --- | | marked-for-stop | active | stopping | | instance-stopped-by-user ¹ | disabled or cancelled ² | stopped | ¹ A Spot Instance goes into the `instance-stopped-by-user` state if you stop the instance or run the shutdown command from the instance. After you've stopped the instance, you can start it again. On restart, the Spot Instance request returns to the `pending-evaluation` state and then Amazon EC2 launches a new Spot Instance when the constraints are met. ² The Spot request state is `disabled` if you stop the Spot Instance but do not cancel the request. The request state is `cancelled` if your Spot Instance is stopped and the request expires. **Fulfilled-terminal** Your Spot Instances continue to run as long as there is available capacity for your instance type, and you don't terminate the instance. If Amazon EC2 must terminate your Spot Instances, the Spot request goes into a terminal state. A request also goes into the terminal state if you cancel the Spot request or terminate the Spot Instances. | Status code | Request state | Instance state | | --- | --- | --- | | request-canceled-and-instance-running | cancelled | running | | marked-for-stop | active | running | | marked-for-termination | active | running | | instance-stopped-by-price | disabled | stopped | | instance-stopped-by-user | disabled | stopped | | instance-stopped-no-capacity | disabled | stopped | | instance-terminated-by-price | closed (one-time), open (persistent) | terminated | | instance-terminated-by-schedule | closed | terminated | | instance-terminated-by-service | cancelled | terminated | | instance-terminated-by-user | closed or cancelled ¹ | terminated | | instance-terminated-no-capacity | closed (one-time), open (persistent) | running † | | instance-terminated-no-capacity | closed (one-time), open (persistent) | terminated | | instance-terminated-launch-group-constraint | closed (one-time), open (persistent) | terminated | ¹ The request state is `closed` if you terminate the instance but do not cancel the request. The request state is `cancelled` if you terminate the instance and cancel the request. Even if you terminate a Spot Instance before you cancel its request, there might be a delay before Amazon EC2 detects that your Spot Instance was terminated. In this case, the request state can either be `closed` or `cancelled`. † When Amazon EC2 interrupts a Spot Instance if it needs the capacity back *and* the instance is configured to *terminate* on interruption, the status is immediately set to `instance-terminated-no-capacity` (it is not set to `marked-for-termination`). However, the instance remains in the `running` state for 2 minutes to reflect the 2-minute period when the instance receives the Spot Instance interruption notice. After 2 minutes, the instance state is set to `terminated`. **Interruption experiments** You can use AWS Fault Injection Service to initiate a Spot Instance interruption so that you can test how the applications on your Spot Instances respond. If AWS FIS stops a Spot Instance, your Spot request enters the `marked-for-stop-by-experiment` state and then the `instance-stopped-by-experiment` state. If AWS FIS terminates a Spot Instance, your Spot request enters the `instance-terminated-by-experiment` state. For more information, see [Initiate a Spot Instance interruption](initiate-a-spot-instance-interruption.md). | Status code | Request state | Instance state | | --- | --- | --- | | marked-for-stop-by-experiment | active | running | | instance-stopped-by-experiment | disabled | stopped | | instance-terminated-by-experiment | closed | terminated | **Persistent requests** When your Spot Instances are terminated (either by you or Amazon EC2), if the Spot request is a persistent request, it returns to the `pending-evaluation` state and then Amazon EC2 can launch a new Spot Instance when the constraints are met. # Tag Spot Instance requests To help categorize and manage your Spot Instance requests, you can tag them with custom metadata. You can assign a tag to a Spot Instance request when you create it, or afterward. You can assign tags using the Amazon EC2 console or a command line tool. When you tag a Spot Instance request, the instances and volumes that are launched by the Spot Instance request are not automatically tagged. You need to explicitly tag the instances and volumes launched by the Spot Instance request. You can assign a tag to a Spot Instance and volumes during launch, or afterward. For more information about how tags work, see [Tag your Amazon EC2 resources](Using_Tags.md). **Topics** + [ ## Prerequisites ](#tag-spot-request-prereqs) + [ ## Tag a new Spot Instance request ](#tag-new-spot-instance-request) + [ ## Tag an existing Spot Instance request ](#tag-existing-spot-instance-request) + [ ## View Spot Instance request tags ](#view-spot-instance-request-tags) ## Prerequisites Grant the user the permission to tag resources. For more information about IAM policies and example policies, see [Example: Tag resources](ExamplePolicies_EC2.md#iam-example-taggingresources). The IAM policy you create is determined by which method you use for creating a Spot Instance request. + If you use the launch instance wizard or `run-instances` to request Spot Instances, see [To grant a user the permission to tag resources when using the launch instance wizard or run-instances](#iam-run-instances). + If you use the `request-spot-instances` command to request Spot Instances, see [To grant a user the permission to tag resources when using request-spot-instances](#iam-request-spot-instances). **To grant a user the permission to tag resources when using the launch instance wizard or run-instances** Create a IAM policy that includes the following: + The `ec2:RunInstances` action. This grants the user permission to launch an instance. + For `Resource`, specify `spot-instances-request`. This allows users to create Spot Instance requests, which request Spot Instances. + The `ec2:CreateTags` action. This grants the user permission to create tags. + For `Resource`, specify `*`. This allows users to tag all resources that are created during instance launch. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "AllowLaunchInstances", "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:us-east-1::image/*", "arn:aws:ec2:us-east-1:*:subnet/*", "arn:aws:ec2:us-east-1:*:network-interface/*", "arn:aws:ec2:us-east-1:*:security-group/*", "arn:aws:ec2:us-east-1:*:key-pair/*", "arn:aws:ec2:us-east-1:*:volume/*", "arn:aws:ec2:us-east-1:*:instance/*", "arn:aws:ec2:us-east-1:*:spot-instances-request/*" ] }, { "Sid": "TagSpotInstanceRequests", "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "*" } ] } ``` ------ When you use the RunInstances action to create Spot Instance requests and tag the Spot Instance requests on create, you need to be aware of how Amazon EC2 evaluates the `spot-instances-request` resource in the RunInstances statement it is evaluated in the IAM policy as follows: + If you don't tag a Spot Instance request on create, Amazon EC2 does not evaluate the `spot-instances-request` resource in the RunInstances statement. + If you tag a Spot Instance request on create, Amazon EC2 evaluates the `spot-instances-request` resource in the RunInstances statement. Therefore, for the `spot-instances-request` resource, the following rules apply to the IAM policy: + If you use RunInstances to create a Spot Instance request and you don't intend to tag the Spot Instance request on create, you don’t need to explicitly allow the `spot-instances-request` resource; the call will succeed. + If you use RunInstances to create a Spot Instance request and intend to tag the Spot Instance request on create, you must include the `spot-instances-request` resource in the RunInstances allow statement, otherwise the call will fail. + If you use RunInstances to create a Spot Instance request and intend to tag the Spot Instance request on create, you must specify the `spot-instances-request` resource or include a `*` wildcard in the CreateTags allow statement, otherwise the call will fail. For example IAM policies, including policies that are not supported for Spot Instance requests, see [Work with Spot Instances](ExamplePolicies_EC2.md#iam-example-spot-instances). **To grant a user the permission to tag resources when using request-spot-instances** Create a IAM policy that includes the following: + The `ec2:RequestSpotInstances` action. This grants the user permission to create a Spot Instance request. + The `ec2:CreateTags` action. This grants the user permission to create tags. + For `Resource`, specify `spot-instances-request`. This allows users to tag only the Spot Instance request. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "TagSpotInstanceRequest", "Effect": "Allow", "Action": [ "ec2:RequestSpotInstances", "ec2:CreateTags" ], "Resource": "arn:aws:ec2:us-east-1:111122223333:spot-instances-request/*" } ] } ``` ------ ## Tag a new Spot Instance request In the AWS CLI and PowerShell examples, configure the Spot Instance request as follows: + For `ResourceType`, specify `spot-instances-request`. If you specify another value, the Spot Instance request will fail. + For `Tags`, specify the key-value pair. You can specify more than one key-value pair. ------ #### [ Console ] **To tag a new Spot Instance request** 1. Follow the [Manage your Spot Instances](using-spot-instances-request.md) procedure. 1. To add a tag, on the **Add Tags** page, choose **Add Tag**, and enter the key and value for the tag. Choose **Add another tag** for each additional tag. For each tag, you can tag the Spot Instance request, the Spot Instances, and the volumes with the same tag. To tag all three, ensure that **Instances**, **Volumes**, and **Spot Instance Requests** are selected. To tag only one or two, ensure that the resources you want to tag are selected, and the other resources are cleared. 1. Complete the required fields to create a Spot Instance request, and then choose **Launch**. For more information, see [Manage your Spot Instances](using-spot-instances-request.md). ------ #### [ AWS CLI ] **To tag a new Spot Instance request** Use the [request-spot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-instances.html) command with the `--tag-specification` option. The tag specification adds two tags to the Spot Instance request: `Environment=Production` and `Cost-Center=123`. ``` aws ec2 request-spot-instances \ --instance-count 5 \ --type "one-time" \ --launch-specification file://specification.json \ --tag-specification 'ResourceType=spot-instances-request,Tags=[{Key=Environment,Value=Production},{Key=Cost-Center,Value=123}]' ``` ------ #### [ PowerShell ] **To tag a new Spot Instance request** Use the [Request-EC2SpotInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Request-EC2SpotInstance.html) cmdlet with the `-TagSpecification` parameter. ``` -TagSpecification $tagspec ``` The tag specification is defined as follows. It adds two tags to the Spot Instance request: `Environment=Production` and `Cost-Center=123`. ``` $tag1 = @{Key="Environment"; Value="Production"} $tag2 = @{Key="Cost-Center"; Value="123"} $tagspec = New-Object Amazon.EC2.Model.TagSpecification $tagspec.ResourceType = "spot-instances-request" $tagspec.Tags = @($tag1,$tag2) ``` ------ ## Tag an existing Spot Instance request ------ #### [ Console ] **To tag an existing Spot Instance request** After you have created a Spot Instance request, you can add tags to the Spot Instance request using the console. 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Select your Spot Instance request. 1. Choose the **Tags** tab and choose **Create Tag**. **To tag an existing Spot Instance using the console** After your Spot Instance request has launched your Spot Instance, you can add tags to the instance using the console. For more information, see [Add tags using the console](Using_Tags_Console.md#adding-or-deleting-tags). ------ #### [ AWS CLI ] **To tag an existing Spot Instance request or Spot Instance** Use the [create-tags](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-tags.html) command to tag existing resources. In the following example, the existing Spot Instance request and the Spot Instance are tagged with `purpose=test`. ``` aws ec2 create-tags \ --resources sir-0e54a519c9EXAMPLE i-1234567890abcdef0 \ --tags Key=purpose,Value=test ``` ------ #### [ PowerShell ] **To tag an existing Spot Instance request or Spot Instance** Use the [New-EC2Tag](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Tag.html) cmdlet. The following example adds the tag `purpose=test` to the existing Spot Instance request and the Spot Instance. ``` New-EC2Tag ` -Resource sir-0e54a519c9EXAMPLE, i-1234567890abcdef0 ` -Tag @{Key="purpose"; Value="test"} ``` ------ ## View Spot Instance request tags ------ #### [ Console ] **To view Spot Instance request tags** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Select your Spot Instance request and choose the **Tags** tab. ------ #### [ AWS CLI ] **To describe Spot Instance request tags** Use the [describe-spot-instance-requests](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-spot-instance-requests.html) command to view the configuration of the specified Spot Instance request, which includes any tags that were specified for the request. ``` aws ec2 describe-spot-instance-requests \ --spot-instance-request-ids sir-0e54a519c9EXAMPLE \ --query "SpotInstanceRequests[*].Tags" ``` The following is example output. ``` [ [ { "Key": "Environment", "Value": "Production" }, { "Key": "Department", "Value": "101" } ] ] ``` ------ #### [ PowerShell ] **To describe Spot Instance request tags** Use the [Get-EC2SpotInstanceRequest](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2SpotInstanceRequest.html) cmdlet. ``` (Get-EC2SpotInstanceRequest ` -SpotInstanceRequestId sir-0e54a519c9EXAMPLE).Tags ``` The following is example output. ``` Key Value --- ----- Environment Production Department 101 ``` ------ # Cancel a Spot Instance request If you no longer want your Spot Instance request, you can cancel it. You can only cancel Spot Instance requests that are `open`, `active`, or `disabled`. + Your Spot Instance request is `open` when your request has not yet been fulfilled and no instances have been launched. + Your Spot Instance request is `active` when your request has been fulfilled and Spot Instances have launched as a result. + Your Spot Instance request is `disabled` when you stop your Spot Instance. If your Spot Instance request is `active` and has an associated running Spot Instance, canceling the request does not terminate the instance. For more information about terminating a Spot Instance, see [Terminate a Spot Instance](using-spot-instances-request.md#terminating-a-spot-instance). ------ #### [ Console ] **To cancel a Spot Instance request** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Select the Spot Instance request. 1. Choose **Actions**, **Cancel request**. 1. (Optional) If you are finished with the associated Spot Instances, you can terminate them. In the **Cancel Spot request** dialog box, select **Terminate instances**, and then choose **Confirm**. ------ #### [ AWS CLI ] **To cancel a Spot Instance request** Use the following [cancel-spot-instance-requests](https://docs.aws.amazon.com/cli/latest/reference/ec2/cancel-spot-instance-requests.html) command. ``` aws ec2 cancel-spot-instance-requests --spot-instance-request-ids sir-0e54a519c9EXAMPLE ``` ------ #### [ PowerShell ] **To cancel a Spot Instance request** Use the [Stop-EC2SpotInstanceRequest](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2SpotInstanceRequest.html) cmdlet. ``` Stop-EC2SpotInstanceRequest -SpotInstanceRequestId sir-0e54a519c9EXAMPLE ``` ------ # Manage your Spot Instances Amazon EC2 launches a Spot Instance when capacity is available. A Spot Instance runs until it is interrupted or you terminate it yourself. **Topics** + [ ## Find your Spot Instances ](#using-spot-instances-running) + [ ## Find instances launched by a specific request ](#find-request-spot-instances) + [ ## Stop a Spot Instance ](#stopping-a-spot-instance) + [ ## Start a Spot Instance ](#starting-a-spot-instance) + [ ## Terminate a Spot Instance ](#terminating-a-spot-instance) ## Find your Spot Instances A Spot Instance appears in the **Instances** page in the console, along with On-Demand Instances. Use the following procedure to find your Spot Instances. ------ #### [ Console ] **To find your Spot Instances** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. To find all Spot Instances, in the search pane, choose **Instance lifecycle=spot**. 1. To verify that an instance is a Spot Instance, select the instance, choose the **Details** tab, and check the value of **Lifecycle**. The value for a Spot Instance is `spot` and the value for an On-Demand Instance is `normal`. ------ #### [ AWS CLI ] **To find your Spot Instances** Use the following [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. ``` aws ec2 describe-instances --filters "Name=instance-lifecycle,Values=spot" ``` **To determine whether an instance is a Spot Instance** Use the following [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. ``` aws ec2 describe-instances \ --instance-ids i-1234567890abcdef0 \ --query "Reservations[*].Instances[*].InstanceLifecycle" \ --output text ``` If the output is `spot`, the instance is a Spot Instance. If there is no output, the instance is an On-Demand Instance. ------ #### [ PowerShell ] **To find your Spot Instances** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` Get-EC2Instance -Filter @{Name="instance-lifecycle"; Values="spot"} ``` **To determine whether an instance is a Spot Instance** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance -InstanceId i-1234567890abcdef0).Instances.InstanceLifecycle ``` If the output is `Spot`, the instance is a Spot Instance. If there is no output, the instance is an On-Demand Instance. ------ ## Find instances launched by a specific request Use the following procedure to find the Spot Instances launched from a specific Spot Instance or Spot Fleet request. ------ #### [ Console ] **To find the Spot Instances for a request** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. The list contains both Spot Instance requests and Spot Fleet requests. 1. If a Spot Instance request is fulfilled, **Capacity** is the ID of the Spot Instance. For a Spot Fleet, **Capacity** indicates how much of the requested capacity has been fulfilled. To view the IDs of the instances in a Spot Fleet, choose the expand arrow, or select the fleet and choose **Instances**. 1. For a Spot Fleet, **Capacity** indicates how much of the requested capacity is fulfilled. To view the IDs of the instances in a Spot Fleet, choose the fleet ID to open its details page and locate the **Instances** pane. ------ #### [ AWS CLI ] **To find the Spot Instances for a request** Use the following [describe-spot-instance-requests](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-spot-instance-requests.html) command. ``` aws ec2 describe-spot-instance-requests \ --spot-instance-request-ids sir-0e54a519c9EXAMPLE \ --query "SpotInstanceRequests[*].{ID:InstanceId}" ``` The following is example output: ``` [ { "ID": "i-1234567890abcdef0" }, { "ID": "i-0598c7d356eba48d7" } ] ``` ------ #### [ PowerShell ] **To find the Spot Instances for a request** Use the [Get-EC2SpotInstanceRequest](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2SpotInstanceRequest.html) cmdlet. ``` (Get-EC2SpotInstanceRequest -SpotInstanceRequestId sir-0e54a519c9EXAMPLE).InstanceId ``` ------ ## Stop a Spot Instance If you don't need your Spot Instances now, but you want to restart them later without losing the data persisted in the Amazon EBS volume, you can stop them. The steps for stopping a Spot Instance are similar to the steps for stopping an On-Demand Instance. **Note** While a Spot Instance is stopped, you can modify some of its instance attributes, but not the instance type. We don't charge usage for a stopped Spot Instance, or data transfer fees, but we do charge for the storage for any Amazon EBS volumes. **Limitations** + You can only stop a Spot Instance if the Spot Instance was launched from a `persistent` Spot Instance request. + You can't stop a Spot Instance if the associated Spot Instance request is cancelled. When the Spot Instance request is cancelled, you can only terminate the Spot Instance. + You can't stop a Spot Instance if it is part of a fleet or launch group, or Availability Zone group. ------ #### [ Console ] **To stop a Spot Instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the Spot Instance. If you didn't save the instance ID of the Spot Instance, see [Find your Spot Instances](#using-spot-instances-running). 1. Choose **Instance state**, **Stop instance**. 1. When prompted for confirmation, choose **Stop**. ------ #### [ AWS CLI ] **To stop a Spot Instance** Use the [stop-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/stop-instances.html) command to manually stop your Spot Instances. ``` aws ec2 stop-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To stop a Spot Instance** Use the [Stop-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2Instance.html) cmdlet. ``` Stop-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ ## Start a Spot Instance You can start a Spot Instance that you previously stopped. **Prerequisites** You can only start a Spot Instance if: + You manually stopped the Spot Instance. + The Spot Instance is an EBS-backed instance. + Spot Instance capacity is available. + The Spot price is lower than your maximum price. **Limitations** + You can't start a Spot Instance if it is part of fleet or launch group, or Availability Zone group. The steps for starting a Spot Instance are similar to the steps for starting an On-Demand Instance. ------ #### [ Console ] **To start a Spot Instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the Spot Instance. If you didn't save the instance ID of the Spot Instance, see [Find your Spot Instances](#using-spot-instances-running). 1. Choose **Instance state**, **Start instance**. ------ #### [ AWS CLI ] **To start a Spot Instance** Use the [start-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/start-instances.html) command to manually start your Spot Instances. ``` aws ec2 start-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To start a Spot Instance** Use the [Start-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Start-EC2Instance.html) cmdlet. ``` Start-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ ## Terminate a Spot Instance **Warning** **Terminating an instance is permanent and irreversible.** After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see [How instance termination works](how-ec2-instance-termination-works.md). Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage. If you terminate a running or stopped Spot Instance that was launched by a persistent Spot Instance request, the Spot Instance request transitions to the `open` state so that a new Spot Instance can be launched. To ensure that no new Spot Instance is launched, you must first cancel the Spot Instance request. If you cancel an `active` Spot Instance request that has a running Spot Instance, the running Spot Instance is not automatically terminated; you must manually terminate the Spot Instance. If you cancel a `disabled` Spot Instance request that has a stopped Spot Instance, the stopped Spot Instance is automatically terminated by the Amazon EC2 Spot service. There might be a short lag between when you cancel the Spot Instance request and when the Spot service terminates the Spot Instance. For more information, see [Cancel a Spot Instance request](using-spot-instances-cancel.md). ------ #### [ Console ] **To manually terminate a Spot Instance** 1. Before you terminate an instance, verify that you won't lose any data by checking that your Amazon EBS volumes won't be deleted on termination and that you've copied any data that you need from your instance store volumes to persistent storage, such as Amazon EBS or Amazon S3. 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the Spot Instance. If you didn't save the instance ID of the Spot Instance, see [Find your Spot Instances](#using-spot-instances-running). 1. Choose **Instance state**, **Terminate (delete) instance**. 1. Choose **Terminate (delete)** when prompted for confirmation. ------ #### [ AWS CLI ] **To manually terminate a Spot Instance** Use the [terminate-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html) command to manually terminate your Spot Instances. ``` aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 i-0598c7d356eba48d7 ``` ------ #### [ PowerShell ] **To manually terminate a Spot Instance** Use the [Remove-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2Instance.html) cmdlet. ``` Remove-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ # Spot Instance interruptions You can launch Spot Instances on spare EC2 capacity for steep discounts in exchange for returning them when Amazon EC2 needs the capacity back. When Amazon EC2 reclaims a Spot Instance, we call this event a *Spot Instance interruption*. Demand for Spot Instances can vary significantly from moment to moment, and the availability of Spot Instances can also vary significantly depending on how many unused EC2 instances are available. It is always possible that your Spot Instance might be interrupted. The following are the possible reasons that Amazon EC2 might interrupt your Spot Instances: **Capacity** Amazon EC2 can interrupt your Spot Instance when it needs it back. EC2 reclaims your instance mainly to repurpose capacity, but it can also occur for other reasons such as host maintenance or hardware decommission. **Price** The Spot price is higher than your maximum price. You can specify the maximum price in your Spot request. However, if you specify a maximum price, your instances will be interrupted more frequently than if you do not specify it. **Constraints** If your Spot request includes a constraint such as a launch group or an Availability Zone group, the Spot Instances are terminated as a group when the constraint can no longer be met. When Amazon EC2 interrupts a Spot Instance, it either terminates, stops, or hibernates the instance, depending on the interruption behavior that you specified when you created the Spot request. **Topics** + [Interruption behavior](interruption-behavior.md) + [Prepare for interruptions](prepare-for-interruptions.md) + [Initiate an interruption](initiate-a-spot-instance-interruption.md) + [ # Spot Instance interruption notices ](spot-instance-termination-notices.md) + [ # Find interrupted Spot Instances ](finding-an-interrupted-Spot-Instance.md) + [ # Determine whether Amazon EC2 terminated a Spot Instance ](BidEvictedEvent.md) + [Billing](billing-for-interrupted-spot-instances.md) # Behavior of Spot Instance interruptions Interruption behavior When you create a Spot request, you can specify the interruption behavior. The following are the possible interruption behaviors: + [Stop](#stop-spot-instances) + [Hibernate](#hibernate-spot-instances) + [Terminate](#terminate-interrupted-spot-instances) The default behavior is that Amazon EC2 terminates Spot Instances when they are interrupted. ## Stop interrupted Spot Instances Stop You can specify that Amazon EC2 stops your Spot Instances when they are interrupted. The Spot Instance request type must be `persistent`. You can't specify a launch group in the Spot Instance request. For EC2 Fleet or Spot Fleet, the request type must be `maintain`. **Considerations** + Only Amazon EC2 can restart an interrupted stopped Spot Instance. + For a Spot Instance launched by a `persistent` Spot Instance request: Amazon EC2 restarts the stopped instance when capacity is available in the same Availability Zone and for the same instance type as the stopped instance (the same launch specification must be used). + While a Spot Instance is stopped, you can modify some of its instance attributes, but not the instance type. If you detach or delete an EBS volume, it is not attached when the Spot Instance is started. If you detach the root volume and Amazon EC2 attempts to start the Spot Instance, the instance will fail to start and Amazon EC2 will terminate the stopped instance. + You can terminate a Spot Instance while it is stopped. + If you cancel a Spot Instance request, an EC2 Fleet, or a Spot Fleet, Amazon EC2 terminates any associated Spot Instances that are stopped. + While an interrupted Spot Instance is stopped, you are charged only for the EBS volumes, which are preserved. With EC2 Fleet and Spot Fleet, if you have many stopped instances, you can exceed the limit on the number of EBS volumes for your account. For more information about how you're charged when a Spot Instance is interrupted, see [Billing for interrupted Spot Instances](billing-for-interrupted-spot-instances.md). + Make sure that you are familiar with the implications of stopping an instance. For information about what happens when an instance is stopped, see [Differences between instance states](ec2-instance-lifecycle.md#lifecycle-differences). ## Hibernate interrupted Spot Instances Hibernate You can specify that Amazon EC2 hibernates your Spot Instances when they are interrupted. For more information, see [Hibernate your Amazon EC2 instance](Hibernate.md). Amazon EC2 now offers the same hibernation experience for Spot Instances as is currently available for On-Demand Instances. It offers more extensive support, where the following is now supported for Spot Instance hibernation: + [More supported AMIs](hibernating-prerequisites.md#hibernation-prereqs-supported-amis) + [More supported instance families](hibernating-prerequisites.md#hibernation-prereqs-supported-instance-families) + [User-initiated hibernation](hibernating-instances.md) ## Terminate interrupted Spot Instances Terminate When Amazon EC2 interrupts a Spot Instance, it terminates the instance by default, unless you specify a different interruption behavior, such as stop or hibernate. For more information, see [Terminate Amazon EC2 instances](terminating-instances.md). # Prepare for Spot Instance interruptions Prepare for interruptions Demand for Spot Instances can vary significantly from moment to moment, and the availability of Spot Instances can also vary significantly depending on how many unused EC2 instances are available. It is always possible that your Spot Instance might be interrupted. Therefore, you must ensure that your application is prepared for a Spot Instance interruption. We recommend that you follow these best practices so that you're prepared for a Spot Instance interruption. + Create your Spot request using an Auto Scaling group. If your Spot Instances are interrupted, the Auto Scaling group will automatically launch replacement instances. For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*. + Ensure that your instance is ready to go as soon as the request is fulfilled by using an Amazon Machine Image (AMI) that contains the required software configuration. You can also use user data to run commands at startup. + Data on instance store volumes is lost when the instance is stopped or terminated. Back up any important data on instance store volumes to a more persistent storage, such as Amazon S3, Amazon EBS, or Amazon DynamoDB. + Store important data regularly in a place that isn't affected if the Spot Instance terminates. For example, you can use Amazon S3, Amazon EBS, or DynamoDB. + Divide the work into small tasks (using a Grid, Hadoop, or queue-based architecture) or use checkpoints so that you can save your work frequently. + Amazon EC2 emits a rebalance recommendation signal to the Spot Instance when the instance is at an elevated risk of interruption. You can rely on the rebalance recommendation to proactively manage Spot Instance interruptions without having to wait for the two-minute Spot Instance interruption notice. For more information, see [EC2 instance rebalance recommendations](rebalance-recommendations.md). + Use the two-minute Spot Instance interruption notices to monitor the status of your Spot Instances. For more information, see [Spot Instance interruption notices](spot-instance-termination-notices.md). + While we make every effort to provide these warnings as soon as possible, it is possible that your Spot Instance is interrupted before the warnings can be made available. Test your application to ensure that it handles an unexpected instance interruption gracefully, even if you are monitoring for rebalance recommendation signals and interruption notices. You can do this by running the application using an On-Demand Instance and then terminating the On-Demand Instance yourself. + Run a controlled fault injection experiment with AWS Fault Injection Service to test how your application responds when your Spot Instance is interrupted. For more information, see the [Tutorial: Test Spot Instance interruptions using AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/fis-tutorial-spot-interruptions.html) in the *AWS Fault Injection Service User Guide*. # Initiate a Spot Instance interruption Initiate an interruption You can select a Spot Instance request or a Spot Fleet request in the Amazon EC2 console and initiate a Spot Instance interruption so that you can test how the applications on your Spot Instances handle being interrupted. When you initiate a Spot Instance interruption, Amazon EC2 notifies you that your Spot Instance will be interrupted in two minutes, and then, after two minutes, the instance is interrupted. The underlying service that performs the Spot Instance interruption is AWS Fault Injection Service (AWS FIS). For information about AWS FIS, see [AWS Fault Injection Service](https://aws.amazon.com/fis/). **Note** Interruption behaviors are `terminate`, `stop`, and `hibernate`. If you set the interruption behavior to `hibernate`, when you initiate a Spot Instance interruption, the hibernation process will begin immediately. Initiating a Spot Instance interruption is supported in all AWS Regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), China (Beijing), China (Ningxia), and Middle East (UAE). **Topics** + [ ## Initiate a Spot Instance interruption ](#initiate-interruption) + [ ## Verify the Spot Instance interruption ](#spot-interruptions-verify-result) + [ ## Quotas ](#fis-quota-for-spot-instance-interruption) ## Initiate a Spot Instance interruption You can use the EC2 console to quickly initiate a Spot Instance interruption. When you select a Spot Instance request, you can initiate the interruption of one Spot Instance. When you select a Spot Fleet request, you can initiate the interruption of multiple Spot Instances at once. For more advanced experiments to test Spot Instance interruptions, you can create your own experiments using the AWS FIS console. **To initiate the interruption of one Spot Instance in a Spot Instance request using the EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation pane, choose **Spot Requests**. 1. Select a Spot Instance request, and then choose **Actions**, **Initiate interruption**. You can’t select multiple Spot Instance requests to initiate an interruption. 1. In the **Initiate Spot Instance interruption** dialog box, under **Service access**, either use the default role, or choose an existing role. To choose an existing role, choose **Use an existing service role**, and then, for **IAM role**, select the role to use. 1. When you're ready to initiate the Spot Instance interruption, choose **Initiate interruption.** **To initiate the interruption of one or more Spot Instances in a Spot Fleet request using the EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation pane, choose **Spot Requests**. 1. Select a Spot Fleet request, and then choose **Actions**, **Initiate interruption**. You can’t select multiple Spot Fleet requests to initiate an interruption. 1. In the **Specify number of Spot Instances** dialog box, for **Number of instances to interrupt**, enter the number of Spot Instances to interrupt, and then choose **Confirm**. **Note** The number can't exceed the number of Spot Instances in the fleet or your [quota](#fis-quota-for-spot-instance-interruption) for the number of Spot Instances that AWS FIS can interrupt per experiment. 1. In the **Initiate Spot Instance interruption** dialog box, under **Service access**, either use the default role, or choose an existing role. To choose an existing role, choose **Use an existing service role**, and then, for **IAM role**, select the role to use. 1. When you're ready to initiate the Spot Instance interruption, choose **Initiate interruption.** **To create more advanced experiments to test Spot Instance interruptions using the AWS FIS console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation pane, choose **Spot Requests**. 1. Choose **Actions**, **Create advanced experiments**. The AWS FIS console opens. For more information, see [Tutorial: Test Spot Instance interruptions using AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/fis-tutorial-spot-interruptions.html) in the *AWS Fault Injection Service User Guide*. ## Verify the Spot Instance interruption After you initiate the interruption, the following occurs: + The Spot Instance receives an [instance rebalance recommendation](rebalance-recommendations.md). + A [Spot Instance interruption notice](spot-instance-termination-notices.md) is issued two minutes before AWS FIS interrupts your instance. + After two minutes, the Spot Instance is interrupted. + A Spot Instance that was stopped by AWS FIS remains stopped until you restart it. **To verify that the instance was interrupted after you initiated the interruption** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation pane, open **Spot Requests** and **Instances** in separate browser tabs or windows. 1. For **Spot Requests**, select the Spot Instance request or Spot Fleet request. The initial status is `fulfilled`. After the instance is interrupted, the status changes as follows, depending on the interruption behavior: + `terminate` – The status changes to `instance-terminated-by-experiment`. + `stop` – The status changes to `marked-for-stop-by-experiment` and then `instance-stopped-by-experiment`. 1. For **Instances**, select the Spot Instance. The initial status is `Running`. Two minutes after you receive the Spot Instance interruption notice, the status changes as follows, depending on the interruption behavior: + `stop` – The status changes to `Stopping` and then `Stopped`. + `terminate` – The status changes to `Shutting-down` and then `Terminated`. ## Quotas Your AWS account has the following default quota for the number of Spot Instances that AWS FIS can interrupt per experiment. | Name | Default | Adjustable | Description | | --- | --- | --- | --- | | Target SpotInstances for aws:ec2:send-spot-instance-interruptions | Each supported Region: 5 | Yes | The maximum number of Spot Instances that aws:ec2:send-spot-instance-interruptions can target when you identify targets using tags, per experiment. | You can request a quota increase. For more information, see [Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*. To view all the quotas for AWS FIS, open the [Service Quotas console](https://console.aws.amazon.com/servicequotas/home). In the navigation pane, choose **AWS services** and select **AWS Fault Injection Service**. You can also view all the [quotas for AWS Fault Injection Service](https://docs.aws.amazon.com/fis/latest/userguide/fis-quotas.html) in the *AWS Fault Injection Service User Guide*. # Spot Instance interruption notices A *Spot Instance interruption notice* is a warning that is issued two minutes before Amazon EC2 stops or terminates your Spot Instance. If you specify hibernation as the interruption behavior, you receive an interruption notice, but you do not receive a two-minute warning because the hibernation process begins immediately. The best way for you to gracefully handle Spot Instance interruptions is to architect your application to be fault-tolerant. To accomplish this, you can take advantage of Spot Instance interruption notices. We recommend that you check for these interruption notices every 5 seconds. The interruption notices are made available as an EventBridge event and as items in the [instance metadata](ec2-instance-metadata.md) on the Spot Instance. Interruption notices are emitted on a best effort basis. ## EC2 Spot Instance Interruption Warning event When Amazon EC2 is going to interrupt your Spot Instance, it emits an event two minutes prior to the actual interruption (except for hibernation, which gets the interruption notice, but not two minutes in advance, because hibernation begins immediately). This event can be detected by Amazon EventBridge. For more information about EventBridge events, see the [Amazon EventBridge User Guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/). For a detailed example that walks you through how to create and use event rules, see [Taking Advantage of Amazon EC2 Spot Instance Interruption Notices](https://aws.amazon.com/blogs/compute/taking-advantage-of-amazon-ec2-spot-instance-interruption-notices/). The following is an example of the event for Spot Instance interruption. The possible values for `instance-action` are `hibernate`, `stop`, or `terminate`. ``` { "version": "0", "id": "12345678-1234-1234-1234-123456789012", "detail-type": "EC2 Spot Instance Interruption Warning", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-2", "resources": ["arn:aws:ec2:us-east-2a:instance/i-1234567890abcdef0"], "detail": { "instance-id": "i-1234567890abcdef0", "instance-action": "action" } } ``` **Note** The ARN format of the Spot Instance interruption event is `arn:aws:ec2:availability-zone:instance/instance-id`. This format differs from the [EC2 resource ARN format](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-resources-for-iam-policies). ## instance-action The `instance-action` item specifies the action and the approximate time, in UTC, when the action will occur. If your Spot Instance is marked to be stopped or terminated by Amazon EC2, the `instance-action` item is present in your [instance metadata](ec2-instance-metadata.md). Otherwise, it is not present. You can retrieve the `instance-action` using Instance Metadata Service Version 2 (IMDSv2) as follows. ------ #### [ Linux ] ``` TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/spot/instance-action ``` ------ #### [ Windows ] ``` [string]$token = Invoke-RestMethod ` -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} ` -Method PUT -Uri http://169.254.169.254/latest/meta-data/spot/instance-action ``` ------ The following example output indicates the time at which this instance will be stopped. ``` {"action": "stop", "time": "2017-09-18T08:22:00Z"} ``` The following example output indicates the time at which this instance will be terminated. ``` {"action": "terminate", "time": "2017-09-18T08:22:00Z"} ``` If Amazon EC2 is not preparing to stop or terminate the instance, or if you terminated the instance yourself, `instance-action` is not present in the instance metadata and you receive an HTTP 404 error when you try to retrieve it. ## termination-time The `termination-time` item specifies the approximate time in UTC when the instance will receive the shutdown signal. **Note** This item is maintained for backward compatibility; you should use `instance-action` instead. If your Spot Instance is marked for termination by Amazon EC2 (either due to a Spot Instance interruption where the interruption behavior is set to `terminate`, or due to the cancellation of a persistent Spot Instance request), the `termination-time` item is present in your [instance metadata](ec2-instance-metadata.md). Otherwise, it is not present. You can retrieve the `termination-time` using IMDSv2 as follows. ------ #### [ Linux ] ``` TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` if curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/spot/termination-time | grep -q .*T.*Z; then echo termination_scheduled; fi ``` ------ #### [ Windows ] ``` [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/meta-data/spot/termination-time ``` ------ The following is example output. ``` 2015-01-05T18:02:00Z ``` If Amazon EC2 is not preparing to terminate the instance (either because there is no Spot Instance interruption or because your interruption behavior is set to `stop` or `hibernate`), or if you terminated the Spot Instance yourself, the `termination-time` item is either not present in the instance metadata (so you receive an HTTP 404 error) or contains a value that is not a time value. If Amazon EC2 fails to terminate the instance, the request status is set to `fulfilled`. The `termination-time` value remains in the instance metadata with the original approximate time, which is now in the past. # Find interrupted Spot Instances When you describe your EC2 instances, the results include your Spot Instances. The instance lifecycle of a Spot Instance is `spot`. The instance state of a Spot Instance is either `stopped` or `terminated`, depending on the interruption behavior that you configured. For a hibernated Spot Instance, the instance state is `stopped`. For additional details about the reason for the interruption, check the Spot request status code. For more information, see [Get the status of a Spot Instance request](spot-request-status.md). ------ #### [ Console ] **To find an interrupted Spot Instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Apply the following filter: **Instance lifecycle=spot**. 1. Apply the **Instance state=stopped** or **Instance state=terminated** filter depending on the interruption behavior that you configured. 1. For each Spot Instance, on the **Details** tab, under **Instance details**, find **State transition message**. The following codes indicate that the Spot Instance was interrupted. + `Server.SpotInstanceShutdown` + `Server.SpotInstanceTermination` ------ #### [ AWS CLI ] **To find interrupted Spot Instances** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command with the `--filters` option. To list only the instance IDs in the output, include the `--query` option. If the interruption behavior is to terminate the Spot Instances, use the following example: ``` aws ec2 describe-instances \ --filters Name=instance-lifecycle,Values=spot \ Name=instance-state-name,Values=terminated \ Name=state-reason-code,Values=Server.SpotInstanceTermination \ --query "Reservations[*].Instances[*].InstanceId" ``` If the interruption behavior is to stop the Spot Instances, use the following example: ``` aws ec2 describe-instances \ --filters Name=instance-lifecycle,Values=spot \ Name=instance-state-name,Values=stopped \ Name=state-reason-code,Values=Server.SpotInstanceShutdown \ --query "Reservations[*].Instances[*].InstanceId" ``` ------ #### [ PowerShell ] **To find interrupted Spot Instances** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. If the interruption behavior is to terminate the Spot Instances, use the following example: ``` (Get-EC2Instance ` -Filter @{Key="instance-lifecycle"; Values="spot"} ` @{Key="instance-state-name"; Values="terminated"} ` @{Key="state-reason-code"; Values="Server.SpotInstanceTermination"}).Instances.InstanceId ``` If the interruption behavior is to stop the Spot Instances, use the following example: ``` (Get-EC2Instance ` -Filter @{Key="instance-lifecycle"; Values="spot"} ` @{Key="instance-state-name"; Values="stopped"} ` @{Key="state-reason-code"; Values="Server.SpotInstanceTermination"}).Instances.InstanceId ``` ------ # Determine whether Amazon EC2 terminated a Spot Instance A Spot Instance runs until Amazon EC2 terminates it in response to a Spot Instance interruption, or until you terminate it yourself. For more information, see [Behavior of Spot Instance interruptions](interruption-behavior.md). After a Spot Instance is terminated, you can use AWS CloudTrail to see whether Amazon EC2 terminated it. If the CloudTrail log includes a `BidEvictedEvent`, this indicates that Amazon EC2 terminated the Spot Instance. If instead you see a `TerminateInstances` event, this indicates that a user terminated the Spot Instance. Alternatively, if you want to receive notification that Amazon EC2 is going to interrupt your Spot Instance, use Amazon EventBridge to respond to the [EC2 Spot Instance Interruption Warning event](spot-instance-termination-notices.md#ec2-spot-instance-interruption-warning-event). **To view BidEvictedEvent events in CloudTrail** 1. Open the CloudTrail console at [https://console.aws.amazon.com/cloudtrail/](https://console.aws.amazon.com/cloudtrail/). 1. In the navigation pane, choose **Event history**. 1. From the list of filters, choose **Event name**, and then in the filter field to the right, enter **BidEvictedEvent**. 1. (Optional) Select a time range. 1. If the list is not empty, choose **BidEvictedEvent** from the resulting entry to open its details page. You can find information about the Spot Instance in the **Event record** pane, including the ID of the Spot Instance. The following is an example of the event record. ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "ec2.amazonaws.com" }, "eventTime": "2016-08-16T22:30:00Z", "eventSource": "ec2.amazonaws.com", "userAgent": "ec2.amazonaws.com", "sourceIPAddress": "ec2.amazonaws.com", "eventName": "BidEvictedEvent", "awsRegion": "us-east-2", "eventID": "d27a6096-807b-4bd0-8c20-a33a83375054", "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "RequestParameters": null, "ResponseElements": null, "serviceEventDetails": { "instanceIdSet": [ "i-1eb2ac8eEXAMPLE" ] } } ``` 1. If you did not find an entry for the `BidEvictedEvent` event, enter **TerminateInstances** as the event name. For more information about the event record for `TerminateInstances`, see [Amazon EC2 API event examples](monitor-with-cloudtrail.md#cloudtrail-event-examples). # Billing for interrupted Spot Instances Billing When a Spot Instance is interrupted, you're charged for instance and EBS volume usage, and you might incur other charges, as follows. ## Instance usage [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-for-interrupted-spot-instances.html) ## EBS volume usage While an interrupted Spot Instance is stopped, you are charged only for the EBS volumes, which are preserved. With EC2 Fleet and Spot Fleet, if you have many stopped instances, you can exceed the limit on the number of EBS volumes for your account. # EC2 instance rebalance recommendations Rebalance recommendations An EC2 instance *rebalance recommendation* is a signal that notifies you when a Spot Instance is at elevated risk of interruption. The signal can arrive sooner than the [two-minute Spot Instance interruption notice](spot-instance-termination-notices.md), giving you the opportunity to proactively manage the Spot Instance. You can decide to rebalance your workload to new or existing Spot Instances that are not at an elevated risk of interruption. It is not always possible for Amazon EC2 to send the rebalance recommendation signal before the two-minute Spot Instance interruption notice. Therefore, the rebalance recommendation signal can arrive along with the two-minute interruption notice. Rebalance recommendations are made available as a EventBridge event and as an item in the [instance metadata](ec2-instance-metadata.md) on the Spot Instance. Events are emitted on a best effort basis. **Note** Rebalance recommendations are only supported for Spot Instances that are launched after November 5, 2020 00:00 UTC. **Topics** + [ ## Rebalance actions you can take ](#rebalancing-actions) + [ ## Monitor rebalance recommendation signals ](#monitor-rebalance-recommendations) + [ ## Services that use the rebalance recommendation signal ](#services-using-rebalance-rec-signal) ## Rebalance actions you can take These are some of the possible rebalancing actions that you can take: Graceful shutdown When you receive the rebalance recommendation signal for a Spot Instance, you can start your instance shutdown procedures, which might include ensuring that processes are completed before stopping them. For example, you can upload system or application logs to Amazon Simple Storage Service (Amazon S3), you can shut down Amazon SQS workers, or you can complete deregistration from the Domain Name System (DNS). You can also save your work in external storage and resume it at a later time. Prevent new work from being scheduled When you receive the rebalance recommendation signal for a Spot Instance, you can prevent new work from being scheduled on the instance, while continuing to use the instance until the scheduled work is completed. Proactively launch new replacement instances You can configure Auto Scaling groups, EC2 Fleet, or Spot Fleet to automatically launch replacement Spot Instances when a rebalance recommendation signal is emitted. For more information, see [Use Capacity Rebalancing to handle Amazon EC2 Spot interruptions](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html) in the *Amazon EC2 Auto Scaling User Guide*, and [Use Capacity Rebalancing in EC2 Fleet and Spot Fleet to replace at-risk Spot Instances](ec2-fleet-capacity-rebalance.md) in this user guide. ## Monitor rebalance recommendation signals You can monitor the rebalance recommendation signal so that, when it is emitted, you can take the actions that are specified in the preceding section. The rebalance recommendation signal is made available as an event that is sent to Amazon EventBridge (formerly known as Amazon CloudWatch Events) and as instance metadata on the Spot Instance. **Topics** + [ ### Use Amazon EventBridge ](#cp-eventbridge) + [ ### Use instance metadata ](#cp-instance-metadata) ### Use Amazon EventBridge When the rebalance recommendation signal is emitted for a Spot Instance, the event for the signal is sent to Amazon EventBridge. If EventBridge detects an event pattern that matches a pattern defined in a rule, EventBridge invokes a target (or targets) specified in the rule. The following is an example event for the rebalance recommendation signal. ``` { "version": "0", "id": "12345678-1234-1234-1234-123456789012", "detail-type": "EC2 Instance Rebalance Recommendation", "source": "aws.ec2", "account": "123456789012", "time": "yyyy-mm-ddThh:mm:ssZ", "region": "us-east-2", "resources": ["arn:aws:ec2:us-east-2:123456789012:instance/i-1234567890abcdef0"], "detail": { "instance-id": "i-1234567890abcdef0" } } ``` The following fields form the event pattern that is defined in the rule: `"detail-type": "EC2 Instance Rebalance Recommendation"` Identifies that the event is a rebalance recommendation event `"source": "aws.ec2"` Identifies that the event is from Amazon EC2 #### Create an EventBridge rule You can write an EventBridge rule and automate what actions to take when the event pattern matches the rule. The following example creates an EventBridge rule to send an email, text message, or mobile push notification every time Amazon EC2 emits a rebalance recommendation signal. The signal is emitted as an `EC2 Instance Rebalance Recommendation` event, which triggers the action defined by the rule. Before creating the EventBridge rule, you must create the Amazon SNS topic for the email, text message, or mobile push notification. **To create an EventBridge rule for a rebalance recommendation event** 1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/). 1. Choose **Create rule**. 1. For **Define rule detail**, do the following: 1. Enter a **Name** for the rule, and, optionally, a description. A rule can't have the same name as another rule in the same Region and on the same event bus. 1. For **Event bus**, choose **default**. When an AWS service in your account generates an event, it always goes to your account's default event bus. 1. For **Rule type**, choose **Rule with an event pattern**. 1. Choose **Next**. 1. For **Build event pattern**, do the following: 1. For **Event source**, choose **AWS events or EventBridge partner events**. 1. For **Event pattern**, for this example you’ll specify the following event pattern to match the `EC2 Instance Rebalance Recommendation` event, and then choose **Save**. ``` { "source": ["aws.ec2"], "detail-type": ["EC2 Instance Rebalance Recommendation"] } ``` To add the event pattern, you can either use a template by choosing **Event pattern form**, or specify your own pattern by choosing **Custom pattern (JSON editor)**, as follows: 1. To use a template to create the event pattern, do the following: 1. Choose **Event pattern form**. 1. For **Event source**, choose **AWS services**. 1. For **AWS Service**, choose **EC2 Spot Fleet**. 1. For **Event type**, choose **EC2 Instance Rebalance Recommendation**. 1. To customize the template, choose **Edit pattern** and make your changes to match the example event pattern. 1. (Alternative) To specify a custom event pattern, do the following: 1. Choose **Custom pattern (JSON editor)**. 1. In the **Event pattern** box, add the event pattern for this example. 1. Choose **Next**. 1. For **Select target(s)**, do the following: 1. For **Target types**, choose **AWS service**. 1. For **Select a target**, choose **SNS topic** to send an email, text message, or mobile push notification when the event occurs. 1. For **Topic**, choose an existing topic. You first need to create an Amazon SNS topic using the Amazon SNS console. For more information, see [Using Amazon SNS for application-to-person (A2P) messaging](https://docs.aws.amazon.com//sns/latest/dg/sns-user-notifications.html) in the *Amazon Simple Notification Service Developer Guide*. 1. (Optional) Under **Additional settings**, you can optionally configure additional settings. For more information, see [Creating Amazon EventBridge rules that react to events](https://docs.aws.amazon.com//eventbridge/latest/userguide/eb-create-rule.html) (step 16) in the *Amazon EventBridge User Guide*. 1. Choose **Next**. 1. (Optional) For **Tags**, you can optionally assign one or more tags to your rule, and then choose **Next**. 1. For **Review and create**, do the following: 1. Review the details of the rule and modify them as necessary. 1. Choose **Create rule**. For more information, see [Amazon EventBridge rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rules.html) and [Amazon EventBridge event patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html) in the *Amazon EventBridge User Guide* ### Use instance metadata The instance metadata category `events/recommendations/rebalance` provides the approximate time, in UTC, when the rebalance recommendation signal was emitted for a Spot Instance. We recommend that you check for rebalance recommendation signals every 5 seconds so that you don't miss an opportunity to act on the rebalance recommendation. If a Spot Instance receives a rebalance recommendation, the time that the signal was emitted is present in the instance metadata. You can retrieve the time that the signal was emitted as follows. ------ #### [ IMDSv2 ] **Linux** Run the following command from your Linux instance. **IMDSv2** ``` TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/events/recommendations/rebalance ``` **Windows** Run the following cmdlet from your Windows instance ``` [string]$token = Invoke-RestMethod ` -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} ` -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` Invoke-RestMethod ` -Headers @{"X-aws-ec2-metadata-token" = $token} ` -Method GET -Uri http://169.254.169.254/latest/meta-data/events/recommendations/rebalance ``` ------ #### [ IMDSv1 ] **Linux** Run the following command from your Linux instance. ``` curl http://169.254.169.254/latest/meta-data/events/recommendations/rebalance ``` **Windows** Run the following cmdlet from your Windows instance. ``` Invoke-RestMethod -Uri http://169.254.169.254/latest/meta-data/events/recommendations/rebalance ``` ------ The following is example output, which indicates the time, in UTC, that the rebalance recommendation signal was emitted for the Spot Instance. ``` {"noticeTime": "2020-10-27T08:22:00Z"} ``` If the signal has not been emitted for the instance, `events/recommendations/rebalance` is not present and you receive an HTTP 404 error when you try to retrieve it. ## Services that use the rebalance recommendation signal Amazon EC2 Auto Scaling, EC2 Fleet, and Spot Fleet use the rebalance recommendation signal to make it easy for you to maintain workload availability by proactively augmenting your fleet with a new Spot Instance before a running instance receives the two-minute Spot Instance interruption notice. You can have these services monitor and respond proactively to changes affecting the availability of your Spot Instances. For more information, see the following: + [Use Capacity Rebalancing to handle Amazon EC2 Spot interruptions](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html) in the *Amazon EC2 Auto Scaling User Guide* + [Use Capacity Rebalancing in EC2 Fleet and Spot Fleet to replace at-risk Spot Instances](ec2-fleet-capacity-rebalance.md) in the EC2 Fleet and Spot Fleet topic in this user guide # Spot placement score The Spot placement score feature can recommend an AWS Region or Availability Zone based on your Spot capacity requirements. Spot capacity fluctuates, and you can't be sure that you'll always get the capacity that you need. A Spot placement score indicates how likely it is that a Spot request will succeed in a Region or Availability Zone. **Note** A Spot placement score does not provide any guarantees in terms of available capacity or risk of interruption. A Spot placement score serves only as a recommendation. **Use cases** You can use the Spot placement score feature for the following: + To relocate and scale Spot compute capacity in a different Region, as needed, in response to increased capacity needs or decreased available capacity in the current Region. + To identify the most optimal Availability Zone in which to run single-Availability Zone workloads. + To simulate future Spot capacity needs so that you can pick an optimal Region for the expansion of your Spot-based workloads. + To find an optimal combination of instance types to fulfill your Spot capacity needs. **Topics** + [ ## Limitations ](#sps-limitations) + [ ## Costs ](#sps-costs) + [ # How Spot placement score works ](how-sps-works.md) + [ # Required permissions for Spot placement score ](sps-iam-permission.md) + [ # Calculate the Spot placement score ](work-with-spot-placement-score.md) ## Limitations + **Target capacity limit** – Your Spot placement score target capacity limit is based on your recent Spot usage, while accounting for potential usage growth. If you have no recent Spot usage, we provide you with a low default limit aligned with your Spot request limit. + **Request configurations limit** – We can limit the number of new request configurations within a 24-hour period if we detect patterns not associated with the intended use of the Spot placement score feature. If you reach the limit, you can retry the request configurations that you've already used, but you can't specify new request configurations until the next 24-hour period. + **Minimum number of instance types** – If you specify instance types, you must specify at least three different instance types, otherwise Amazon EC2 will return a low Spot placement score. Similarly, if you specify instance attributes, they must resolve to at least three different instance types. Instance types are considered different if they have a different name. For example, m5.8xlarge, m5a.8xlarge, and m5.12xlarge are all considered different. ## Costs There is no additional charge for using the Spot placement score feature. # How Spot placement score works When you use the Spot placement score feature, you first specify your compute requirements for your Spot Instances, and then Amazon EC2 returns the top 10 Regions or Availability Zones where your Spot request is likely to succeed. Each Region or Availability Zone is scored on a scale from 1 to 10, with 10 indicating that your Spot request is highly likely to succeed, and 1 indicating that your Spot request is not likely to succeed. **Topics** + [ ## Step 1: Specify your Spot requirements ](#sps-specify-requirements) + [ ## Step 2: Filter the Spot placement score response ](#get-sps) + [ ## Step 3: Review the recommendations ](#sps-recommendations) + [ ## Step 4: Use the recommendations ](#sps-use-recommendations) ## Step 1: Specify your Spot requirements First, you specify your desired target Spot capacity and your compute requirements, as follows: 1. **Specify the target Spot capacity, and optionally the target capacity unit.** You can specify your desired target Spot capacity in terms of the number of instances or vCPUs, or in terms of the amount of memory in MiB. To specify the target capacity in number of vCPUs or amount of memory, you must specify the target capacity unit as `vcpu` or `memory-mib`. Otherwise, it defaults to number of instances. By specifying your target capacity in terms of the number of vCPUs or the amount of memory, you can use these units when counting the total capacity. For example, if you want to use a mix of instances of different sizes, you can specify the target capacity as a total number of vCPUs. The Spot placement score feature then considers each instance type in the request by its number of vCPUs, and counts the total number of vCPUs rather than the total number of instances when totaling up the target capacity. For example, say you specify a total target capacity of 30 vCPUs, and your instance type list consists of c5.xlarge (4 vCPUs), m5.2xlarge (8 vCPUs), and r5.large (2 vCPUs). To achieve a total of 30 vCPUs, you could get a mix of 2 c5.xlarge (2\$14 vCPUs), 2 m5.2xlarge (2\$18 vCPUs), and 3 r5.large (3\$12 vCPUs). 1. **Specify instance types or instance attributes.** You can either specify the instance types to use, or you can specify the instance attributes that you need for your compute requirements, and then let Amazon EC2 identify the instance types that have those attributes. This is known as attribute-based instance type selection. You can't specify both instance types and instance attributes in the same Spot placement score request. If you specify instance types, you must specify at least three different instance types, otherwise Amazon EC2 will return a low Spot placement score. Similarly, if you specify instance attributes, they must resolve to at least three different instance types. For examples of different ways to specify your Spot requirements, see [Example configurations](work-with-spot-placement-score.md#sps-example-configs). ## Step 2: Filter the Spot placement score response Amazon EC2 calculates the Spot placement score for each Region or Availability Zone, and returns either the top 10 Regions or the top 10 Availability Zones where your Spot request is likely to succeed. The default is to return a list of scored Regions. If you plan to launch all of your Spot capacity into a single Availability Zone, then it's useful to request a list of scored Availability Zones. You can specify a Region filter to narrow down the Regions that will be returned in the response. You can combine the Region filter and a request for scored Availability Zones. In this way, the scored Availability Zones are confined to the Regions for which you've filtered. To find the highest-scored Availability Zone in a Region, specify only that Region, and the response will return a scored list of all of the Availability Zones in that Region. ## Step 3: Review the recommendations The Spot placement score for each Region or Availability Zone is calculated based on the target capacity, the composition of the instance types, the historical and current Spot usage trends, and the time of the request. Because Spot capacity is constantly fluctuating, the same Spot placement score request can yield different scores when calculated at different times. Regions and Availability Zones are scored on a scale from 1 to 10. A score of 10 indicates that your Spot request is highly likely—but not guaranteed—to succeed. A score of 1 indicates that your Spot request is not likely to succeed at all. The same score might be returned for different Regions or Availability Zones. If low scores are returned, you can edit your compute requirements and recalculate the score. You can also request Spot placement score recommendations for the same compute requirements at different times of the day. ## Step 4: Use the recommendations A Spot placement score is only relevant if your Spot request has exactly the same configuration as the Spot placement score configuration (target capacity, target capacity unit, and instance types or instance attributes), and is configured to use the `capacity-optimized` allocation strategy. Otherwise, the likelihood of getting available Spot capacity will not align with the score. While a Spot placement score serves as a guideline, and no score guarantees that your Spot request will be fully or partially fulfilled, you can use the following information to get the best results: + **Use the same configuration** – The Spot placement score is relevant only if the Spot request configuration (target capacity, target capacity unit, and instance types or instance attributes) in your Auto Scaling group, EC2 Fleet, or Spot Fleet is the same as what you entered to get the Spot placement score. If you used attribute-based instance type selection in your Spot placement score request, you can use attribute-based instance type selection to configure your Auto Scaling group, EC2 Fleet, or Spot Fleet. For more information, see [Create mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) and [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](ec2-fleet-attribute-based-instance-type-selection.md). **Note** If you specified your target capacity in terms of the number of vCPUs or the amount of memory, and you specified instance types in your Spot placement score configuration, note that you can’t currently create this configuration in your Auto Scaling group, EC2 Fleet, or Spot Fleet. Instead, you must manually set the instance weighting by using the `WeightedCapacity` parameter. + **Use the `capacity-optimized` allocation strategy** – Any score assumes that your fleet request will be configured to use all Availability Zones (for requesting capacity across Regions) or a single Availability Zone (if requesting capacity in one Availability Zone) and the `capacity-optimized` Spot allocation strategy for your request for Spot capacity to succeed. If you use other allocation strategies, such as `lowest-price`, the likelihood of getting available Spot capacity will not align with the score. + **Act on a score immediately** – The Spot placement score recommendation reflects the available Spot capacity at the time of the request, and the same configuration can yield different scores when calculated at different times due to Spot capacity fluctuations. While a score of 10 means that your Spot capacity request is highly likely—but not guaranteed—to succeed, for best results we recommend that you act on a score immediately. We also recommend that you get a fresh score each time you attempt a capacity request. # Required permissions for Spot placement score Required permissions By default, IAM identities (users, roles, or groups) don't have permission to use [Spot placement score](spot-placement-score.md). To allow IAM identities to use Spot placement score, you must create an IAM policy that grants permission to use the `ec2:GetSpotPlacementScores` EC2 API action. You then attach the policy to the IAM identities that require this permission. The following is an example IAM policy that grants permission to use the `ec2:GetSpotPlacementScores` EC2 API action. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:GetSpotPlacementScores", "Resource": "*" } ] } ``` ------ For information about editing an IAM policy, see [Editing IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html) in the *IAM User Guide*. To provide access, add permissions to your users, groups, or roles: + Users and groups in AWS IAM Identity Center: Create a permission set. Follow the instructions in [Create a permission set](https://docs.aws.amazon.com//singlesignon/latest/userguide/howtocreatepermissionset.html) in the *AWS IAM Identity Center User Guide*. + Users managed in IAM through an identity provider: Create a role for identity federation. Follow the instructions in [Create a role for a third-party identity provider (federation)](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_roles_create_for-idp.html) in the *IAM User Guide*. + IAM users: + Create a role that your user can assume. Follow the instructions in [Create a role for an IAM user](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_roles_create_for-user.html) in the *IAM User Guide*. + (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in [Adding permissions to a user (console)](https://docs.aws.amazon.com//IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the *IAM User Guide*. # Calculate the Spot placement score You can calculate a Spot placement score based on target capacity and compute requirements. For more information, see [How Spot placement score works](how-sps-works.md). **Required permissions** Ensure that you have the required permissions. For more information, see [Required permissions for Spot placement score](sps-iam-permission.md). **Topics** + [ ## Calculate using instance attributes ](#sps-specify-instance-attributes-console) + [ ## Calculate using instance types ](#sps-specify-instance-types-console) + [ ## Calculate using the AWS CLI ](#calculate-sps-cli) **Looking for an automated solution?** Instead of following the manual steps in this user guide, you can build a Spot placement score tracker dashboard that automatically captures and stores the scores in Amazon CloudWatch. For more information, see [Guidance for Building a Spot Placement Score Tracker Dashboard on AWS](https://aws.amazon.com/solutions/guidance/building-a-spot-placement-score-tracker-dashboard-on-aws/). ## Calculate using instance attributes **To calculate a Spot placement score by specifying instance attributes** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Choose the down arrow next to **Request Spot Instances** and choose **Calculate Spot Placement Score**. 1. Choose **Enter requirements**. 1. For **Target capacity**, enter your desired capacity in terms of the number of **instances** or **vCPUs**, or the amount of **memory (MiB)**. 1. For **Instance type requirements**, to specify your compute requirements and let Amazon EC2 identify the optimal instance types with these requirements, choose **Specify instance attributes that match your compute requirements**. 1. For **vCPUs**, enter the desired minimum and maximum number of vCPUs. To specify no limit, select **No minimum**, **No maximum**, or both. 1. For **Memory (GiB)**, enter the desired minimum and maximum amount of memory. To specify no limit, select **No minimum**, **No maximum**, or both. 1. For **CPU architecture**, select the required instance architecture. 1. (Optional) For **Additional instance attributes**, you can optionally specify one or more attributes to express your compute requirements in more detail. Each additional attribute adds a further constraint to your request. You can omit the additional attributes; when omitted, the default values are used. For a description of each attribute and their default values, see [get-spot-placement-scores](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-spot-placement-scores.html). 1. (Optional) To view the instance types with your specified attributes, expand **Preview matching instance types**. To exclude instance types from being used in the placement evaluation, select the instances and then choose **Exclude selected instance types**. 1. Choose **Load placement scores**, and review the results. 1. (Optional) To display the Spot placement score for specific Regions, for **Regions to evaluate**, select the Regions to evaluate, and then choose **Calculate placement scores**. 1. (Optional) To display the Spot placement score for the Availability Zones in the displayed Regions, select the **Provide placement scores per Availability Zone** checkbox. A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone. 1. (Optional) To edit your compute requirements and get a new placement score, choose **Edit**, make the necessary adjustments, and then choose **Calculate placement scores**. ## Calculate using instance types **To calculate a Spot placement score by specifying instance types** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Choose the down arrow next to **Request Spot Instances** and choose **Calculate Spot Placement Score**. 1. Choose **Enter requirements**. 1. For **Target capacity**, enter your desired capacity in terms of the number of **instances** or **vCPUs**, or the amount of **memory (MiB)**. 1. For **Instance type requirements**, to specify the instance types to use, choose **Manually select instance types**. 1. Choose **Select instance types**, select the instance types to use, and then choose **Select**. To quickly find instance types, you can use the filter bar to filter the instance types by different properties. 1. Choose **Load placement scores**, and review the results. 1. (Optional) To display the Spot placement score for specific Regions, for **Regions to evaluate**, select the Regions to evaluate, and then choose **Calculate placement scores**. 1. (Optional) To display the Spot placement score for the Availability Zones in the displayed Regions, select the **Provide placement scores per Availability Zone** checkbox. A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone. 1. (Optional) To edit the list of instance types and get a new placement score, choose **Edit**, make the necessary adjustments, and then choose **Calculate placement scores**. ## Calculate using the AWS CLI **To calculate the Spot placement score** 1. (Optional) To generate all of the possible parameters that can be specified for the Spot placement score configuration, use the [get-spot-placement-scores](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-spot-placement-scores.html) command and the `--generate-cli-skeleton` parameter. ``` aws ec2 get-spot-placement-scores \ --region us-east-1 \ --generate-cli-skeleton ``` The following is example output. ``` { "InstanceTypes": [ "" ], "TargetCapacity": 0, "TargetCapacityUnitType": "vcpu", "SingleAvailabilityZone": true, "RegionNames": [ "" ], "InstanceRequirementsWithMetadata": { "ArchitectureTypes": [ "x86_64_mac" ], "VirtualizationTypes": [ "hvm" ], "InstanceRequirements": { "VCpuCount": { "Min": 0, "Max": 0 }, "MemoryMiB": { "Min": 0, "Max": 0 }, "CpuManufacturers": [ "amd" ], "MemoryGiBPerVCpu": { "Min": 0.0, "Max": 0.0 }, "ExcludedInstanceTypes": [ "" ], "InstanceGenerations": [ "previous" ], "SpotMaxPricePercentageOverLowestPrice": 0, "OnDemandMaxPricePercentageOverLowestPrice": 0, "BareMetal": "excluded", "BurstablePerformance": "excluded", "RequireHibernateSupport": true, "NetworkInterfaceCount": { "Min": 0, "Max": 0 }, "LocalStorage": "included", "LocalStorageTypes": [ "hdd" ], "TotalLocalStorageGB": { "Min": 0.0, "Max": 0.0 }, "BaselineEbsBandwidthMbps": { "Min": 0, "Max": 0 }, "AcceleratorTypes": [ "fpga" ], "AcceleratorCount": { "Min": 0, "Max": 0 }, "AcceleratorManufacturers": [ "amd" ], "AcceleratorNames": [ "vu9p" ], "AcceleratorTotalMemoryMiB": { "Min": 0, "Max": 0 } } }, "DryRun": true, "MaxResults": 0, "NextToken": "" } ``` 1. Create a JSON configuration file using the output from the previous step, and configure it as follows: 1. For `TargetCapacity`, enter your desired Spot capacity in terms of the number of instances or vCPUs, or the amount of memory (MiB). 1. For `TargetCapacityUnitType`, enter the unit for the target capacity. If you omit this parameter, it defaults to `units`. Valid values: `units` (which translates to number of instances) \$1 `vcpu` \$1 `memory-mib` 1. For `SingleAvailabilityZone`, specify `true` for a response that returns a list of scored Availability Zones. A list of scored Availability Zones is useful if you want to launch all of your Spot capacity into a single Availability Zone. If you omit this parameter, it defaults to `false`, and the response returns a list of scored Regions. 1. (Optional) For `RegionNames`, specify the Regions to use as a filter. You must specify the Region code, for example, `us-east-1`. With a Region filter, the response returns only the Regions that you specify. If you specified `true` for `SingleAvailabilityZone`, the response returns only the Availability Zones in the specified Regions. 1. You can include either `InstanceTypes` or `InstanceRequirements`, but not both in the same configuration. Specify one of the following in your JSON configuration: + To specify a list of instance types, specify the instance types in the `InstanceTypes` parameter. Specify at least three different instance types. If you specify only one or two instance types, Spot placement score returns a low score. For the list of instance types, see [Amazon EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/). + To specify the instance attributes so that Amazon EC2 will identify the instance types that match those attributes, specify the attributes that are located in the `InstanceRequirements` structure. You must provide values for `VCpuCount`, `MemoryMiB`, and `CpuManufacturers`. You can omit the other attributes; when omitted, the default values are used. For a description of each attribute and their default values, see [get-spot-placement-scores](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-spot-placement-scores.html). For example configurations, see [Example configurations](#sps-example-configs). 1. To get the Spot placement score for the requirements that you specified in the JSON file, use the [get-spot-placement-scores](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-spot-placement-scores.html) command, and specify the name and path to your JSON file by using the `--cli-input-json` parameter. ``` aws ec2 get-spot-placement-scores \ --region us-east-1 \ --cli-input-json file://file_name.json ``` Example output if `SingleAvailabilityZone` is set to `false` or omitted (if omitted, it defaults to `false`) – a scored list of Regions is returned. ``` "SpotPlacementScores": [ { "Region": "us-east-1", "Score": 7 }, { "Region": "us-west-1", "Score": 5 }, ... ``` Example output if `SingleAvailabilityZone` is set to `true` – a scored list of Availability Zones is returned. ``` "SpotPlacementScores": [ { "Region": "us-east-1", "AvailabilityZoneId": "use1-az1", "Score": 8 }, { "Region": "us-east-1", "AvailabilityZoneId": "usw2-az3", "Score": 6 }, ... ``` ### Example configurations When using the AWS CLI, you can use the following example configurations. **Topics** + [ #### Example: Specify instance types and target capacity ](#example-config-instance-type-override) + [ #### Example: Specify instance types, and target capacity in terms of memory ](#example-config-instance-type-memory-unit-override) + [ #### Example: Specify attributes for attribute-based instance type selection ](#example-config-attribute-based-instance-type-selection) + [ #### Example: Specify attributes for attribute-based instance type selection and return a scored list of Availability Zones ](#example-config-sps-singleAZ) #### Example: Specify instance types and target capacity The following example configuration specifies three different instance types and a target Spot capacity of 500 Spot Instances. ``` { "InstanceTypes": [ "m5.4xlarge", "r5.2xlarge", "m4.4xlarge" ], "TargetCapacity": 500 } ``` #### Example: Specify instance types, and target capacity in terms of memory The following example configuration specifies three different instance types and a target Spot capacity of 500,000 MiB of memory, where the number of Spot Instances to launch must provide a total of 500,000 MiB of memory. ``` { "InstanceTypes": [ "m5.4xlarge", "r5.2xlarge", "m4.4xlarge" ], "TargetCapacity": 500000, "TargetCapacityUnitType": "memory-mib" } ``` #### Example: Specify attributes for attribute-based instance type selection The following example configuration is configured for attribute-based instance type selection, and is followed by a text explanation of the example configuration. ``` { "TargetCapacity": 5000, "TargetCapacityUnitType": "vcpu", "InstanceRequirementsWithMetadata": { "ArchitectureTypes": ["arm64"], "VirtualizationTypes": ["hvm"], "InstanceRequirements": { "VCpuCount": { "Min": 1, "Max": 12 }, "MemoryMiB": { "Min": 512 } } } } ``` ****`InstanceRequirementsWithMetadata`**** To use attribute-based instance type selection, you must include the `InstanceRequirementsWithMetadata` structure in your configuration, and specify the desired attributes for the Spot Instances. In the preceding example, the following required instance attributes are specified: + `ArchitectureTypes` – The architecture type of the instance types must be `arm64`. + `VirtualizationTypes` – The virtualization type of the instance types must be `hvm`. + `VCpuCount` – The instance types must have a minimum of 1 and a maximum of 12 vCPUs. + `MemoryMiB` – The instance types must have a minimum of 512 MiB of memory. By omitting the `Max` parameter, you are indicating that there is no maximum limit. Note that there are several other optional attributes that you can specify. For the list of attributes, see [get-spot-placement-scores](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-spot-placement-scores.html). **`TargetCapacityUnitType`** The `TargetCapacityUnitType` parameter specifies the unit for the target capacity. In the example, the target capacity is `5000` and the target capacity unit type is `vcpu`, which together specify a desired target capacity of 5000 vCPUs, where the number of Spot Instances to launch must provide a total of 5000 vCPUs. #### Example: Specify attributes for attribute-based instance type selection and return a scored list of Availability Zones The following example configuration is configured for attribute-based instance type selection. By specifying `"SingleAvailabilityZone": true`, the response will return a list of scored Availability Zones. ``` { "TargetCapacity": 1000, "TargetCapacityUnitType": "vcpu", "SingleAvailabilityZone": true, "InstanceRequirementsWithMetadata": { "ArchitectureTypes": ["arm64"], "VirtualizationTypes": ["hvm"], "InstanceRequirements": { "VCpuCount": { "Min": 1, "Max": 12 }, "MemoryMiB": { "Min": 512 } } } } ``` # Track your Spot Instance costs using the Spot Instance data feed Spot Instance data feed To help you understand the charges for your Spot Instances, Amazon EC2 provides a data feed that describes your Spot Instance usage and pricing. This data feed is sent to an Amazon S3 bucket that you specify when you subscribe to the data feed. Data feed files arrive in your bucket typically once an hour. If you don't have a Spot Instance running during a certain hour, you don't receive a data feed file for that hour. Each hour of Spot Instance usage is typically covered in a single data file. These files are compressed (gzip) before they are delivered to your bucket. Amazon EC2 can write multiple files for a given hour of usage where files are large (for example, when file contents for the hour exceed 50 MB before compression). **Note** You can create only one Spot Instance data feed per AWS account. Spot Instance data feed is supported in all AWS Regions except China (Beijing), China (Ningxia), AWS GovCloud (US), and the [Regions that are disabled by default](using-regions-availability-zones.md#concepts-available-regions). **Topics** + [ ## Data feed file name and format ](#using-spot-instances-format) + [ ## Amazon S3 bucket requirements ](#using-spot-instances-dfs3) + [ ## Subscribe to your Spot Instance data feed ](#using-spot-instances-datafeed-all) + [ ## View the data in your data feed ](#using-spot-instances-datafeed-view-data) + [ ## Delete your Spot Instance data feed ](#using-spot-instances-datafeed-delete) ## Data feed file name and format The Spot Instance data feed file name uses the following format (with the date and hour in UTC): ``` bucket-name.s3.amazonaws.com/optional-prefix/aws-account-id.YYYY-MM-DD-HH.n.unique-id.gz ``` For example, if your bucket name is **amzn-s3-demo-bucket** and your prefix is **my-prefix**, your file names are similar to the following: ``` amzn-s3-demo-bucket.s3.amazonaws.com/my-prefix/111122223333.2023-12-09-07.001.b959dbc6.gz ``` For more information about bucket names, see [Bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) in the *Amazon S3 User Guide*. The Spot Instance data feed files are tab-delimited. Each line in the data file corresponds to one instance hour and contains the fields listed in the following table. | Field | Description | | --- | --- | | `Timestamp` | The timestamp used to determine the price charged for this instance usage. | | `UsageType` | The type of usage and instance type being charged for. For `m1.small` Spot Instances, this field is set to `SpotUsage`. For all other instance types, this field is set to `SpotUsage:`\$1*instance-type*\$1. For example, `SpotUsage:c1.medium`. | | `Operation` | The product being charged for. For Linux Spot Instances, this field is set to `RunInstances`. For Windows Spot Instances, this field is set to `RunInstances:0002`. Spot usage is grouped according to Availability Zone. | | `InstanceID` | The ID of the Spot Instance that generated this instance usage. | | `MyBidID` | The ID for the Spot Instance request that generated this instance usage. | | `MyMaxPrice` | The maximum price specified for this Spot request. | | `MarketPrice` | The Spot price at the time specified in the `Timestamp` field. | | `Charge` | The price charged for this instance usage. | | `Version` | The data feed version. The possible version is 1.0. | ## Amazon S3 bucket requirements When you subscribe to the data feed, you must specify an Amazon S3 bucket to store the data feed files. Before you choose an Amazon S3 bucket for the data feed, consider the following: + You must have `FULL_CONTROL` permission to the bucket. If you're the bucket owner, you have this permission by default. Otherwise, the bucket owner must grant your AWS account this permission. + When you subscribe to a data feed, these permissions are used to update the bucket ACL to give the AWS data feed account `FULL_CONTROL` permission. The AWS data feed account writes data feed files to the bucket. If your account doesn't have the required permissions, the data feed files cannot be written to the bucket. For more information, see [Logs sent to Amazon S3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3) in the *Amazon CloudWatch Logs User Guide*. If you update the ACL and remove the permissions for the AWS data feed account, the data feed files cannot be written to the bucket. You must resubscribe to the data feed to receive the data feed files. + Each data feed file has its own ACL (separate from the ACL for the bucket). The bucket owner has `FULL_CONTROL` permission to the data files. The AWS data feed account has read and write permissions. + If you delete your data feed subscription, Amazon EC2 doesn't remove the read and write permissions for the AWS data feed account on either the bucket or the data files. You must remove these permissions yourself. + If you encrypt your Amazon S3 bucket using server-side encryption with a AWS KMS key stored in AWS Key Management Service (SSE-KMS), you must use a customer managed key. For more information, see [Amazon S3 bucket server-side encryption](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-SSE-KMS-S3) in the *Amazon CloudWatch Logs User Guide*. ## Subscribe to your Spot Instance data feed You can subscribe to your Spot Instance data feed at any time. You can't complete this task using the Amazon EC2 console. If you get an error that the bucket does not have enough permissions, see the following article for troubleshooting information: [Troubleshoot the data feed for Spot Instances](https://repost.aws/knowledge-center/s3-data-feed-ec2-spot-instances). ------ #### [ AWS CLI ] **To subscribe to your data feed** Use the [create-spot-datafeed-subscription](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-spot-datafeed-subscription.html) command. To specify a bucket with a prefix, use the following example: ``` aws ec2 create-spot-datafeed-subscription \ --bucket amzn-s3-demo-bucket \ --prefix my-prefix ``` To specify a bucket without a prefix, use the following example: ``` aws ec2 create-spot-datafeed-subscription \ --bucket amzn-s3-demo-bucket ``` ------ #### [ PowerShell ] **To subscribe to your data feed** Use the [New-EC2SpotDatafeedSubscription](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2SpotDatafeedSubscription.html) cmdlet. To specify a bucket with a prefix, use the following example: ``` New-EC2SpotDatafeedSubscription ` -Bucket amzn-s3-demo-bucket ` -Prefix my-prefix ``` To specify a bucket without a prefix, use the following example: ``` New-EC2SpotDatafeedSubscription ` -Bucket amzn-s3-demo-bucket ``` ------ ## View the data in your data feed In the AWS Management Console, open AWS CloudShell. Use the following [s3 sync](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) command to get the .gz files from the S3 bucket for your data feed and store them in the folder that you specify. ``` aws s3 sync s3://amzn-s3-demo-bucket ./data-feed ``` To display the contents of a .gz file, change to the folder where you stored the contents of the S3 bucket. ``` cd data-feed ``` Use the **ls** command to view the names of the files. Use the **zcat** command with the name of the file to display the contents of the compressed file. The following is an example command. ``` zcat 111122223333.2023-12-09-07.001.b959dbc6.gz ``` The following is example output. ``` #Version: 1.0 #Fields: Timestamp UsageType Operation InstanceID MyBidID MyMaxPrice MarketPrice Charge Version 2023-12-09 07:13:47 UTC USE2-SpotUsage:c7a.medium RunInstances:SV050 i-0c3e0c0b046e050df sir-pwq6nmfp 0.0510000000 USD 0.0142000000 USD 0.0142000000 USD 1 ``` ## Delete your Spot Instance data feed When you are finished with the Spot Instance data feed, you can delete it. ------ #### [ AWS CLI ] **To delete your data feed** Use the [delete-spot-datafeed-subscription](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-spot-datafeed-subscription.html) command. ``` aws ec2 delete-spot-datafeed-subscription ``` ------ #### [ PowerShell ] **To delete your data feed** Use the [Remove-EC2SpotDatafeedSubscription](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2SpotDatafeedSubscription.html) cmdlet. ``` Remove-EC2SpotDatafeedSubscription ``` ------ # Service-linked role for Spot Instance requests Amazon EC2 uses service-linked roles for the permissions that it requires to call other AWS services on your behalf. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles provide a secure way to delegate permissions to AWS services because only the linked service can assume a service-linked role. For more information, see [Service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create-service-linked-role.html) in the *IAM User Guide*. Amazon EC2 uses the service-linked role named **AWSServiceRoleForEC2Spot** to launch and manage Spot Instances on your behalf. ## Permissions granted by AWSServiceRoleForEC2Spot Amazon EC2 uses **AWSServiceRoleForEC2Spot** to complete the following actions: + `ec2:DescribeInstances` – Describe Spot Instances + `ec2:StopInstances` – Stop Spot Instances + `ec2:StartInstances` – Start Spot Instances ## Create the service-linked role Under most circumstances, you don't need to manually create a service-linked role. Amazon EC2 creates the **AWSServiceRoleForEC2Spot** service-linked role the first time you request a Spot Instance using the console. If you had an active Spot Instance request before October 2017, when Amazon EC2 began supporting this service-linked role, Amazon EC2 created the **AWSServiceRoleForEC2Spot** role in your AWS account. For more information, see [A New Role Appeared in My Account](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_roles.html#troubleshoot_roles_new-role-appeared) in the *IAM User Guide*. If you use the AWS CLI or an API to request a Spot Instance, you must first ensure that this role exists. **To create **AWSServiceRoleForEC2Spot** using the console** 1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the navigation pane, choose **Roles**. 1. Choose **Create role**. 1. On the **Select type of trusted entity** page, choose **EC2**, **EC2 - Spot Instances**, **Next: Permissions**. 1. On the next page, choose **Next:Review**. 1. On the **Review** page, choose **Create role**. **To create **AWSServiceRoleForEC2Spot** using the AWS CLI** Use the [create-service-linked-role](https://docs.aws.amazon.com/cli/latest/reference/iam/create-service-linked-role.html) command as follows. ``` aws iam create-service-linked-role --aws-service-name spot.amazonaws.com ``` If you no longer need to use Spot Instances, we recommend that you delete the **AWSServiceRoleForEC2Spot** role. After this role is deleted from your account, Amazon EC2 will create the role again if you request Spot Instances. ## Grant access to customer managed keys for use with encrypted AMIs and EBS snapshots If you specify an [encrypted AMI](AMIEncryption.md) or an encrypted Amazon EBS snapshot for your Spot Instances and you use a customer managed key for encryption, you must grant the **AWSServiceRoleForEC2Spot** role permission to use the customer managed key so that Amazon EC2 can launch Spot Instances on your behalf. To do this, you must add a grant to the customer managed key, as shown in the following procedure. When providing permissions, grants are an alternative to key policies. For more information, see [Using Grants](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) and [Using Key Policies in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) in the *AWS Key Management Service Developer Guide*. **To grant the **AWSServiceRoleForEC2Spot** role permissions to use the customer managed key** + Use the [create-grant](https://docs.aws.amazon.com/cli/latest/reference/kms/create-grant.html) command to add a grant to the customer managed key and to specify the principal (the **AWSServiceRoleForEC2Spot** service-linked role) that is given permission to perform the operations that the grant permits. The customer managed key is specified by the `key-id` parameter and the ARN of the customer managed key. The principal is specified by the `grantee-principal` parameter and the ARN of the **AWSServiceRoleForEC2Spot** service-linked role. ``` aws kms create-grant \ --region us-east-1 \ --key-id arn:aws:kms:us-east-1:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab \ --grantee-principal arn:aws:iam::111122223333:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot \ --operations "Decrypt" "Encrypt" "GenerateDataKey" "GenerateDataKeyWithoutPlaintext" "CreateGrant" "DescribeKey" "ReEncryptFrom" "ReEncryptTo" ``` # Spot Instance quotas There are quotas for the number of running Spot Instances and pending Spot Instance requests per AWS account per Region. After a pending Spot Instance request is fulfilled, the request no longer counts towards the quota because the running instance is counted towards the quota. Spot Instance quotas are managed in terms of the *number of virtual central processing units (vCPUs)* that your running Spot Instances are either using or will use pending the fulfillment of open Spot Instance requests. If you terminate your Spot Instances but do not cancel the Spot Instance requests, the requests count against your Spot Instance vCPU quota until Amazon EC2 detects the Spot Instance terminations and closes the requests. We provide the following quota types for Spot Instances. | Name | Default | Adjustable | | --- | --- | --- | | All DL Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-85EED4F7) | | All F Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-88CF9481) | | All G and VT Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-3819A6DF) | | All Inf Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-B5D1601B) | | All P Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-7212CCBC) | | All Standard (A, C, D, H, I, M, R, T, Z) Spot Instance Requests | 5 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-34B43A08) | | All Trn Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-6B0D517C) | | All X Spot Instance Requests | 0 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-E3A00192) | Even though Amazon EC2 automatically adjusts your Spot Instance quotas based on your usage, you can request a quota increase if necessary. For example, if you intend to launch more Spot Instances than your current quota allows, you can request a quota increase. You can also request a quota increase if you submit a Spot Instance request and you receive the error `Max spot instance count exceeded`. To request a quota increase, use the Service Quotas console described in [Amazon EC2 service quotas](ec2-resource-limits.md). You can launch any combination of instance types that meet your changing application needs. For example, with an All Standard Spot Instance Requests quota of 256 vCPUs, you could request 32 `m5.2xlarge` Spot Instances (32 x 8 vCPUs) or 16 `c5.4xlarge` Spot Instances (16 x 16 vCPUs). With Amazon CloudWatch metrics integration, you can monitor EC2 usage against your quotas. You can also configure alarms to warn about approaching quotas. For more information, see [Service Quotas and Amazon CloudWatch alarms](https://docs.aws.amazon.com/servicequotas/latest/userguide/configure-cloudwatch.html) in the *Service Quotas User Guide*. # Amazon EC2 Dedicated Hosts Dedicated Hosts An Amazon EC2 Dedicated Host is a physical server that is fully dedicated for your use. You can optionally choose to share the instance capacity with other AWS accounts. For more information, see [Cross-account Amazon EC2 Dedicated Host sharing](dh-sharing.md). Dedicated Hosts provide visibility and control over instance placement and they support host affinity. This means that you can launch and run instances on specific hosts, and you can ensure that instances run only on specific hosts. For more information, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). Dedicated Hosts provide comprehensive Bring Your Own License (BYOL) support. They allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, SQL Server, SUSE Linux Enterprise Server, Red Hat Enterprise Linux, or other software licenses that are bound to VMs, sockets, or physical cores, subject to your license terms. If you require your instances to run on dedicated hardware, but you do not need visibility or control over instance placement, and you do not need to use per-socket or per-core software licenses, you can consider using Dedicated Instances instead. Dedicated Instances and Dedicated Hosts can both be used to launch Amazon EC2 instances onto dedicated physical servers. There are no performance, security, or physical differences between Dedicated Instances and instances on Dedicated Hosts. However, there are some key differences between them. The following table highlights some of the key differences between Dedicated Instances and Dedicated Hosts: | | Dedicated Host | Dedicated Instance | | --- | --- | --- | | Dedicated physical server | Physical server with instance capacity fully dedicated to your use. | Physical server that's dedicated to a single customer account. | | Instance capacity sharing | Can share instance capacity with other accounts. | Not supported | | Billing | Per-host billing | Per-instance billing | | Visibility of sockets, cores, and host ID | Provides visibility of the number of sockets and physical cores | No visibility | | Host and instance affinity | Allows you to consistently deploy your instances to the same physical server over time | Not supported | | Targeted instance placement | Provides additional visibility and control over how instances are placed on a physical server | Not supported | | Automatic instance recovery | Supported. For more information, see [Amazon EC2 Dedicated Host recovery](dedicated-hosts-recovery.md). | Supported | | Bring Your Own License (BYOL) | Supported | Partial support \$1 | | Capacity Reservations | Not supported | Supported | \$1 Microsoft SQL Server with License Mobility through Software Assurance, and Windows Virtual Desktop Access (VDA) licenses can be used with Dedicated Instance. For more information about Dedicated Instances, see [Amazon EC2 Dedicated Instances](dedicated-instance.md). ## Dedicated Hosts restrictions Before you allocate Dedicated Hosts, take note of the following limitations and restrictions: + To run RHEL and SUSE Linux on Dedicated Hosts, you must bring your own AMIs. You can't use the RHEL and SUSE Linux AMIs that are offered by AWS or that are available on AWS Marketplace with Dedicated Hosts. For more information about how to create your own AMI, see [Bring your own software licenses to Amazon EC2 Dedicated Hosts](dedicated-hosts-BYOL.md). This restriction does not apply to hosts allocated for high memory instances (`u-6tb1.metal`, `u-9tb1.metal`, `u-12tb1.metal`, `u-18tb1.metal`, and `u-24tb1.metal`). RHEL and SUSE Linux AMIs that are offered by AWS or that are available on AWS Marketplace can be used with these hosts. + There is a limit on the number of running Dedicated Hosts per instance family per AWS account per Region. Quotas apply to running instances only. If your instance is pending, stopping, or stopped, it does not count towards your quota. To view the quotas for your account, or to request a quota increase, use the [ Service Quotas console](https://console.aws.amazon.com/servicequotas/home/services/ec2/quotas). + Auto Scaling groups are supported when using a launch template that specifies a host resource group. For more information, see [Create a launch template using advanced settings](https://docs.aws.amazon.com/autoscaling/ec2/userguide/advanced-settings-for-your-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*. + Amazon RDS instances are not supported. + The AWS Free Usage tier is not available for Dedicated Hosts. + Instance placement control refers to managing instance launches onto Dedicated Hosts. You can't launch Dedicated Hosts into placement groups. + If you allocate a host for a virtualized instance type, you can't modify the instance type to a `.metal` instance type after the host is allocated. For example, if you allocate a host for the `m5.large` instance type, you can't modify the instance type to `m5.metal`. Similarly, if you allocate a host for a `.metal` instance type, you can't modify the instance type to a virtualized instance type after the host is allocated. For example, if you allocate a host for the `m5.metal` instance type, you can't modify the instance type to `m5.large`. **Topics** + [ ## Dedicated Hosts restrictions ](#dedicated-hosts-limitations) + [Pricing and billing](dedicated-hosts-billing.md) + [Instance capacity configurations](dedicated-hosts-limits.md) + [Burstable instances on Dedicated Hosts](burstable-t3.md) + [Bring your own licenses](dedicated-hosts-BYOL.md) + [Auto-placement and affinity](dedicated-hosts-understanding.md) + [Allocate a Dedicated Host](dedicated-hosts-allocating.md) + [Launch instances on a Dedicated Host](launching-dedicated-hosts-instances.md) + [Launch instances into a host resource group](launching-hrg-instances.md) + [Modify Dedicated Host auto-placement](modify-host-auto-placement.md) + [Modify supported instance types](modify-host-support.md) + [Modify tenancy and affinity for an instance](moving-instances-dedicated-hosts.md) + [Release Dedicated Host](dedicated-hosts-releasing.md) + [ # Migrate to Nitro-based Amazon EC2 Dedicated Hosts ](dh-migrate.md) + [Purchase a Dedicated Host Reservation](#purchasing-dedicated-host-reservations) + [Cross-account sharing](dh-sharing.md) + [Dedicated Hosts on Outposts](dh-outposts.md) + [Host recovery](dedicated-hosts-recovery.md) + [Host maintenance](dedicated-hosts-maintenance.md) + [Monitor Dedicated Hosts](dedicated-hosts-monitoring.md) + [Track configuration changes](dedicated-hosts-aws-config.md) # Amazon EC2 Dedicated Host pricing and billing Pricing and billing The price for a Dedicated Host varies by payment option. **Topics** + [ ## On-Demand Dedicated Hosts ](#on-demand-dedicated-hosts) + [ ## Dedicated Host Reservations ](#dedicated-host-reservations) + [ ## Savings Plans ](#dedicated-hosts-savings-plans) + [ ## Pricing for Windows Server on Dedicated Hosts ](#dh-win-billing) ## On-Demand Dedicated Hosts On-Demand billing is automatically activated when you allocate a Dedicated Host to your account. The On-Demand price for a Dedicated Host varies by instance family and Region. You pay per second (with a minimum of 60 seconds) for active Dedicated Host, regardless of the quantity or the size of instances that you choose to launch on it. For more information about On-Demand pricing, see [Amazon EC2 Dedicated Hosts On-Demand Pricing](https://aws.amazon.com/ec2/dedicated-hosts/pricing/#on-demand). You can release an On-Demand Dedicated Host at any time to stop accruing charges for it. For information about releasing a Dedicated Host, see [Release an Amazon EC2 Dedicated Host](dedicated-hosts-releasing.md). ## Dedicated Host Reservations Dedicated Host Reservations provide a billing discount compared to running On-Demand Dedicated Hosts. Reservations are available in three payment options: + **No Upfront**—No Upfront Reservations provide you with a discount on your Dedicated Host usage over a term and do not require an upfront payment. Available in one-year and three-year terms. Only some instance families support the three-year term for No Upfront Reservations. + **Partial Upfront**—A portion of the reservation must be paid upfront and the remaining hours in the term are billed at a discounted rate. Available in one-year and three-year terms. + **All Upfront**—Provides the lowest effective price. Available in one-year and three-year terms and covers the entire cost of the term upfront, with no additional future charges. You must have active Dedicated Hosts in your account before you can purchase reservations. Each reservation can cover one or more hosts that support the same instance family in a single Availability Zone. Reservations are applied to the instance family on the host, not the instance size. If you have three Dedicated Hosts with different instances sizes (`m4.xlarge`, `m4.medium`, and `m4.large`) you can associate a single `m4` reservation with all those Dedicated Hosts. The instance family and Availability Zone of the reservation must match that of the Dedicated Hosts you want to associate it with. When a reservation is associated with a Dedicated Host, the Dedicated Host can't be released until the reservation's term is over. For more information about reservation pricing, see [Amazon EC2 Dedicated Hosts Pricing](https://aws.amazon.com/ec2/dedicated-hosts/pricing/#reservations). ## Savings Plans Savings Plans are a flexible pricing model that offers significant savings over On-Demand Instances. With Savings Plans, you make a commitment to a consistent amount of usage, in USD per hour, for a term of one or three years. This provides you with the flexibility to use the Dedicated Hosts that best meet your needs and continue to save money, instead of making a commitment to a specific Dedicated Host. For more information, see the [AWS Savings Plans User Guide](https://docs.aws.amazon.com/savingsplans/latest/userguide/). **Note** Savings Plans are not supported with `u-6tb1.metal`, `u-9tb1.metal`, `u-12tb1.metal`, `u-18tb1.metal`, and `u-24tb1.metal` Dedicated Hosts. ## Pricing for Windows Server on Dedicated Hosts Subject to Microsoft licensing terms, you can bring your existing Windows Server and SQL Server licenses to Dedicated Hosts. There is no additional charge for software usage if you choose to bring your own licenses. In addition, you can also use Windows Server AMIs provided by Amazon to run the latest versions of Windows Server on Dedicated Hosts. This is common for scenarios where you have existing SQL Server licenses eligible to run on Dedicated Hosts, but need Windows Server to run the SQL Server workload. Windows Server AMIs provided by Amazon are supported on current generation instance types only. For more information, see [Amazon EC2 Dedicated Hosts Pricing](https://aws.amazon.com/ec2/dedicated-hosts/pricing/#windows-dh). # Amazon EC2 Dedicated Host instance capacity configurations Instance capacity configurations Dedicated Hosts support different configurations (physical cores, sockets, and VCPUs) that allow you to run instances of different families and sizes. When you allocate a Dedicated Host in your account, you can choose a configuration that supports either a **single instance type**, or ** multiple instance types** within the same instance family. The number of instances that you can run on a host depends on the configuration you choose. **Topics** + [ ## Single instance type support ](#dh-single) + [ ## Multiple instance type support ](#dh-multiple) ## Single instance type support You can allocate a Dedicated Host that supports only one instance type. With this configuration, every instance that you launch on the Dedicated Host must be of the same instance type, which you specify when you allocate the host. For example, you can allocate a host that supports only the `m5.4xlarge` instance type. In this case, you can run only `m5.4xlarge` instances on that host. The number of instances that you can launch onto the host depends on the number of physical cores provided by the host, and the number of cores consumed by the specified instance type. For example, if you allocate a host for `m5.4xlarge` instances, the host provides 48 physical cores, and each `m5.4xlarge` instance consumes 8 physical cores. This means that you can launch up to 6 instances on that host (*48 physical cores / 8 cores per instance = 6 instances*). ## Multiple instance type support You can allocate a Dedicated Host that supports multiple instance types within the same instance family. This allows you to run different instance types on the same host, as long as they're in the same instance family and the host has sufficient instance capacity. For example, you can allocate a host that supports different instance types within the `R5` instance family. In this case, you can launch certain combinations of `R5` instance types, such as `r5.large`, `r5.xlarge`, `r5.2xlarge`, and `r5.4xlarge`, on that host, within the host's physical core capacity. The following instance families support Dedicated Hosts with multiple instance type support: + **General purpose:** A1 \$1 M5 \$1 M5n \$1 M6i \$1 M7i \$1 T3 + **Compute optimized:** C5 \$1 C5n \$1 C6i \$1 C7i + **Memory optimized:** R5 \$1 R5n \$1 R6i \$1 R7i The number of instances you can run on the host depends on the number of physical cores provided by the host, and the number of cores consumed by each instance type that you run on the host. For example, if you allocate an `R5` host, which provides 48 physical cores, and you run two `r5.2xlarge` instances (*4 cores x 2 instances*) and three `r5.4xlarge` instances (*8 cores x 3 instances*), those instances consume a total of 32 cores, and you might be able to run certain combinations of `R5` instances as long as they are within the remaining 16 cores. However, for each instance family, there is a limit on the number of instances that can be run for each instance type. For example, an `R5` Dedicated Host supports a maximum of 2 `r5.8xlarge` instances, which uses 32 of the physical cores. In this case, additional `R5` instances of smaller types can then be used to fill the host to core capacity. For the supported number of instance types for each instance family, see the [Dedicated Hosts Configuration Table](https://aws.amazon.com/ec2/dedicated-hosts/pricing/#host-configuration). The following table shows example instance type combinations: | Instance family | Example instance type combinations | | --- | --- | | R5 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-limits.html) | | C5 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-limits.html) | | M5 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-limits.html) | **Considerations** Keep the following in mind when working with Dedicated Hosts that support multiple instance types: + Using multiple instance types on the same host is possible only within the same instance family. + When mixing instance types, to maximize host utilization, we recommend launching larger instance types first followed by smaller instance types. + Depending on the combination and launch order of the instance types on a Dedicated Host, it may not be physically possible to maximize the utilization of the host. When mixing instance types on a host, some capacity might be available on the host but not usable. For example, you might see 16 vCPUs available on an r5n host but may not be able to launch a 4xlarge instance on the host even though r5n.4xlarge runs on 16 vCPUs. **Note** If you enable an A1 Dedicated Host for multiple instance types, you can launch only a mix of `a1.xlarge` and `a1.2xlarge` instances on that host. If you launch an `a1.medium` or `a1.large` instance on that host, you will be restricted to launching only more of that same instance type on the host. A single `a1.4xlarge` instance consumes all capacity on the host. If you require a host for either `a1.medium` or `a1.large` instances, we recommend that you allocate separate hosts for those instance types. # Burstable T3 instances on Amazon EC2 Dedicated Hosts Burstable instances on Dedicated Hosts Dedicated Hosts support burstable performance T3 instances. T3 instances provide a cost-efficient way of using your eligible BYOL license software on dedicated hardware. The smaller vCPU footprint of T3 instances enables you to consolidate your workloads on fewer hosts and maximize your per-core license utilization. T3 Dedicated Hosts are best suited for running BYOL software with low to moderate CPU utilization. This includes eligible per-socket, per-core, or per-VM software licenses, such as Windows Server, Windows Desktop, SQL Server, SUSE Enterprise Linux Server, Red Hat Enterprise Linux, and Oracle Database. Examples of workloads suited for T3 Dedicated Hosts are small and medium databases, virtual desktops, development and test environments, code repositories, and product prototypes. T3 Dedicated Hosts are not recommended for workloads with sustained high CPU utilization or for workloads that experience correlated CPU bursts simultaneously. T3 instances on Dedicated Hosts use the same credit model as T3 instances on shared tenancy hardware. However, they support the `standard` credit mode only; they do not support the `unlimited` credit mode. In `standard` mode, T3 instances on Dedicated Hosts *earn*, *spend*, and *accrue* credits in the same way as burstable instances on shared tenancy hardware. They provide a baseline CPU performance with the ability to burst above the baseline level. To burst above the baseline, the instance spends credits that it has accrued in its CPU credit balance. When the accrued credits are depleted, CPU utilization is lowered to the baseline level. For more information about `standard` mode, see [How standard burstable performance instances work](burstable-performance-instances-standard-mode-concepts.md#how-burstable-performance-instances-standard-works). T3 Dedicated Hosts support all of the features offered by Amazon EC2 Dedicated Hosts, including multiple instance sizes on a single host, Host resource groups, and BYOL. **Supported T3 instance sizes and configurations** T3 Dedicated Hosts run general purpose burstable T3 instances that share CPU resources of the host by providing a baseline CPU performance and the ability to burst to a higher level when needed. This enables T3 Dedicated Hosts, which have 48 cores, to support up to a maximum of 192 instances per host. In order to efficiently utilize the host’s resources and to provide the best instance performance, the Amazon EC2 instance placement algorithm automatically calculates the supported number of instances and instance size combinations that can be launched on the host. T3 Dedicated Hosts support multiple instance types on the same host. All T3 instance sizes are supported on Dedicated Hosts. You can run different combinations of T3 instances up to the CPU limit of the host. The following table lists the supported instance types, summarizes the performance of each instance type, and indicates the maximum number of instances of each size that can be launched. | Instance type | vCPUs | Memory (GiB) | Baseline CPU utilization per vCPU | Network burst bandwidth (Gbps) | Amazon EBS burst bandwidth (Mbps) | Max number of instances per Dedicated Host | | --- | --- | --- | --- | --- | --- | --- | | t3.nano | 2 | 0.5 | 5% | 5 | Up to 2,085 | 192 | | t3.micro | 2 | 1 | 10% | 5 | Up to 2,085 | 192 | | t3.small | 2 | 2 | 20% | 5 | Up to 2,085 | 192 | | t3.medium | 2 | 4 | 20% | 5 | Up to 2,085 | 192 | | t3.large | 2 | 8 | 30% | 5 | 2,780 | 96 | | t3.xlarge | 4 | 16 | 40% | 5 | 2,780 | 48 | | t3.2xlarge | 8 | 32 | 40% | 5 | 2,780 | 24 | **Monitor CPU utilization for T3 Dedicated Hosts** You can use the `DedicatedHostCPUUtilization` Amazon CloudWatch metric to monitor the vCPU utilization of a Dedicated Host. The metric is available in the `EC2` namespace and `Per-Host-Metrics` dimension. For more information, see [Dedicated Host metrics](viewing_metrics_with_cloudwatch.md#dh-metrics). # Bring your own software licenses to Amazon EC2 Dedicated Hosts Bring your own licenses Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses. When you bring your own license, you are responsible for managing your own licenses. However, Amazon EC2 has features that help you maintain license compliance, such as instance affinity and targeted placement. These are the general steps to follow in order to bring your own volume licensed machine image into Amazon EC2. 1. Verify that the license terms controlling the use of your machine images allow usage in a virtualized cloud environment. For more information about Microsoft Licensing, see [Amazon Web Services and Microsoft Licensing](https://aws.amazon.com/windows/faq/#licensing). 1. After you have verified that your machine image can be used within Amazon EC2, import it using VM Import/Export. For information about how to import your machine image, see the [VM Import/Export User Guide](https://docs.aws.amazon.com/vm-import/latest/userguide/). 1. After you import your machine image, you can launch instances from it onto active Dedicated Hosts in your account. 1. When you run these instances, depending on the operating system, you might be required to activate these instances against your own KMS server (for example, Windows Server or Windows SQL Server). You can't activate your imported Windows AMI against the Amazon Windows KMS server. **Note** To track how your images are used in AWS, enable host recording in AWS Config. You can use AWS Config to record configuration changes to a Dedicated Host and use the output as a data source for license reporting. For more information, see [Track Amazon EC2 Dedicated Host configuration changes using AWS Config](dedicated-hosts-aws-config.md). # Amazon EC2 Dedicated Host auto-placement and host affinity Auto-placement and affinity Placement control for Dedicated Hosts happens on both the instance level and host level. ## Auto-placement Auto-placement is configured at the host level. It allows you to manage whether instances that you launch are launched onto a specific host, or onto any available host that has matching configurations. When auto-placement is **disabled** for a Dedicated Host, it accepts only host tenancy instance launches that specify its unique host ID. This is the default setting for new Dedicated Hosts. When auto-placement is **enabled** for a Dedicated Host, it accepts any untargeted, host tenancy instance launches that match its instance type configuration. When launching an instance, you need to configure its tenancy. Launching an instance onto a Dedicated Host without providing a specific `HostId` enables it to launch on any Dedicated Host that has auto-placement *enabled* and that matches its instance type. ## Host affinity Host affinity is configured at the instance level. It establishes a launch relationship between an instance and a Dedicated Host. When affinity is set to `Host`, an instance launched onto a specific host always restarts on the same host if stopped. This applies to both targeted and untargeted launches. When affinity is set to `Default`, and you stop and restart the instance, it can be restarted on any available host. However, it tries to launch back onto the last Dedicated Host on which it ran (on a best-effort basis). # Allocate an Amazon EC2 Dedicated Host for use in your account Allocate a Dedicated Host To begin using a Dedicated Host, you must first allocate it in your account. After you allocate the Dedicated Host, the Dedicated Host capacity is made available in your account immediately and you can start launching instances onto the Dedicated Host. When you allocate a Dedicated Host in your account, you can choose a configuration that supports either a **single instance type**, or ** multiple instance types** within the same instance family. The number of instances that you can run on the host depends on the configuration you choose. For more information see [Amazon EC2 Dedicated Host instance capacity configurations](dedicated-hosts-limits.md). ------ #### [ Console ] **To allocate a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts** and then choose **Allocate Dedicated Host**. 1. For **Instance family**, choose the instance family for the Dedicated Host. 1. Specify whether the Dedicated Host supports multiple instance sizes within the selected instance family, or a specific instance type only. Do one of the following. + To configure the Dedicated Host to support multiple instance types in the selected instance family, for **Support multiple instance types**, choose **Enable**. Enabling this allows you to launch different instance sizes from the same instance family onto the Dedicated Host. For example, if you choose the `m5` instance family and choose this option, you can launch `m5.xlarge` and `m5.4xlarge` instances onto the Dedicated Host. + To configure the Dedicated Host to support a single instance type within the selected instance family, clear **Support multiple instance types**, and then for **Instance type**, choose the instance type to support. This allows you to launch a single instance type on the Dedicated Host. For example, if you choose this option and specify `m5.4xlarge` as the supported instance type, you can launch only `m5.4xlarge` instances onto the Dedicated Host. 1. For **Availability Zone**, choose the Availability Zone in which to allocate the Dedicated Host. 1. To allow the Dedicated Host to accept untargeted instance launches that match its instance type, for **Instance auto-placement**, choose **Enable**. For more information about auto-placement, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). 1. To enable host recovery for the Dedicated Host, for **Host recovery**, choose **Enable**. For more information, see [Amazon EC2 Dedicated Host recovery](dedicated-hosts-recovery.md). 1. For **Quantity**, enter the number of Dedicated Hosts to allocate. 1. (Optional) Choose **Add new tag** and enter a tag key and a tag value. 1. Choose **Allocate**. ------ #### [ AWS CLI ] **To allocate a Dedicated Host** Use the [allocate-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/allocate-hosts.html) command. The following example allocates a Dedicated Host that supports multiple instance types from the `m5` instance family in the `us-east-1a` Availability Zone. It also enables host recovery and disables auto-placement. ``` aws ec2 allocate-hosts \ --instance-family "m5" \ --availability-zone "us-east-1a" \ --auto-placement "off" \ --host-recovery "on" \ --quantity 1 ``` The following example allocates a Dedicated Host that supports *untargeted* instance launches in the specified Availability Zone, enables host recovery, and enables auto-placement. ``` aws ec2 allocate-hosts \ --instance-type "m5.large" \ --availability-zone "eu-west-1a" \ --auto-placement "on" \ --host-recovery "on" \ --quantity 1 ``` ------ #### [ PowerShell ] **To allocate a Dedicated Host** Use the [New-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Host.html) cmdlet. The following example allocates a Dedicated Host that supports multiple instance types from the `m5` instance family in the `us-east-1a` Availability Zone. The host also has host recovery enabled and auto-placement disabled. ``` New-EC2Host ` -InstanceFamily m5 ` -AvailabilityZone us-east-1a ` -AutoPlacement Off ` -HostRecovery On ` -Quantity 1 ``` The following example allocates a Dedicated Host that supports *untargeted* instance launches in the specified Availability Zone and enables host recovery. ``` New-EC2Host ` -InstanceType m5.large ` -AvailabilityZone eu-west-1a ` -AutoPlacement On ` -HostRecovery On ` -Quantity 1 ``` ------ # Launch Amazon EC2 instances on an Amazon EC2 Dedicated Host Launch instances on a Dedicated Host After you have allocated a Dedicated Host, you can launch instances onto it. You can't launch instances with `host` tenancy if you do not have active Dedicated Hosts with enough available capacity for the instance type that you are launching. **Considerations** + SQL Server, SUSE, and RHEL AMIs provided by Amazon EC2 can't be used with Dedicated Hosts. + For Dedicated Hosts that support multiple instance sizes, we recommend that you launch the larger instance sizes first, and then fill the remaining instance capacity with the smaller instance sizes as needed. + Before you launch your instances, take note of the limitations. For more information, see [Dedicated Hosts restrictions](dedicated-hosts-overview.md#dedicated-hosts-limitations). ------ #### [ Console ] **To launch an instance onto a specific Dedicated Host from the Dedicated Hosts page** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Dedicated Hosts** in the navigation pane. 1. On the **Dedicated Hosts** page, select a host and choose **Actions**, **Launch Instance(s) onto host**. 1. In the **Application and OS Images** section, select an AMI from the list. 1. In the **Instance type** section, select the instance type to launch. **Note** If the Dedicated Host supports a single instance type only, the supported instance type is selected by default and can't be changed. If the Dedicated Host supports multiple instance types, you must select an instance type within the supported instance family based on the available instance capacity of the Dedicated Host. We recommend that you launch the larger instance sizes first, and then fill the remaining instance capacity with the smaller instance sizes as needed. 1. In the **Key pair** section, select the key pair to associate with the instance. 1. In the **Advanced details** section, for **Tenancy affinity**, choose one of the following: + **Off** — Host affinity disabled. The instance launches onto the specified host, but it is not guaranteed to restart on the same Dedicated Host if stopped. + A Dedicated Host ID — Host affinity enabled. If stopped, the instance always restarts on this specified host if it has capacity. If the host does not have capacity, the instance can't be restarted; you must establish affinity with a different host. For more information about Affinity, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). **Note** The **Tenancy** and **Host** options are pre-configured based on the host that you selected. 1. Configure the remaining instance options as needed. For more information, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). 1. Choose **Launch instance**. **To launch an instance onto a Dedicated Host using the Launch Instance wizard** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**, **Launch instance**. 1. In the **Application and OS Images** section, select an AMI from the list. 1. In the **Instance type** section, select the instance type to launch. 1. In the **Key pair** section, select the key pair to associate with the instance. 1. In the **Advanced details** section, do the following: 1. For **Tenancy**, select **Dedicated Host**. 1. For **Target host by**, select **Host ID**. 1. For **Target host ID**, select the host onto which to launch the instance. 1. For **Tenancy affinity**, choose one of the following: + **Off** — Host affinity disabled. The instance launches onto the specified host, but it is not guaranteed to restart on the same Dedicated Host if stopped. + A Dedicated Host ID — Host affinity enabled. If stopped, the instance always restarts on this specified host if it has capacity. If the host does not have capacity, the instance can't be restarted; you must establish affinity with a different host. For more information about Affinity, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). 1. Configure the remaining instance options as needed. For more information, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). 1. Choose **Launch instance**. ------ #### [ AWS CLI ] **To launch an instance onto a Dedicated Host** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command and specify the instance affinity, tenancy, and host in the `--placement` option. To launch onto a specific Dedicated Host with host affinity (instance always restarts on the same host if stopped): ``` --placement Affinity=host,Tenancy=host,HostId=h-07879acf49EXAMPLE ``` To launch onto a specific Dedicated Host without host affinity (instance can restart on any available host): ``` --placement Tenancy=host,HostId=h-07879acf49EXAMPLE ``` To launch onto any available Dedicated Host with auto-placement enabled and matching instance type: ``` --placement Tenancy=host ``` ------ #### [ PowerShell ] **To launch an instance onto a Dedicated Host** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet and specify the instance affinity, tenancy, and host in the `-Placement` parameter. To launch onto a specific Dedicated Host with host affinity (instance always restarts on the same host if stopped): ``` -Placement_Affinity host ` -Placement_Tenancy host ` -Placement_HostId h-07879acf49EXAMPLE ``` To launch onto a specific Dedicated Host without host affinity (instance can restart on any available host): ``` -Placement_Tenancy host ` -Placement_HostId h-07879acf49EXAMPLE ``` To launch onto any available Dedicated Host with auto-placement enabled and matching instance type: ``` -Placement_Tenancy host ``` ------ # Launch Amazon EC2 instances into a host resource group Launch instances into a host resource group Dedicated Hosts are also integrated with AWS License Manager. With License Manager, you can create a host resource group, which is a collection of Dedicated Hosts that are managed as a single entity. When creating a host resource group, you specify the host management preferences, such as auto-allocate and auto-release, for the Dedicated Hosts. This allows you to launch instances onto Dedicated Hosts without manually allocating and managing those hosts. For more information, see [ Host Resource Groups](https://docs.aws.amazon.com/license-manager/latest/userguide/host-resource-groups.html) in the *AWS License Manager User Guide*. When you launch an instance into a host resource group that has a Dedicated Host with available instance capacity, Amazon EC2 launches the instance onto that host. If the host resource group does not have a host with available instance capacity, Amazon EC2 automatically allocates a new host in the host resource group, and then launches the instance onto that host. For more information, see [ Host Resource Groups](https://docs.aws.amazon.com/license-manager/latest/userguide/host-resource-groups.html) in the *AWS License Manager User Guide*. **Requirements and limits** + You must associate a core- or socket-based license configuration with the AMI. + You can't use SQL Server, SUSE, or RHEL AMIs provided by Amazon EC2 with Dedicated Hosts. + You can't target a specific host by choosing a host ID, and you can't enable instance affinity when launching an instance into a host resource group. ------ #### [ Console ] **To launch an instance into a host resource group** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**, **Launch instance**. 1. In the **Application and OS Images** section, select an AMI from the list. 1. In the **Instance type** section, select the instance type to launch. 1. In the **Key pair** section, select the key pair to associate with the instance. 1. In the **Advanced details** section, do the following: 1. For **Tenancy**, select **Dedicated Host**. 1. For **Target host by**, select **Host resource group**. 1. For **Tenancy host resource group**, select the host resource group into which to launch the instance. 1. For **Tenancy affinity**, do one of the following: + Select **Off** — The instance launches onto the specified host, but it is not guaranteed to restart on the same Dedicated Host if stopped. + Select the Dedicated Host ID — If stopped, the instance always restarts on this specific host. For more information about Affinity, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). 1. Configure the remaining instance options as needed. For more information, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). 1. Choose **Launch instance**. ------ #### [ AWS CLI ] **To launch an instance into a host resource group** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command. In the `--placement` option, omit the tenancy and specify the ARN of the host resource group. ``` --placement HostResourceGroupArn=arn:aws:resource-groups:us-east-2:123456789012:group/my-resource-group ``` ------ #### [ PowerShell ] **To launch an instance into a host resource group** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet. In the `-Placement` parameter, omit the tenancy and specify the ARN of the host resource group. ``` -Placement_HostResourceGroupArn arn:aws:resource-groups:us-east-2:123456789012:group/my-resource-group ``` ------ # Modify the auto-placement setting for an existing Amazon EC2 Dedicated Host Modify Dedicated Host auto-placement You can modify the auto-placement settings of a Dedicated Host after you have allocated it to your AWS account. ------ #### [ Console ] **To modify the auto-placement of a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Select a host and choose **Actions**, **Modify host**. 1. For **Instance auto-placement**, choose **Enable** to enable auto-placement, or clear **Enable** to disable auto-placement. For more information, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). 1. Choose **Save**. ------ #### [ AWS CLI ] **To modify the auto-placement of a Dedicated Host** Use the [modify-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-hosts.html) command. ``` aws ec2 modify-hosts \ --auto-placement on \ --host-ids h-012a3456b7890cdef ``` ------ #### [ PowerShell ] **To modify the auto-placement of a Dedicated Host** Use the [Edit-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2Host.html) cmdlet. ``` Edit-EC2Host ` -AutoPlacement 1 ` -HostId h-012a3456b7890cdef ``` ------ # Modify supported instance types for an existing Amazon EC2 Dedicated Host Modify supported instance types You can modify a Dedicated Host to change the instance types that it supports. If it currently supports a single instance type, you can modify it to support multiple instance types within that instance family. Similarly, if it currently supports multiple instance types, you can modify it to support a specific instance type only. To modify a Dedicated Host to support multiple instance types, you must first stop all running instances on the host. The modification takes approximately 10 minutes to complete. The Dedicated Host transitions to the `pending` state while the modification is in progress. You can't start stopped instances or launch new instances on the Dedicated Host while it is in the `pending` state. To modify a Dedicated Host that supports multiple instance types to support only a single instance type, the host must either have no running instances, or the running instances must be of the instance type that you want the host to support. For example, to modify a host that supports multiple instance types in the `m5` instance family to support only `m5.large` instances, the Dedicated Host must either have no running instances, or it must have only `m5.large` instances running on it. If you allocate a host for a virtualized instance type, you can't modify the instance type to a `.metal` instance type after the host is allocated. For example, if you allocate a host for the `m5.large` instance type, you can't modify the instance type to `m5.metal`. Similarly, if you allocate a host for a `.metal` instance type, you can't modify the instance type to a virtualized instance type after the host is allocated. For example, if you allocate a host for the `m5.metal` instance type, you can't modify the instance type to `m5.large`. ------ #### [ Console ] **To modify the supported instance types for a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the Navigation pane, choose **Dedicated Host**. 1. Select the Dedicated Host to modify and choose **Actions**, **Modify host**. 1. Do one of the following, depending on the current configuration of the Dedicated Host: + If the Dedicated Host currently supports a specific instance type, **Support multiple instance types** is not enabled, and **Instance type** lists the supported instance type. To modify the host to support multiple types in the current instance family, for **Support multiple instance types**, choose **Enable**. You must first stop all instances running on the host before modifying it to support multiple instance types. + If the Dedicated Host currently supports multiple instance types in an instance family, **Enabled** is selected for **Support multiple instance types**. To modify the host to support a specific instance type, for **Support multiple instance types**, clear **Enable**, and then for **Instance type**, select the specific instance type to support. You can't change the instance family supported by the Dedicated Host. 1. Choose **Save**. ------ #### [ AWS CLI ] **To modify the supported instance types for a Dedicated Host** Use the [modify-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-hosts.html) command. The following example modifies a Dedicated Host to support multiple instance types within the `m5` instance family. ``` aws ec2 modify-hosts \ --instance-family m5 \ --host-ids h-012a3456b7890cdef ``` The following example modifies a Dedicated Host to support `m5.xlarge` instances only. ``` aws ec2 modify-hosts \ --instance-type m5.xlarge \ --instance-family --host-ids h-012a3456b7890cdef ``` ------ #### [ PowerShell ] **To modify the supported instance types for a Dedicated Host** Use the [Edit-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2Host.html) cmdlet. The following example modifies a Dedicated Host to support multiple instance types within the `m5` instance family. ``` Edit-EC2Host ` -InstanceFamily m5 ` -HostId h-012a3456b7890cdef ``` The following example modifies a Dedicated Host to support `m5.xlarge` instances only. ``` Edit-EC2Host ` -InstanceType m5.xlarge ` -HostId h-012a3456b7890cdef ``` ------ # Modify Amazon EC2 Dedicated Host tenancy and affinity for an Amazon EC2 instance Modify tenancy and affinity for an instance You can change the tenancy of an instance after you have launched it. You can also modify the affinity for your instance to target a specific host or allow it to launch on any available dedicated host with matching attributes in your account. To modify either instance tenancy or affinity, the instance must be in the `stopped` state. The operating system details of your instance—and whether SQL Server is installed—affect what conversions are supported. For more information about the tenancy conversion paths available to your instance, see [Tenancy conversion](https://docs.aws.amazon.com/license-manager/latest/userguide/conversion-tenancy.html) in the *License Manager User Guide*. **Note** For T3 instances, you must launch the instance on a Dedicated Host to use a tenancy of `host`. For T3 instances, you can't change the tenancy from `host` to `dedicated` or `default`. Attempting to make one of these unsupported tenancy changes results in an `InvalidRequest` error code. ------ #### [ Console ] **To modify instance tenancy or affinity** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Instances**, and select the instance to modify. 1. Choose **Instance state**, **Stop**. 1. With the instance selected, choose **Actions**, **Instance settings**, **Modify instance placement**. 1. On the **Modify instance placement** page, configure the following: + **Tenancy**—Choose one of the following: + Run a dedicated hardware instance—Launches the instance as a Dedicated Instance. For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md). + Launch the instance on a Dedicated Host—Launches the instance onto a Dedicated Host with configurable affinity. + **Affinity**—Choose one of the following: + This instance can run on any one of my hosts—The instance launches onto any available Dedicated Host in your account that supports its instance type. + This instance can only run on the selected host—The instance is only able to run on the Dedicated Host selected for **Target Host**. + **Target Host**—Select the Dedicated Host that the instance must run on. If no target host is listed, you might not have available, compatible Dedicated Hosts in your account. For more information, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). 1. Choose **Save**. ------ #### [ AWS CLI ] **To modify instance tenancy or affinity** Use the [modify-instance-placement](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-placement.html) command. The following example changes the specified instance's affinity from `default` to `host`, and specifies the Dedicated Host that the instance has affinity with. ``` aws ec2 modify-instance-placement \ --instance-id i-1234567890abcdef0 \ --affinity host \ --tenancy host \ --host-id h-012a3456b7890cdef ``` ------ #### [ PowerShell ] **To modify instance tenancy or affinity** Use the [Edit-EC2InstancePlacement](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstancePlacement.html) cmdlet. The following example changes the specified instance's affinity from `default` to `host`, and specifies the Dedicated Host that the instance has affinity with. ``` Edit-EC2InstancePlacement ` -InstanceId i-1234567890abcdef0 ` -Affinity host ` -Tenancy host ` -HostId h-012a3456b7890cdef ``` ------ # Release an Amazon EC2 Dedicated Host Release Dedicated Host If you no longer need Dedicated Host, you can stop the instances running on the host, direct them to launch on a different host, and then *release* the host. Any running instances on the Dedicated Host must be stopped before you can release the host. These instances can be migrated to other Dedicated Hosts in your account so that you can continue to use them. These steps apply only to On-Demand Dedicated Hosts. ------ #### [ Console ] **To release a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. On the **Dedicated Hosts** page, select the Dedicated Host to release. 1. Choose **Actions**, **Release host**. 1. To confirm, choose **Release**. ------ #### [ AWS CLI ] **To release a Dedicated Host** Use the [release-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/release-hosts.html) command. ``` aws ec2 release-hosts --host-ids h-012a3456b7890cdef ``` ------ #### [ PowerShell ] **To release a Dedicated Host** Use the [Remove-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2Host.html) cmdlet. ``` Remove-EC2Host -HostId h-012a3456b7890cdef ``` ------ After you release a Dedicated Host, you can't reuse the same host or host ID again, and you are no longer charged On-Demand billing rates for it. The state of the Dedicated Host is changed to `released`, and you are not able to launch any instances onto that host. **Note** If you have recently released Dedicated Hosts, it can take some time for them to stop counting towards your limit. During this time, you might experience `LimitExceeded` errors when trying to allocate new Dedicated Hosts. If this is the case, try allocating new hosts again after a few minutes. The instances that were stopped are still available for use and are listed on the **Instances** page. They retain their `host` tenancy setting. # Migrate to Nitro-based Amazon EC2 Dedicated Hosts The Nitro System is a collection of hardware and software components built by AWS that enable high performance, high availability, and high security. Nitro-based Dedicated Hosts offer improved price performance compared to Xen-based Dedicated Hosts. If you have any Xen-based Dedicated Hosts in your account, we recommend that you migrate your workloads to Nitro-based Dedicated Hosts. For more information, see [AWS Nitro System](https://aws.amazon.com/ec2/nitro/). To migrate from a Xen-based Dedicated Host to a Nitro-based Dedicated Host, you need to migrate the Xen-based instances on your Dedicated Host to Nitro-based instance types, allocate a new Nitro-based Dedicated Host, and then move your migrated Nitro-based instances to your new Nitro-based Dedicated Host. This topic provides detailed steps for migrating from Xen-based Dedicated Hosts to Nitro-based Dedicated Hosts. **Topics** + [ ## Step 1: Identify your Xen-based Dedicated Hosts ](#identify-xen-hosts) + [ ## Step 2: Migrate Xen-based instances to Nitro-based instance types ](#migrate-dh-instances) + [ ## Step 3: Allocate a Nitro-based Dedicated Host ](#allocate-nitro-host) + [ ## Step 4: Move migrated instances to new Nitro-based Dedicated Host ](#move-instances) + [ ## Step 5: Release unused Xen-based Dedicated Host ](#release-xen-instances) ## Step 1: Identify your Xen-based Dedicated Hosts The following Dedicated Hosts are Xen-based and are eligible to be migrated to Nitro-based Dedicated Hosts. + **General purpose: **M3 \$1 M4 + **Compute optimized: **C3 \$1 C4 + **Memory optimized: **R3 \$1 R4 \$1 X1 \$1 X1e + **Storage optimized: **D2 \$1 H1 \$1 I2 \$1 I3 + **Accelerated computing: **F1 \$1 G3 \$1 P2 \$1 P3 **To check if you have Xen-based Dedicated Hosts in your account** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, choose **Dedicated Hosts**. 1. In the **Search field**, use the **Instance family** filter to search for the Xen-based Dedicated Hosts above. For example, *Instance family = m3*. ## Step 2: Migrate Xen-based instances to Nitro-based instance types Instances that run on Xen-based Dedicated Hosts are also Xen-based. You must migrate these instances to Nitro-based instance types before you can move them to Nitro-based Dedicated Hosts. **Important** Before you begin migrating your instances, we recommend that you back up your data. For more information, see [Create multi-volume Amazon EBS snapshots from an Amazon EC2 instance](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-create-snapshots.html). **To find instances running on your Xen-based Dedicated Hosts** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, choose **Dedicated Hosts**. 1. Select the Xen-based host you intend to migrate and then select the **Running instances** tab. The tab lists all of the instances running of the selected host. To migrate **Linux instances**, see [Amazon EC2 instance type changes](ec2-instance-resize.md). To migrate **Windows instances**, see [Migrate an EC2 Windows instance to a Nitro-based instance type](migrating-latest-types.md). **Note** Ensure that you migrate your instances to an instance type that matches the Nitro-based Dedicated Host that you intend to migrate to. For example, if you intend to migrate to a M7i Dedicated Host, ensure that you migrate your instances to an M7i instance type. ## Step 3: Allocate a Nitro-based Dedicated Host **To find supported Nitro-based Dedicated Hosts** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, select **Instance Types**. 1. Apply the following filters: + *Hypervisor = nitro* + *Dedicated Host support = true* After you've found a suitable Nitro-based instance type, [ allocate a new Dedicated Host](dedicated-hosts-allocating.md). ## Step 4: Move migrated instances to new Nitro-based Dedicated Host After you have allocated the Nitro-based Dedicated Host and it reaches the `available` state, you can move the instances that you previously migrated to Nitro-based instance types to the new Dedicated Host. **To move your instances to your new Nitro-based Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, **Instances**. 1. Select the instance that you migrated and choose **Actions**, **Instance settings**, **Modify instance placement**. 1. For **Target dedicated host**, select the new Nitro-based Dedicated Host, and then choose **Save**. 1. Restart the instance. Select the instance and choose **Instance state**, **Start instance**. ## Step 5: Release unused Xen-based Dedicated Host After you have migrated your workloads from the Xen-based Dedicated Host to the new Nitro-based Dedicated Host, you can [release the Xen-based Dedicated Host](dedicated-hosts-releasing.md) if you no longer need it. ## Purchase Dedicated Host Reservations for Dedicated Host billing discounts Purchase a Dedicated Host Reservation Dedicated Host Reservations provide you with a discount of up to 70 percent compared to On-Demand Dedicated Host pricing. You must have active Dedicated Hosts allocated in your account before you can purchase Dedicated Host Reservations. For more information, see [Dedicated Host Reservations](dedicated-hosts-billing.md#dedicated-host-reservations). ------ #### [ Console ] **To purchase reservations** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Dedicated Hosts**, **Dedicated Host Reservations**, **Purchase Dedicated Host Reservation**. 1. On the **Find offerings** screen, do the following: 1. For **Instance family**, select the instance family of the Dedicated Host for which to purchase the Dedicated Host Reservation. 1. For **Payment option**, select and configure your preferred payment option. 1. Choose **Next**. 1. Select the Dedicated Hosts with which to associate the Dedicated Host Reservation, and then choose **Next**. 1. (*Optional*) Assign tags to the Dedicated Host Reservation. 1. Review your order and choose **Purchase**. ------ #### [ AWS CLI ] **To purchase reservations** 1. Use the [describe-host-reservation-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-host-reservation-offerings.html) command to list the available offerings that match your needs. The following example lists the offerings that support instances in the `m4` instance family and have a one-year term. The term is specified in seconds. A one-year term includes 31,536,000 seconds, and a three-year term includes 94,608,000 seconds. ``` aws ec2 describe-host-reservation-offerings \ --filter Name=instance-family,Values=m4 \ --max-duration 31536000 ``` The command returns a list of offerings that match your criteria. Note the ID of the offering to purchase. 1. Use the [purchase-host-reservation](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-host-reservation.html) command to purchase the offering and provide the `offeringId` noted in the previous step. The following example purchases the specified reservation and associates it with a specific Dedicated Host that is already allocated in the AWS account, and it applies a tag with a key of `purpose` and a value of `production`. ``` aws ec2 purchase-host-reservation \ --offering-id hro-03f707bf363b6b324 \ --host-id-set h-013abcd2a00cbd123 \ --tag-specifications 'ResourceType=host-reservation,Tags={Key=purpose,Value=production}' ``` ------ #### [ PowerShell ] **To purchase reservations** 1. Use the [Get-EC2HostReservationOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2HostReservationOffering.html) cmdlet to list the available offerings that match your needs. The following examples list the offerings that support instances in the `m5` instance family and have a one-year term. The term is specified in seconds. A one-year term includes 31,536,000 seconds, and a three-year term includes 94,608,000 seconds. ``` $filter = @{Name="instance-family"; Values="m5"} Get-EC2HostReservationOffering ` -Filter $filter ` -MaxDuration 31536000 ``` The command returns a list of offerings that match your criteria. Note the ID of the offering to purchase. 1. Use the [New-EC2HostReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2HostReservation.html) cmdlet to purchase the offering and provide the offering ID noted in the previous step. The following example purchases the specified reservation and associates it with a specific Dedicated Host that is already allocated in the AWS account. ``` New-EC2HostReservation ` -OfferingId hro-03f707bf363b6b324 ` -HostIdSet h-013abcd2a00cbd123 ``` ------ # Cross-account Amazon EC2 Dedicated Host sharing Cross-account sharing Dedicated Host sharing enables Dedicated Host owners to share their Dedicated Hosts with other AWS accounts or within an AWS organization. This enables you to create and manage Dedicated Hosts centrally, and share the Dedicated Host across multiple AWS accounts or within your AWS organization. In this model, the AWS account that owns the Dedicated Host (*owner*) shares it with other AWS accounts (*consumers*). Consumers can launch instances onto Dedicated Hosts that are shared with them in the same way that they would launch instances onto Dedicated Hosts that they allocate in their own account. The owner is responsible for managing the Dedicated Host and the instances that they launch onto it. Owners can't modify instances that consumers launch onto shared Dedicated Hosts. Consumers are responsible for managing the instances that they launch onto Dedicated Hosts shared with them. Consumers can't view or modify instances owned by other consumers or by the Dedicated Host owner, and they can't modify Dedicated Hosts that are shared with them. A Dedicated Host owner can share a Dedicated Host with: + Specific AWS accounts inside or outside of its AWS organization + An organizational unit inside its AWS organization + Its entire AWS organization **Topics** + [ ## Prerequisites for sharing Dedicated Hosts ](#dh-sharing-prereq) + [ ## Limitations for sharing Dedicated Hosts ](#dh-sharing-limitation) + [ ## Related services ](#dh-sharing-related) + [ ## Share across Availability Zones ](#dh-sharing-azs) + [ ## Shared Dedicated Host permissions ](#shared-dh-perms) + [ ## Billing and metering ](#shared-dh-billing) + [ ## Dedicated Host limits ](#shared-dh-limits) + [ ## Host recovery and Dedicated Host sharing ](#dh-sharing-retirement) + [Share a Dedicated Host](sharing-dh.md) + [Unshare a Dedicated Host](unsharing-dh.md) + [View shared Dedicated Hosts](identifying-shared-dh.md) ## Prerequisites for sharing Dedicated Hosts + To share a Dedicated Host, you must own it in your AWS account. You can't share a Dedicated Host that has been shared with you. + To share a Dedicated Host with your AWS organization or an organizational unit in your AWS organization, you must enable sharing with AWS Organizations. For more information, see [Enable Sharing with AWS Organizations](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html) in the *AWS RAM User Guide*. ## Limitations for sharing Dedicated Hosts You can't share Dedicated Hosts that have been allocated for the following instance types: `u-6tb1.metal`, `u-9tb1.metal`, `u-12tb1.metal`, `u-18tb1.metal`, and `u-24tb1.metal`. ## Related services ### AWS Resource Access Manager Dedicated Host sharing integrates with AWS Resource Access Manager (AWS RAM). AWS RAM is a service that enables you to share your AWS resources with any AWS account or through AWS Organizations. With AWS RAM, you share resources that you own by creating a *resource share*. A resource share specifies the resources to share, and the consumers with whom to share them. Consumers can be individual AWS accounts, or organizational units or an entire organization from AWS Organizations. For more information about AWS RAM, see the *[AWS RAM User Guide](https://docs.aws.amazon.com/ram/latest/userguide/)*. ## Share across Availability Zones To ensure that resources are distributed across the Availability Zones for a Region, we independently map Availability Zones to names for each account. This could lead to Availability Zone naming differences across accounts. For example, the Availability Zone `us-east-1a` for your AWS account might not have the same location as `us-east-1a` for another AWS account. To identify the location of your Dedicated Hosts relative to your accounts, you must use the *Availability Zone ID* (AZ ID). The Availability Zone ID is a unique and consistent identifier for an Availability Zone across all AWS accounts. For example, `use1-az1` is an Availability Zone ID for the `us-east-1` Region and it is the same location in every AWS account. **To view the Availability Zone IDs for the Availability Zones in your account** 1. Open the AWS RAM console at [https://console.aws.amazon.com/ram/home](https://console.aws.amazon.com/ram/home). 1. The Availability Zone IDs for the current Region are displayed in the **Your AZ ID** panel on the right-hand side of the screen. ## Shared Dedicated Host permissions ### Permissions for owners Owners are responsible for managing their shared Dedicated Hosts and the instances that they launch onto them. Owners can view all instances running on the shared Dedicated Host, including those launched by consumers. However, owners can't take any action on running instances that were launched by consumers. ### Permissions for consumers Consumers are responsible for managing the instances that they launch onto a shared Dedicated Host. Consumers can't modify the shared Dedicated Host in any way, and they can't view or modify instances that were launched by other consumers or the Dedicated Host owner. ## Billing and metering There are no additional charges for sharing Dedicated Hosts. Owners are billed for Dedicated Hosts that they share. Consumers are not billed for instances that they launch onto shared Dedicated Hosts. Dedicated Host Reservations continue to provide billing discounts for shared Dedicated Hosts. Only Dedicated Host owners can purchase Dedicated Host Reservations for shared Dedicated Hosts that they own. ## Dedicated Host limits Shared Dedicated Hosts count towards the owner's Dedicated Hosts limits only. Consumer's Dedicated Hosts limits are not affected by Dedicated Hosts that have been shared with them. Similarly, instances that consumers launch onto shared Dedicated Hosts do not count towards their instance limits. ## Host recovery and Dedicated Host sharing Host recovery recovers instances launched by the Dedicated Host owner and the consumers with whom it has been shared. The replacement Dedicated Host is allocated to the owner's account. It is added to the same resource shares as the original Dedicated Host, and it is shared with the same consumers. For more information, see [Amazon EC2 Dedicated Host recovery](dedicated-hosts-recovery.md). # Share an Amazon EC2 Dedicated Host across AWS accounts Share a Dedicated Host When an owner shares a Dedicated Host, it enables consumers to launch instances on the host. Consumers can launch as many instances onto the shared host as its available capacity allows. **Important** Note that you are responsible for ensuring that you have appropriate license rights to share any BYOL licenses on your Dedicated Hosts. If you share a Dedicated Host with auto-placement enabled, keep the following in mind as it could lead to unintended Dedicated Host usage: + If consumers launch instances with Dedicated Host tenancy and they do not have capacity on a Dedicated Host that they own in their account, the instance is automatically launched onto the shared Dedicated Host. To share a Dedicated Host, you must add it to a resource share. A resource share is an AWS RAM resource that lets you share your resources across AWS accounts. A resource share specifies the resources to share, and the consumers with whom they are shared. You can add the Dedicated Host to an existing resource, or you can add it to a new resource share. If you are part of an organization in AWS Organizations and sharing within your organization is enabled, consumers in your organization are automatically granted access to the shared Dedicated Host. Otherwise, consumers receive an invitation to join the resource share and are granted access to the shared Dedicated Host after accepting the invitation. **Note** After you share a Dedicated Host, it could take a few minutes for consumers to have access to it. ------ #### [ Console ] **To share a Dedicated Host that you own using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Choose the Dedicated Host to share and choose **Actions**, **Share host**. 1. Select the resource share to which to add the Dedicated Host and choose **Share host**. It could take a few minutes for consumers to get access to the shared host. **To share a Dedicated Host that you own using the AWS RAM console** See [Create a resource share](https://docs.aws.amazon.com/ram/latest/userguide/working-with-sharing-create.html) in the *AWS RAM User Guide*. ------ #### [ AWS CLI ] **To share a Dedicated Host that you own** Use the [create-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/create-resource-share.html) command. ``` aws ram create-resource-share \ --name my-resource-share \ --resource-arns arn:aws:ec2:us-east-2:123456789012:dedicated-host/h-07879acf49EXAMPLE ``` ------ #### [ PowerShell ] **To share a Dedicated Host that you own** Use the [New-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/New-RAMResourceShare.html) cmdlet. ``` New-RAMResourceShare ` -Name my-resource-share ` -ResourceArn arn:aws:ec2:us-east-2:123456789012:dedicated-host/h-07879acf49EXAMPLE ``` ------ # Unshare a Dedicated Host that is shared with other AWS accounts Unshare a Dedicated Host The Dedicated Host owner can unshare a shared Dedicated Host at any time. When you unshare a shared Dedicated Host, the following rules apply: + Consumers with whom the Dedicated Host was shared can no longer launch new instances onto it. + Instances owned by consumers that were running on the Dedicated Host at the time of unsharing continue to run but are scheduled for [retirement](schedevents_actions_retire.md). Consumers receive retirement notifications for the instances and they have two weeks to take action on the notifications. However, if the Dedicated Host is reshared with the consumer within the retirement notice period, the instance retirements are cancelled. To unshare a shared Dedicated Host that you own, you must remove it from the resource share. ------ #### [ Console ] **To unshare a shared Dedicated Host that you own** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Choose the Dedicated Host to unshare and choose the **Sharing** tab. 1. The **Sharing** tab lists the resource shares to which the Dedicated Host has been added. Select the resource share from which to remove the Dedicated Host and choose **Remove host from resource share**. **To unshare a shared Dedicated Host that you own using the AWS RAM console** See [Update a resource share](https://docs.aws.amazon.com/ram/latest/userguide/working-with-sharing-update.html) in the *AWS RAM User Guide*. ------ #### [ AWS CLI ] **To unshare a shared Dedicated Host that you own** Use the [disassociate-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/disassociate-resource-share.html) command. ``` aws ram disassociate-resource-share \ --resource-share-arn arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE \ --resource-arns arn:aws:ec2:us-east-2:123456789012:dedicated-host/h-07879acf49EXAMPLE ``` ------ #### [ PowerShell ] **To unshare a shared Dedicated Host that you own** Use the [Disconnect-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/Disconnect-RAMResourceShare.html) cmdlet. ``` Disconnect-RAMResourceShare ` -ResourceShareArn "arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE" ` -ResourceArn "arn:aws:ec2:us-east-2:123456789012:dedicated-host/h-07879acf49EXAMPLE" ``` ------ # View shared Amazon EC2 Dedicated Hosts in your AWS account View shared Dedicated Hosts You can view Dedicated Host that you are sharing with other accounts, and Dedicated Hosts that are shared with you. If you own the Dedicated Host, you can see all of the instances running on the host, including instances launched by consumers. If the Dedicated Host is shared with you, you can see only the instances that you launched onto the shared host, and not those launched by other consumers. Owners and consumers can identify shared Dedicated Hosts using one of the following methods. ------ #### [ Console ] **To identify a shared Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. The screen lists Dedicated Hosts that you own and Dedicated Hosts that are shared with you. 1. The **Owner** column shows the AWS account ID of the Dedicated Host owner. 1. To view the instances running on the hosts, select the **Instances** tab. ------ #### [ AWS CLI ] **To identify a shared Dedicated Host** Use the [ describe-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-hosts.html) command. The command returns the Dedicated Hosts that you own and Dedicated Hosts that are shared with you. The value of `Owner` is the account ID of the owner of the Dedicated Host. The `Instances` list describes the instances running on the host. ``` aws ec2 describe-hosts --filter "Name=state,Values=available" ``` ------ #### [ PowerShell ] **To identify a shared Dedicated Host** Use the [Get-EC2host](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Host.html) cmdlet. The cmdlet returns the Dedicated Hosts that you own and Dedicated Hosts that are shared with you. The value of `Owner` in the response is the account ID of the owner of the Dedicated Host. The `Instances` list describes the instances running on the host. ``` Get-EC2Host -Filter @{Name="state"; Values="available"} ``` ------ # Amazon EC2 Dedicated Hosts on AWS Outposts Dedicated Hosts on Outposts AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to your premises. By providing local access to AWS managed infrastructure, AWS Outposts enables you to build and run applications on premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs. An Outpost is a pool of AWS compute and storage capacity deployed at a customer site. AWS operates, monitors, and manages this capacity as part of an AWS Region. You can allocate Dedicated Hosts on Outposts that you own in your account. This makes it easier for you to bring your existing software licenses and workloads that require a dedicated physical server to AWS Outposts. You can also target specific hardware assets on an Outpost to help minimize latency between your workloads. Dedicated Hosts allow you to use your eligible software licenses on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses. Other software licenses that are bound to virtual machines, sockets, or physical cores, can also be used on Dedicated Hosts, subject to their license terms. While Outposts have always been a single-tenant environments that are eligible for BYOL workloads, Dedicated Hosts allows you to limit the needed licenses to a single host as opposed to the entire Outpost deployment. Additionally, using Dedicated Hosts on an Outpost gives you greater flexibility in instance type deployment, and more granular control over instance placement. You can target a specific host for instance launches and use host affinity to ensure that the instance always runs on that host, or you can use auto-placement to launch an instance onto any available host that has matching configurations and available capacity. **Contents** + [ ## Prerequisites ](#dh-outpost-prereqs) + [ ## Supported features ](#dh-outpost-features) + [ ## Considerations ](#dh-outpost-considerations) + [ # Allocate an Amazon EC2 Dedicated Host on AWS Outposts ](dh-outpost-allocate.md) ## Prerequisites You must have an Outpost installed at your site. For more information, see [ Create an Outpost and order Outpost capacity](https://docs.aws.amazon.com/outposts/latest/userguide/order-outpost-capacity.html) in the *AWS Outposts User Guide*. ## Supported features + The following instance families are supported: + **General purpose:** M5 \$1 M5d \$1 M7i \$1 M8i + **Compute optimized:** C5 \$1 C5d \$1 C7i \$1 C8i + **Memory optimized:** R5 \$1 R5d \$1 R7i \$1 R8i + **Storage optimized:** I3en + **Accelerated computing:** G4dn + Dedicated Hosts on Outposts can be configured to support multiple instance sizes. Support for multiple instance sizes is available for the following instance families. + **General purpose:** M5 \$1 M5d \$1 M7i + **Compute optimized:** C5 \$1 C5d \$1 C7i + **Memory optimized:** R5 \$1 R5d \$1 R7i For more information, see [Amazon EC2 Dedicated Host instance capacity configurations](dedicated-hosts-limits.md). + Dedicated Hosts on Outposts support auto-placement and targeted instance launches. For more information, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). + Dedicated Hosts on Outposts support host affinity. For more information, see [Amazon EC2 Dedicated Host auto-placement and host affinity](dedicated-hosts-understanding.md). + Dedicated Hosts on Outposts support sharing with AWS RAM. For more information, see [Cross-account Amazon EC2 Dedicated Host sharing](dh-sharing.md). ## Considerations + Dedicated Host Reservations are not supported on Outposts. + Host resource groups and AWS License Manager are not supported on Outposts. + Dedicated Hosts on Outposts do not support burstable T3 instances. + Dedicated Hosts on Outposts do not support host recovery. + Simplified automatic recovery is not supported for instances with Dedicated Host tenancy on Outposts. # Allocate an Amazon EC2 Dedicated Host on AWS Outposts Allocate Dedicated Host on Outpost You allocate and use Dedicated Hosts on Outposts in the same way that would with Dedicated Hosts in an AWS Region. **Prerequisites** Create a subnet on the Outpost. For more information, see [Create a subnet](https://docs.aws.amazon.com/outposts/latest/userguide/launch-instance.html#create-subnet) in the *AWS Outposts User Guide*. **To allocate a Dedicated Host on an Outpost, use one of the following methods:** ------ #### [ Console ] **To allocate a Dedicated Host on an Outpost using the AWS Outposts console** 1. Open the AWS Outposts console at [https://console.aws.amazon.com/outposts/](https://console.aws.amazon.com/outposts/home). 1. In the navigation pane, choose **Outposts**. Select the Outpost and then choose **Actions**, **Allocate Dedicated Host**. 1. Configure the Dedicated Host as needed. For more information, see [Allocate an Amazon EC2 Dedicated Host for use in your account](dedicated-hosts-allocating.md). **Note** **Availability Zone** and **Outpost ARN** should be pre-populated with the Availability Zone and ARN of the selected Outpost. 1. Choose **Allocate**. **To allocate a Dedicated Host on an Outpost using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**, and then choose **Allocate Dedicated Host**. 1. For **Availability Zone**, select the Availability Zone associated with the Outpost. 1. For **Outpost ARN**, enter the ARN of the Outpost. 1. To target specific hardware assets on the Outpost, for **Target specific hardware assets on Outpost**, select **Enable**. For each hardware asset to target, choose **Add asset ID**, and then enter the ID of the hardware asset. **Note** The value that you specify for **Quantity** must be equal to the number of asset IDs that you specify. For example, if you specify 3 asset IDs, then Quantity must also be 3. 1. Configure the remaining Dedicated Host settings as needed. For more information, see [Allocate an Amazon EC2 Dedicated Host for use in your account](dedicated-hosts-allocating.md). 1. Choose **Allocate**. ------ #### [ AWS CLI ] **To allocate a Dedicated Host on an Outpost** Use the [allocate-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/allocate-hosts.html) command. For `--availability-zone`, specify the Availability Zone associated with the Outpost. For `--outpost-arn`, specify the ARN of the Outpost. Optionally, for `--asset-ids`, specify the IDs of the Outpost hardware assets to target. ``` aws ec2 allocate-hosts \ --availability-zone "us-east-1a" \ --outpost-arn "arn:aws:outposts:us-east-1a:111122223333:outpost/op-4fe3dc21baEXAMPLE" \ --asset-ids asset_id \ --instance-family "m5" \ --auto-placement "off" \ --quantity 1 ``` ------ #### [ PowerShell ] **To allocate a Dedicated Host on an Outpost** Use the [New-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Host.html) cmdlet. Specify the Availability Zone associated with the Outpost. Optionally, for `-AssetId`, specify the IDs of the Outpost hardware assets to target. ``` New-EC2Host ` -AvailabilityZone "us-east-1a" ` -OutpostArn "arn:aws:outposts:us-east-1a:111122223333:outpost/op-4fe3dc21baEXAMPLE" ` -AssetId asset_id ` -InstanceFamily "m5" ` -AutoPlacement "off" ` -Quantity 1 ``` ------ **To launch an instance onto a Dedicated Host on an Outpost** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. Select the Dedicated Host that you allocated in the previous step and choose **Actions**, **Launch instance onto host**. 1. Configure the instance as needed and then launch the instance. For more information, see [Launch Amazon EC2 instances on an Amazon EC2 Dedicated Host](launching-dedicated-hosts-instances.md). # Amazon EC2 Dedicated Host recovery Host recovery Dedicated Host auto recovery restarts your instances on to a new replacement host when certain problematic conditions are detected on your Dedicated Host. Host recovery reduces the need for manual intervention and lowers the operational burden if there is an unexpected Dedicated Host failure concerning system power or network connectivity events. Other Dedicated Host issues will require manual intervention to recover from. **Topics** + [How host recovery works](dedicated-hosts-recovery-basics.md) + [ ## Supported instance types ](#dedicated-hosts-recovery-instances) + [ ## Pricing ](#dedicated-hosts-recovery-pricing) + [Manage host recovery](dedicated-hosts-recovery-enable.md) + [View host recovery setting](dedicated-hosts-recovery-view.md) + [Manually recovery unsupported instances](dedicated-hosts-recovery-unsupported.md) # How Amazon EC2 Dedicated Host recovery works How host recovery works Dedicated Hosts and the host resource groups recovery process use host-level health checks to assess Dedicated Host availability and to detect underlying system failures. The type of Dedicated Host failure determines if Dedicated Host auto recovery is possible. Examples of problems that can cause host-level health checks to fail include: + Loss of network connectivity + Loss of system power + Hardware or software issues on the physical host **Important** Dedicated Host auto recovery does not occur when the host is scheduled for retirement. ## Dedicated Host auto recovery When a system power or network connectivity failure is detected on your Dedicated Host, Dedicated Host auto recovery is initiated and Amazon EC2 **automatically allocates a replacement Dedicated Host in the same Availability Zone as the original Dedicated Host**. The replacement Dedicated Host receives a new host ID, but retains the same attributes as the original Dedicated Host, including: + Availability Zone + Instance type + Tags + Auto placement settings + Reservation When the replacement Dedicated Host is allocated, the **instances are recovered on to the replacement Dedicated Host**. The recovered instances retain the same attributes as the original instances, including: + Instance ID + Private IP addresses + Elastic IP addresses + EBS volume attachments + All instance metadata Additionally, the built-in integration with AWS License Manager automates the tracking and management of your licenses. **Note** AWS License Manager integration is supported only in Regions in which AWS License Manager is available. If instances have a host affinity relationship with the impaired Dedicated Host, the recovered instances establish host affinity with the replacement Dedicated Host. When all of the instances have been recovered on to the replacement Dedicated Host, **the impaired Dedicated Host is released**, and the replacement Dedicated Host becomes available for use. When host recovery is initiated, the AWS account owner is notified by email and by an AWS Health Dashboard event. A second notification is sent after the host recovery has been successfully completed. If you are using AWS License Manager to track your licenses, AWS License Manager allocates new licenses for the replacement Dedicated Host based on the license configuration limits. If the license configuration has hard limits that will be breached as a result of the host recovery, the recovery process is not allowed and you are notified of the host recovery failure through an Amazon SNS notification (if notification settings have been configured for AWS License Manager). If the license configuration has soft limits that will be breached as a result of the host recovery, the recovery is allowed to continue and you are notified of the limit breach through an Amazon SNS notification. For more information, see [Using License Configurations](https://docs.aws.amazon.com/license-manager/latest/userguide/license-configurations.html) and [Settings in License Manager](https://docs.aws.amazon.com/license-manager/latest/userguide/settings.html) in the *AWS License Manager User Guide*. ## Host recovery states When a Dedicated Host failure is detected, the impaired Dedicated Host enters the `under-assessment` state, and all of the instances enter the `impaired` state. You can't launch instances on to the impaired Dedicated Host while it is in the `under-assessment` state. After the replacement Dedicated Host is allocated, it enters the `pending` state. It remains in this state until the host recovery process is complete. You can't launch instances on to the replacement Dedicated Host while it is in the `pending` state. Recovered instances on the replacement Dedicated Host remain in the `impaired` state during the recovery process. After the host recovery is complete, the replacement Dedicated Host enters the `available` state, and the recovered instances return to the `running` state. You can launch instances on to the replacement Dedicated Host after it enters the `available` state. The original impaired Dedicated Host is permanently released and it enters the `released-permanent-failure` state. If the impaired Dedicated Host has instances that do not support host recovery, such as instances with instance store root volumes, the Dedicated Host is not released. Instead, it is marked for retirement and enters the `permanent-failure` state. ## Scenarios without Dedicated Host auto recovery **Dedicated Host auto recovery does not occur when the host is scheduled for retirement**. You will receive a retirement notification in the AWS Health Dashboard, an Amazon CloudWatch event, and the AWS account owner email address receives a message regarding the Dedicated Host failure. Follow the remedial steps described in the retirement notification within the specified time period to manually recover the instances on the retiring host. **Stopped instances are not recovered** on to the replacement Dedicated Host. If you attempt to start a stopped instance that targets the impaired Dedicated Host, the instance start fails. We recommend that you modify the stopped instance to either target a different Dedicated Host, or to launch on any available Dedicated Host with matching configurations and auto-placement enabled. **Instances with instance storage are not recovered** on to the replacement Dedicated Host. As a remedial measure, the impaired Dedicated Host is marked for retirement and you receive a retirement notification after the host recovery is complete. Follow the remedial steps described in the retirement notification within the specified time period to manually recover the remaining instances on the impaired Dedicated Host. ## Supported instance types Host recovery is supported for the following instance families: + **General purpose: **A1 \$1 M3 \$1 M4 \$1 M5 \$1 M5n \$1 M5zn \$1 M6a \$1 M6g \$1 M6i \$1 T3 \$1 Mac1 \$1 Mac2 \$1 Mac2-m1ultra \$1 Mac2-m2 \$1 Mac2-m2pro + **Compute optimized: **C3 \$1 C4 \$1 C5 \$1 C5n \$1 C6a \$1 C6g \$1 C6i + **Memory optimized: **R3 \$1 R4 \$1 R5 \$1 R5b \$1 R5n \$1 R6g \$1 R6i \$1 U-6tb1 \$1 U-9tb1 \$1 U-12tb1 \$1 U-18tb1 \$1 U-24tb1 \$1 X1 \$1 X1e \$1 X2iezn + **Accelerated computing: **Inf1 \$1 G3 \$1 G5g \$1 P2 \$1 P3 To recover instances that are not supported, see [Manually recover instances that are not supported by Amazon EC2 Dedicated Host recovery](dedicated-hosts-recovery-unsupported.md). **Note** Dedicated Host auto recovery of supported metal instance types will take longer to detect and recover from than non-metal instance types. ## Pricing There are no additional charges for using host recovery, but the usual Dedicated Host charges apply. For more information, see [ Amazon EC2 Dedicated Hosts Pricing](https://aws.amazon.com/ec2/dedicated-hosts/pricing/). As soon as host recovery is initiated, you are no longer billed for the impaired Dedicated Host. Billing for the replacement Dedicated Host begins only after it enters the `available` state. If the impaired Dedicated Host was billed using the On-Demand rate, the replacement Dedicated Host is also billed using the On-Demand rate. If the impaired Dedicated Host had an active Dedicated Host Reservation, it is transferred to the replacement Dedicated Host. # Manage Amazon EC2 Dedicated Host recovery Manage host recovery Dedicated Host auto recovery restarts your instances on to a new replacement host when certain problematic conditions are detected on your Dedicated Host. You can enable host recovery when you allocate the Dedicated Host or after allocation. Use the following procedures to enable host recovery when allocating the host. ------ #### [ Console ] **To enable host recovery at allocation** When allocating a Dedicated Host using the Amazon EC2 console, for **Host recovery**, choose **Enable**. For more information, see [Allocate an Amazon EC2 Dedicated Host for use in your account](dedicated-hosts-allocating.md). ------ #### [ AWS CLI ] **To enable host recovery at allocation** Use the [allocate-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/allocate-hosts.html) command. ``` aws ec2 allocate-hosts \ --instance-type m5.large \ --availability-zone eu-west-1a \ --auto-placement on \ --host-recovery on \ --quantity 1 ``` ------ #### [ PowerShell ] **To enable host recovery at allocation** Use the [New-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Host.html) cmdlet. ``` New-EC2Host ` -InstanceType m5.large ` -AvailabilityZone eu-west-1a ` -AutoPlacement on ` -HostRecovery on ` -Quantity 1 ``` ------ Use the following procedures to manage host recovery for a Dedicated Host. ------ #### [ Console ] **To manage host recovery after allocation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Select the Dedicated Host. 1. Choose **Actions**, **Modify host**. 1. For **Host recovery**, select or clear **Enable**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To enable host recovery after allocation** Use the [modify-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-hosts.html) command. ``` aws ec2 modify-hosts \ --host-recovery on \ --host-ids h-012a3456b7890cdef ``` **To disable host recovery after allocation** Use the [modify-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-hosts.html) command and specify the `host-recovery` parameter with a value of `off`. ``` aws ec2 modify-hosts \ --host-recovery off \ --host-ids h-012a3456b7890cdef ``` ------ #### [ PowerShell ] **To enable host recovery after allocation** Use the [Edit-host](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2Host.html) cmdlet. ``` Edit-EC2Host ` -HostRecovery on ` -HostId h-012a3456b7890cdef ``` **To disable host recovery after allocation** Use the [Edit-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2Host.html) cmdlet. ``` Edit-EC2Host ` -HostRecovery off ` -HostId h-012a3456b7890cdef ``` ------ # View the host recovery setting for your Amazon EC2 Dedicated Host View host recovery setting You can view the host recovery configuration for a Dedicated Host at any time. ------ #### [ Console ] **To view the host recovery configuration for a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Select the Dedicated Host, and in the **Description** tab, review the **Host Recovery** field. ------ #### [ AWS CLI ] **To view the host recovery configuration for a Dedicated Host** Use the [describe-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-hosts.html) command. ``` aws ec2 describe-hosts \ --host-ids h-012a3456b7890cdef \ --query Hosts[].HostRecovery ``` The following is example output. ``` on ``` ------ #### [ PowerShell ] **To view the host recovery configuration for a Dedicated Host** Use the [Get-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Host.html) cmdlet. ``` (Get-EC2Host -HostId h-012a3456b7890cdef).Hosts | Select HostRecovery ``` The following is example output. ``` HostRecovery ------------ on ``` ------ # Manually recover instances that are not supported by Amazon EC2 Dedicated Host recovery Manually recovery unsupported instances Host recovery does not support recovering instances that use instance store volumes. Follow the instructions below to manually recover any of your instances that could not be automatically recovered. **Warning** Data on instance store volumes is lost when an instance is stopped, hibernated, or terminated. This includes instance store volumes that are attached to an instance that has an EBS root volume. To protect data from instance store volumes, back it up to persistent storage before the instance is stopped or terminated. ## Manually recover EBS-backed instances For EBS-backed instances that could not be automatically recovered, we recommend that you manually stop and start the instances to recover them onto a new Dedicated Host. For more information about stopping your instance, and about the changes that occur in your instance configuration when it's stopped, see [Stop and start Amazon EC2 instances](Stop_Start.md). ## Manually recover instances with instance store root volumes For instances with instance store root volumes that could not be automatically recovered, we recommend that you do the following: 1. Launch a replacement instance on a new Dedicated Host from your most recent AMI. 1. Migrate all of the necessary data to the replacement instance. 1. Terminate the original instance on the impaired Dedicated Host. # Host maintenance for Amazon EC2 Dedicated Host Host maintenance With host maintenance, in the rare event that a Dedicated Host becomes degraded, we automatically migrate instances running on it onto a healthy replacement Dedicated Host. This helps to minimize the downtime for your workload, and simplify the management of your Dedicated Hosts. Host maintenance is also performed for planned and routine Amazon EC2 maintenance. Amazon EC2 supports two types of host maintenance: + **Live migration host maintenance** — Instances are automatically migrated to the replacement host within 24 hours, without stopping and restarting them. + **Reboot-based host maintenance** — Instances are scheduled for *instance reboot* scheduled events, during which they are automatically stopped and restarted on the replacement host. **Topics** + [ ## Host maintenance versus host recovery ](#dedicated-hosts-maintenance-differences) + [ ## Considerations ](#dedicated-hosts-maintenance-basics-limitations) + [ ## Related services ](#dedicated-hosts-maintenance-related) + [ ## Pricing ](#dedicated-hosts-maintenance-pricing) + [ # How host maintenance works for Amazon EC2 Dedicated Hosts ](dedicated-hosts-maintenance-basics.md) + [ # Configure the host maintenance setting for an Amazon EC2 Dedicated Host ](dedicated-hosts-maintenance-configuring.md) ## Host maintenance versus host recovery The following table shows the main differences between host recovery and host maintenance. **** | | Host recovery | Host maintenance | | --- | --- | --- | | Instance reachability | Unreachable | Reachable | | Dedicated Host state | under-assessment | permanent-failure | | Host resource group | Supported | Not supported | For more information about host recovery, see [Host recovery](dedicated-hosts-recovery.md). ## Considerations + Host maintenance is available in all AWS Regions, except the China Regions and AWS GovCloud (US) Regions. + Host maintenance is not supported in AWS Outposts, AWS Local Zones, and AWS Wavelength Zones. + Host maintenance can't be turned on or off for hosts already within a host resource group. Hosts added to a host resource group retain their host maintenance setting. For more information, see [Host resource groups](https://docs.aws.amazon.com/license-manager/latest/userguide/host-resource-groups.html). + Host maintenance is not supported with the following instance types, because they have instance store root volumes: C1, C3, D2, I2, M1, M2, M3, R3, and X1. ## Related services Dedicated Host integrates with **AWS License Manager**—Tracks licenses across your Amazon EC2 Dedicated Hosts (supported only in Regions in which AWS License Manager is available). For more information, see the [AWS License Manager User Guide](https://docs.aws.amazon.com/license-manager/latest/userguide/license-manager.html). You must have sufficient licenses in your AWS account for your new Dedicated Host. The licenses associated with your degraded host are released when the host is released after the completion of the scheduled event. ## Pricing There are no additional charges for using host maintenance, but the usual Dedicated Host charges apply. For more information, see [ Amazon EC2 Dedicated Hosts Pricing](https://aws.amazon.com/ec2/dedicated-hosts/pricing/). As soon as host maintenance is initiated, you are no longer billed for the degraded Dedicated Host. Billing for the replacement Dedicated Host begins only after it enters the `available` state. If the degraded Dedicated Host was billed using the On-Demand rate, the replacement Dedicated Host is also billed using the On-Demand rate. If the degraded Dedicated Host had an active Dedicated Host Reservation, it is transferred to the new Dedicated Host. # How host maintenance works for Amazon EC2 Dedicated Hosts How host maintenance works When a degradation is detected on a Dedicated Host that is enabled for host maintenance, we automatically allocate a replacement Dedicated Host in your account. The replacement Dedicated Host receives a new host ID, but retains the same attributes as the original Dedicated Host, including: + Auto placement settings + Availability Zone + Dedicated Host Reservation association + Host affinity + Host maintenance settings + Host recovery settings + Instance type + Tags After the replacement host has been allocated, we migrate the instances using either **live migration host maintenance** or **reboot-based host maintenance**, depending on the instance. After the degraded host has no more running instances, it is permanently released from your account. ## Live migration host maintenance Instances that require live migration host maintenance are automatically migrated to the replacement host within 24 hours, without stopping and restarting them. The migrated instances retain their existing attributes, including: + Instance ID + Instance metadata + Amazon EBS volume attachments + Elastic IP addresses and private IP address + Memory, CPU, and networking states Some larger instance sizes might experience a slight performance decrease during the migration. After the instances are automatically migrated to the replacement host, we send you email and AWS Health Dashboard notifications. Notifications include the IDs of the degraded and replacement hosts, information about the instances that were automatically migrated using live migration host maintenance, and information about the remaining instances. ## Reboot-based host maintenance Instances that require reboot-based host maintenance are scheduled for instance reboot scheduled events for 14 days from the date of the notification. You can continue to access your instances on the degraded Dedicated Host before the scheduled event. You can reschedule reboot events for a date that is within 7 days of the original event date and time. For more information, see [Reschedule a scheduled event for an EC2 instance](reschedule-event.md). Amazon EC2 automatically reserves capacity on the replacement host for these instances. You can't run instances in this reserved capacity. The Amazon EC2 console shows the reserved capacity as used capacity. It could appear that the instances are running on both the degraded host and the replacement host. However, the instances will continue to run only on the degraded host until they are stopped or they are migrated into the reserved capacity on the replacement host. At the date and time of the scheduled event, the instances are automatically stopped and restarted into the reserved capacity on the replacement host. The migrated instances retain their existing attributes, including: + Instance ID + Instance metadata + Amazon EBS volume attachments + Elastic IP addresses and private IP address However, since the instances are stopped and restarted during the migration, they do not retain their memory, CPU, and networking states. You can also manually stop and restart these instances at any time before the scheduled event to migrate them to the replacement host or to a different host. You might need to modify your instance's host affinity to restart it on a different host. If you stop an instance before the scheduled event, the reserved capacity on the replacement host is released and becomes available for use. ## Host maintenance states When a host becomes degraded, it enters the `permanent-failure` state. You can't launch instances on a Dedicated Host that is in the `permanent-failure` state. After the replacement host is allocated, it remains in the `pending` state until the instances that support live migration host maintenance are automatically migrated from the degraded host, and until the scheduled events are scheduled for the remaining instances. After these tasks are completed, the replacement host enters the `available` state. After the replacement host enters the `available` state, you can use it in the same way that you use any host in your account. However, some instance capacity on the replacement host is reserved for the instances that require reboot-based host migration. You can't launch new instances into this reserved capacity. When the degraded host has no more running instances, it enters the `released, permanent-failure` state, and it is permanently released from your account. Note that the host and its resources remain visible in the console for a short time. ## Automatic migration Some instances can't be automatically migrated to the replacement host. **Instances with EBS-backed root volumes** For these instances, we schedule instance stop events for 28 days from the date of the notification. At the date and time of the scheduled event, the instances are stopped. We recommend that you manually stop on restart the instance on the replacement host or on a different host. You might need to modify your instance's host affinity to restart it on a different host. **Instances with an instance store root volume** For these instances, we schedule instance retirement events for 28 days from the date of the notification. At the date and time of the scheduled event, the instances are permanently terminated. We recommend that you manually launch replacement instances on the replacement host and then migrate the required data to the replacement instances before the scheduled event. The following instances have instance store root volumes: C1, C3, D2, I2, M1, M2, M3, R3, and X1. You can continue to access your instances on the degraded Dedicated Host before the scheduled event. # Configure the host maintenance setting for an Amazon EC2 Dedicated Host Configure host maintenance Enable host maintenance to ensure that your instances running on a Dedicated Host are automatically recovered onto a new Dedicated Host during a scheduled maintenance event. If you disable host maintenance, you receive an email notification to evict the degraded host and manually migrate your instances to another host within 28 days. A replacement host is allocated if you have Dedicated Host reservation. After 28 days, the instances running on the degraded host are terminated, and the host is released automatically. ------ #### [ Console ] **To enable host maintenance for your Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Select the Dedicated Host > **Actions** > **Modify host**. 1. Select *on* in the **Host maintenance** field. **To disable host maintenance for your Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Select the Dedicated Host > **Actions** > **Modify host**. 1. Select *off* in the **Host maintenance** field. ------ #### [ AWS CLI ] **To enable host maintenance for your Dedicated Host** Use the [modify-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-hosts.html) command. ``` aws ec2 modify-hosts \ --host-maintenance on \ --host-ids h-0d123456bbf78910d ``` **To disable host maintenance for your Dedicated Host** Use the [modify-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-hosts.html) command. ``` aws ec2 modify-hosts \ --host-maintenance off \ --host-ids h-0d123456bbf78910d ``` ------ #### [ PowerShell ] **To enable host maintenance for your Dedicated Host** Use the [Edit-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2Host.html) cmdlet. ``` Edit-EC2Host ` -HostMaintenance on ` -HostId h-0d123456bbf78910d ``` **To disable host maintenance for your Dedicated Host** Use the [Edit-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2Host.html) cmdlet. ``` Edit-EC2Host ` -HostMaintenance off ` -HostId h-0d123456bbf78910d ``` ------ # Monitor the state of your Amazon EC2 Dedicated Hosts Monitor Dedicated Hosts Amazon EC2 constantly monitors the state of your Dedicated Hosts. Updates are communicated on the Amazon EC2 console. You can view information about a Dedicated Host using the following methods. ------ #### [ Console ] **To view the state of a Dedicated Host** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dedicated Hosts**. 1. Locate the Dedicated Host in the list and review the value in the **State** column. ------ #### [ AWS CLI ] **To view the state of a Dedicated Host** Use the [describe-hosts](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-hosts.html) command. ``` aws ec2 describe-hosts --host-id h-012a3456b7890cdef ``` ------ #### [ PowerShell ] **To view the state of a Dedicated Host** Use the [Get-EC2Host](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Host.html) cmdlet. ``` Get-EC2Host -HostId h-012a3456b7890cdef ``` ------ The following table explains the possible Dedicated Host states. | **State** | **Description** | | --- | --- | | available | AWS hasn't detected an issue with the Dedicated Host. No maintenance or repairs are scheduled. Instances can be launched onto this Dedicated Host. | | released | The Dedicated Host has been released. The host ID is no longer in use. Released hosts can't be reused. | | under-assessment | AWS is exploring a possible issue with the Dedicated Host. If action must be taken, you are notified via the AWS Management Console or email. Instances can't be launched onto a Dedicated Host in this state. | | pending | The Dedicated Host can't be used for new instance launches. It is either being [ modified to support multiple instance types](modify-host-support.md), or a [host recovery](dedicated-hosts-recovery.md) is in progress. | | permanent-failure | An unrecoverable failure has been detected. You receive an eviction notice through your instances and by email. Your instances might continue to run. If you stop or terminate all instances on a Dedicated Host with this state, AWS retires the host. AWS does not restart instances in this state. Instances can't be launched onto Dedicated Hosts in this state. | | released-permanent-failure | AWS permanently releases Dedicated Hosts that have failed and no longer have running instances on them. The Dedicated Host ID is no longer available for use. | # Track Amazon EC2 Dedicated Host configuration changes using AWS Config Track configuration changes You can use AWS Config to record configuration changes for Dedicated Hosts, and for instances that are launched, stopped, or terminated on them. You can then use the information captured by AWS Config as a data source for license reporting. AWS Config records configuration information for Dedicated Hosts and instances individually, and pairs this information through relationships. There are three reporting conditions: + **AWS Config recording status**—When **On**, AWS Config is recording one or more AWS resource types, which can include Dedicated Hosts and Dedicated Instances. To capture the information required for license reporting, verify that hosts and instances are being recorded with the following fields. + **Host recording status**—When **Enabled**, the configuration information for Dedicated Hosts is recorded. + **Instance recording status**—When **Enabled**, the configuration information for Dedicated Instances is recorded. If any of these three conditions are disabled, the icon in the **Edit Config Recording** button is red. To derive the full benefit of this tool, ensure that all three recording methods are enabled. When all three are enabled, the icon is green. To edit the settings, choose **Edit Config Recording**. You are directed to the **Set up AWS Config** page in the AWS Config console, where you can set up AWS Config and start recording for your hosts, instances, and other supported resource types. For more information, see [Setting up AWS Config using the Console](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html) in the *AWS Config Developer Guide*. **Note** AWS Config records your resources after it discovers them, which might take several minutes. After AWS Config starts recording configuration changes to your hosts and instances, you can get the configuration history of any host that you have allocated or released and any instance that you have launched, stopped, or terminated. For example, at any point in the configuration history of a Dedicated Host, you can look up how many instances are launched on that host, along with the number of sockets and cores on the host. For any of those instances, you can also look up the ID of its Amazon Machine Image (AMI). You can use this information to report on licensing for your own server-bound software that is licensed per-socket or per-core. You can view configuration histories in any of the following ways: + By using the AWS Config console. For each recorded resource, you can view a timeline page, which provides a history of configuration details. To view this page, choose the gray icon in the **Config Timeline** column of the **Dedicated Hosts** page. For more information, see [Viewing Configuration Details in the AWS Config Console](https://docs.aws.amazon.com/config/latest/developerguide/view-manage-resource-console.html) in the *AWS Config Developer Guide*. + By running AWS CLI commands. First, you can use the [list-discovered-resources](https://docs.aws.amazon.com/cli/latest/reference/configservice/list-discovered-resources.html) command to get a list of all hosts and instances. Then, you can use the [get-resource-config-history](https://docs.aws.amazon.com/cli/latest/reference/configservice/get-resource-config-history.html#get-resource-config-history) command to get the configuration details of a host or instance for a specific time interval. + By using the AWS Config API in your applications. First, you can use the [ListDiscoveredResources](https://docs.aws.amazon.com/config/latest/APIReference/API_ListDiscoveredResources.html) action to get a list of all hosts and instances. Then, you can use the [GetResourceConfigHistory](https://docs.aws.amazon.com/config/latest/APIReference/API_GetResourceConfigHistory.html) action to get the configuration details of a host or instance for a specific time interval. For example, to get a list of all of your Dedicated Hosts from AWS Config, run a CLI command such as the following. ``` aws configservice list-discovered-resources --resource-type AWS::EC2::Host ``` To obtain the configuration history of a Dedicated Host from AWS Config, run a CLI command such as the following. ``` aws configservice get-resource-config-history \ --resource-type AWS::EC2::Instance \ --resource-id i-1234567890abcdef0 ``` **To manage AWS Config settings using the console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the **Dedicated Hosts** page, choose **Edit Config Recording**. 1. In the AWS Config console, follow the steps provided to turn on recording. For more information, see [Setting up AWS Config using the Console](https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html). For more information, see [Viewing Configuration Details in the AWS Config Console](https://docs.aws.amazon.com/config/latest/developerguide/view-manage-resource-console.html). **To activate AWS Config using the command line or API** + AWS CLI: [Viewing Configuration Details (AWS CLI)](https://docs.aws.amazon.com/config/latest/developerguide/view-manage-resource-console.html#view-config-details-cli) in the *AWS Config Developer Guide*. + Amazon EC2 API: [GetResourceConfigHistory](https://docs.aws.amazon.com/config/latest/APIReference/API_GetResourceConfigHistory.html). # Amazon EC2 Dedicated Instances Dedicated Instances By default, EC2 instances run on shared tenancy hardware. This means that multiple AWS accounts might share the same physical hardware. Dedicated Instances are EC2 instances that run on hardware that's dedicated to a single AWS account. This means that Dedicated Instances are physically isolated at the host hardware level from instances that belong to other AWS accounts, even if those accounts are linked to a single payer account. However, Dedicated Instances might share hardware with other instances from the same AWS account that are not Dedicated Instances. Dedicated Instances provide no visibility or control over instance placement, and they do not support host affinity. If you stop and start a Dedicated Instance, it might not run on the same host. Similarly, you cannot target a specific host on which to launch or run an instance. Additionally, Dedicated Instances provide limited support for Bring Your Own License (BYOL). If you require visibility and control over instance placement and more comprehensive BYOL support, consider using a Dedicated Host instead. Dedicated Instances and Dedicated Hosts can both be used to launch Amazon EC2 instances onto dedicated physical servers. There are no performance, security, or physical differences between Dedicated Instances and instances on Dedicated Hosts. However, there are some key differences between them. The following table highlights some of the key differences between Dedicated Instances and Dedicated Hosts: | | Dedicated Host | Dedicated Instance | | --- | --- | --- | | Dedicated physical server | Physical server with instance capacity fully dedicated to your use. | Physical server that's dedicated to a single customer account. | | Instance capacity sharing | Can share instance capacity with other accounts. | Not supported | | Billing | Per-host billing | Per-instance billing | | Visibility of sockets, cores, and host ID | Provides visibility of the number of sockets and physical cores | No visibility | | Host and instance affinity | Allows you to consistently deploy your instances to the same physical server over time | Not supported | | Targeted instance placement | Provides additional visibility and control over how instances are placed on a physical server | Not supported | | Automatic instance recovery | Supported. For more information, see [Amazon EC2 Dedicated Host recovery](dedicated-hosts-recovery.md). | Supported | | Bring Your Own License (BYOL) | Supported | Partial support \$1 | | Capacity Reservations | Not supported | Supported | \$1 Microsoft SQL Server with License Mobility through Software Assurance, and Windows Virtual Desktop Access (VDA) licenses can be used with Dedicated Instance. For more information, see [Amazon EC2 Dedicated Hosts](dedicated-hosts-overview.md). **Topics** + [ ## Dedicated Instance basics ](#dedicated-howitworks) + [ ## Supported features ](#features) + [ ## Dedicated Instances limitations ](#dedicated-limits) + [ ## Pricing for Dedicated Instances ](#dedicated-instance-pricing) + [Launch Dedicated Instances](dedicatedinstancesintovpc.md) + [Change the tenancy of an instance](dedicated-change-tenancy.md) + [Change the tenancy of a VPC](change-tenancy-vpc.md) ## Dedicated Instance basics A VPC can have a tenancy of either `default` or `dedicated`. By default, your VPCs have `default` tenancy and instances launched into a `default` tenancy VPC have `default` tenancy. To launch Dedicated Instances, do the following: + Create a VPC with a tenancy of `dedicated`, so that all instances in the VPC run as Dedicated Instances. For more information, see [Launch Dedicated Instances into a VPC with default tenancy](dedicatedinstancesintovpc.md). + Create a VPC with a tenancy of `default` and manually specify a tenancy of `dedicated` for the instances to run as Dedicated Instances. For more information, see [Launch Dedicated Instances into a VPC with default tenancy](dedicatedinstancesintovpc.md). ## Supported features Dedicated Instances support the following features and AWS service integrations: **Topics** + [ ### Reserved Instances ](#dedicatedreservedinstances) + [ ### Automatic scaling ](#dedicated-instance-autoscaling) + [ ### Automatic recovery ](#dedicated-instance-recovery) + [ ### Dedicated Spot Instances ](#dedicated-instance-spot) + [ ### Burstable performance instances ](#dedicated-instance-burstable) ### Reserved Instances To reserve capacity for your Dedicated Instances, you can purchase Dedicated Reserved Instances or Capacity Reservations. For more information, see [Reserved Instances for Amazon EC2 overview](ec2-reserved-instances.md) and [Reserve compute capacity with EC2 On-Demand Capacity Reservations](ec2-capacity-reservations.md). When you purchase a Dedicated Reserved Instance, you are purchasing the capacity to launch a Dedicated Instance at a much reduced usage fee; the price break in the usage charge applies only if you launch an instance with dedicated tenancy. When you purchase a Reserved Instance with default tenancy, it applies only to a running instance with `default` tenancy; it does not apply to a running instance with `dedicated` tenancy. You can't use the modification process to change the tenancy of a Reserved Instance after you've purchased it. However, you can exchange a Convertible Reserved Instance for a new Convertible Reserved Instance with a different tenancy. ### Automatic scaling You can use Amazon EC2 Auto Scaling to launch Dedicated Instances. For more information, see [Create a launch template using advanced settings](https://docs.aws.amazon.com/autoscaling/ec2/userguide/advanced-settings-for-your-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*. ### Automatic recovery You can configure automatic recovery for a Dedicated Instance if it becomes impaired due to an underlying hardware failure or a problem that requires AWS involvement to repair. For more information, see [Automatic instance recovery](ec2-instance-recover.md). ### Dedicated Spot Instances You can run a Dedicated Spot Instance by specifying a tenancy of `dedicated` when you create a Spot Instance request. For more information, see [Launch on single-tenant hardware](how-spot-instances-work.md#spot-instance-tenancy). ### Burstable performance instances You can leverage the benefits of running on dedicated tenancy hardware with [Burstable performance instances](burstable-performance-instances.md). T3 Dedicated Instances launch in unlimited mode by default, and they provide a baseline level of CPU performance with the ability to burst to a higher CPU level when required by your workload. The T3 baseline performance and ability to burst are governed by CPU credits. Because of the burstable nature of the T3 instance types, we recommend that you monitor how your T3 instances use the CPU resources of the dedicated hardware for the best performance. T3 Dedicated Instances are intended for customers with diverse workloads that display random CPU behavior, but that ideally have average CPU usage at or below the baseline usages. For more information, see [Key concepts for burstable performance instances](burstable-credits-baseline-concepts.md). Amazon EC2 has systems in place to identify and correct variability in performance. However, it is still possible to experience short-term variability if you launch multiple T3 Dedicated Instances that have correlated CPU usage patterns. For these more demanding or correlated workloads, we recommend using M5 or M5a Dedicated Instances rather than T3 Dedicated Instances. ## Dedicated Instances limitations Keep the following in mind when using Dedicated Instances: + Some AWS services or their features are not supported with a VPC with the instance tenancy set to `dedicated`. Refer to the respective service's documentation to confirm if there are any limitations. + Some instance types can't be launched into a VPC with the instance tenancy set to `dedicated`. For more information about supported instance types, see [Amazon EC2 Dedicated Instances](https://aws.amazon.com/ec2/pricing/dedicated-instances/). + When you launch a Dedicated Instance backed by Amazon EBS, the EBS volume doesn't run on single-tenant hardware. ## Pricing for Dedicated Instances Pricing for Dedicated Instances is different from pricing for On-Demand Instances. For more information, see the [Amazon EC2 Dedicated Instances](https://aws.amazon.com/ec2/pricing/dedicated-instances/). # Launch Dedicated Instances into a VPC with default tenancy Launch Dedicated Instances When you create a VPC, you have the option of specifying its instance tenancy. If you launch an instance into a VPC that has an instance tenancy of `dedicated`, it runs as a Dedicated Instance on hardware that's dedicated for your use. For more information about launching an instance with a tenancy of `host`, see [Launch Amazon EC2 instances on an Amazon EC2 Dedicated Host](launching-dedicated-hosts-instances.md). For more information about VPC tenancy options, see [Create a VPC](https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html) in the *Amazon VPC User Guide*. **Requirements** + Choose a supported instance type. For more information, see [Amazon EC2 Dedicated Instances](https://aws.amazon.com/ec2/pricing/dedicated-instances/). ------ #### [ Console ] **To launch a Dedicated Instance into a default tenancy VPC** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**, **Launch instance**. 1. In the **Application and OS Images** section, select an AMI from the list. 1. In the **Instance type** section, select the instance type to launch. 1. In the **Key pair** section, select the key pair to associate with the instance. 1. In the **Advanced details** section, for **Tenancy**, select **Dedicated**. 1. Configure the remaining instance options as needed. For more information, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). 1. Choose **Launch instance**. ------ #### [ AWS CLI ] **To set the tenancy option for an instance during launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command and include `Tenancy` with the `--placement` option. ``` --placement Tenancy=dedicated ``` ------ #### [ PowerShell ] **To set the tenancy option for an instance during launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet with the `-Placement_Tenancy` parameter. ``` -Placement_Tenancy dedicated ``` ------ # Change the tenancy of an EC2 instance Change the tenancy of an instance You can change the tenancy of a stopped instance after launch. The changes that you make take effect the next time the instance starts. Alternatively, you can change the tenancy of your virtual private cloud (VPC). For more information, see [Change the instance tenancy of a VPC](change-tenancy-vpc.md). **Limitations** + You can't change the tenancy of an instance using the AWS Management Console. + The instance must be in the `stopped` state. + The operating system details of your instance—and whether SQL Server is installed—affect what conversions are supported. For more information about the tenancy conversion paths available to your instance, see [Tenancy conversion](https://docs.aws.amazon.com/license-manager/latest/userguide/conversion-tenancy.html) in the *License Manager User Guide*. + For T3 instances, you must launch the instance on a Dedicated Host to use a tenancy of `host`. You can't change the tenancy from `host` to `dedicated` or `default`. Attempting to make one of these unsupported tenancy changes results in an `InvalidRequest` error code. ------ #### [ AWS CLI ] **To modify the tenancy value of an instance** Use the [ modify-instance-placement](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-placement.html) command. ``` aws ec2 modify-instance-placement \ --instance-id i-1234567890abcdef0 \ --tenancy dedicated ``` ------ #### [ PowerShell ] **To modify the tenancy value of an instance** Use the [ Edit-EC2InstancePlacement](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstancePlacement.html) cmdlet. ``` Edit-EC2InstancePlacement ` -InstanceId i-1234567890abcdef0 ` -Tenancy Dedicated ``` ------ # Change the instance tenancy of a VPC Change the tenancy of a VPC You can change the instance tenancy of a virtual private cloud (VPC) from `dedicated` to `default` after you create it. Modifying the instance tenancy of a VPC does not affect the tenancy of any existing instances in the VPC. The next time that you launch an instance in the VPC, it has a tenancy of `default`, unless you specify otherwise during instance launch. Alternatively, you can change the tenancy of specific instances. For more information, see [Change the tenancy of an EC2 instance](dedicated-change-tenancy.md). **Limitations** + You can't change the instance tenancy of a VPC from `default` to `dedicated` after it is created. + You can't modify the instance tenancy of a VPC using the AWS Management Console. ------ #### [ AWS CLI ] **To modify the instance tenancy attribute of a VPC** Use the [modify-vpc-tenancy](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-vpc-tenancy.html) command. The only supported tenancy value is `default`. ``` aws ec2 modify-vpc-tenancy \ --vpc-id vpc-1234567890abcdef0 \ --instance-tenancy default ``` ------ #### [ PowerShell ] **To modify the instance tenancy attribute of a VPC** Use the [Edit-EC2VpcTenancy](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2VpcTenancy.html) cmdlet. The only supported tenancy value is `Default`. ``` Edit-EC2VpcTenancy ` -VpcId vpc-1234567890abcdef0 ` -InstanceTenancy Default ``` ------ # On-Demand Capacity Reservations and Capacity Blocks for ML Capacity Reservations Capacity Reservations allow you to reserve compute capacity for Amazon EC2 instances in a specific Availability Zone. There are two types of Capacity Reservations serving different use cases. **Types of Capacity Reservations** + [On-Demand Capacity Reservations](ec2-capacity-reservations.md) + [Capacity Blocks for ML](ec2-capacity-blocks.md) The following are some common use cases for On-Demand Capacity Reservations: + **Scaling events** – Create On-Demand Capacity Reservations ahead of your business-critical events to ensure that you can scale when you need to. + **Regulatory requirements and disaster recovery** – Use On-Demand Capacity Reservations to satisfy regulatory requirements for high availability, and reserve capacity in a different Availability Zone or Region for disaster recovery. + **Sharing unused capacity** – Use Interruptible Capacity Reservations to make unused capacity available for other workloads within your account while maintaining control to reclaim it when needed. The following are some common use cases for Capacity Blocks for ML: + **Machine learning (ML) model training and fine-tuning** – Get uninterrupted access to the GPU instances that you reserved to complete ML model training and fine-tuning. + **ML experiments and prototypes** – Run experiments and build prototypes that require GPU instances for short durations. **When to use On-Demand Capacity Reservation** Use On-Demand Capacity Reservations if you have strict capacity requirements, and your current or future business-critical workloads require capacity assurance. With On-Demand Capacity Reservations, you can ensure that you'll always have access to the Amazon EC2 capacity you've reserved for as long as you need it. **When to use Capacity Blocks for ML** Use Capacity Blocks for ML when you need to ensure that you have uninterrupted access to GPU instances for a defined period of time starting on a future date. Capacity Blocks are ideal for training and fine-tuning ML models, short experimentation runs, and handling temporary surges in inference demand in the future. With Capacity Blocks, you can ensure that you'll have access to GPU resources on a specific date to run your ML workloads. # Reserve compute capacity with EC2 On-Demand Capacity Reservations On-Demand Capacity Reservations Amazon EC2 Capacity Reservations allow you to reserve compute capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. If you have strict capacity requirements for current or future business-critical workloads that require a certain level of long or short-term capacity assurance, we recommend that you create a Capacity Reservation to help ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. You can create a Capacity Reservation at any time, and you can choose when it starts. You can request a Capacity Reservation for immediate use or you can request a Capacity Reservation for a future date. + If you request a **Capacity Reservation for immediate use**, the Capacity Reservation becomes available for use immediately and there is no term commitment. You can modify the Capacity Reservation at any time, and you can cancel it at any time to release the reserved capacity and to stop incurring charges. + If you request a **future-dated Capacity Reservation**, you specify the future date at which you need the Capacity Reservation to become available for use. You must also specify a commitment duration for which you commit to keeping the requested capacity in your account after the specified date. At the requested date and time, the Capacity Reservation becomes available for use and the commitment duration starts. During the commitment duration, you can't decrease the instance count or commitment duration below your initial commitment, or cancel the Capacity Reservation. After the commitment duration elapses, you can modify the Capacity Reservation in any way or cancel it if you no longer need it. Capacity Reservations can only be used by instances that match their attributes. By default, Capacity Reservations automatically match new instances and running instances that have matching attributes (instance type, platform, Availability Zone, and tenancy). This means that any instance with matching attributes automatically runs in the Capacity Reservation. However, you can also target a Capacity Reservation for specific workloads. This allows you to explicitly control which instances are allowed to run in that reserved capacity. You can also specify that instances will only run in a Capacity Reservation or Capacity Reservation resource group. **Important** Future-dated Capacity Reservations are for helping you launch and cover incremental instances, and not to cover existing running instances. If you need to cover existing running instances, use Capacity Reservations that start immediately instead. All supported Amazon EC2 instances with matching attributes, that is instance type, platform, Availability Zone, and tenancy, are eligible to run in a Capacity Reservation. The Amazon EC2 instance can be launched by you (*non-managed instances*) or on your behalf by an AWS service (*managed instances*). This is particularly true for *open* Capacity Reservations, which automatically match with any running instances that have matching attributes. For example, managed instances launched on your behalf by the following services are eligible to run in Capacity Reservations that you create and manage. + Amazon EC2 Auto Scaling + Amazon ECS + Amazon EKS + Amazon EMR + Amazon SageMaker AI + AWS Batch + AWS Elastic Beanstalk + AWS ParallelCluster + AWS Parallel Computing Service (AWS PCS) **Topics** + [ # Concepts for Amazon EC2 Capacity Reservations ](cr-concepts.md) + [ ## Differences between Capacity Reservations, Reserved Instances, and Savings Plans ](#capacity-reservations-differences) + [ ## Supported platforms ](#capacity-reservations-platforms) + [ ## Quotas ](#capacity-reservations-limits) + [ ## Limitations ](#capacity-reservations-limitations) + [ # Capacity Reservation pricing and billing ](capacity-reservations-pricing-billing.md) + [ # Create a Capacity Reservation ](capacity-reservations-create.md) + [ # View the state of a Capacity Reservation ](capacity-reservations-view.md) + [ # Launch instances into an existing Capacity Reservation ](capacity-reservations-launch.md) + [ # Modify an active Capacity Reservation ](capacity-reservations-modify.md) + [ # Modify the Capacity Reservation settings of your instance ](capacity-reservations-modify-instance.md) + [ # Move capacity between Capacity Reservations ](capacity-reservations-move.md) + [ # Split off capacity from an existing Capacity Reservation ](capacity-reservations-split.md) + [ # Cancel a Capacity Reservation ](capacity-reservations-release.md) + [ # Use Capacity Reservations with cluster placement groups ](cr-cpg.md) + [ # Capacity Reservation groups ](create-cr-group.md) + [ # Capacity Reservations in Local Zones ](capacity-reservations-localzones.md) + [ # Capacity Reservations in Wavelength Zones ](capacity-reservations-wavelengthzones.md) + [ # Capacity Reservations on AWS Outposts ](capacity-reservations-outposts.md) + [ # Shared Capacity Reservations ](capacity-reservation-sharing.md) + [ # Capacity Reservation Fleets ](cr-fleets.md) + [ # Monitor Capacity Reservations usage with CloudWatch metrics ](capacity-reservation-cw-metrics.md) + [ # Monitor Capacity Reservation underutilization ](cr-eventbridge.md) + [ # Monitor state changes for future-dated Capacity Reservations ](monitor-fcr-state.md) + [ # Interruptible Capacity Reservations ](interruptible-capacity-reservations.md) # Concepts for Amazon EC2 Capacity Reservations Concepts The following key concepts apply to Capacity Reservations. **Topics** + [ ## Start date and time ](#cr-start-date) + [ ## End date and time ](#cr-end-date) + [ ## Commitment duration ](#cr-commitment-duration) + [ ## Future-dated Capacity Reservation assessment ](#cr-future-dated-assessment) + [ ## Capacity Reservation attributes ](#cr-attributes) + [ ## Instance matching criteria ](#cr-instance-eligibility) ## Start date and time The start date and time defines when the Capacity Reservation becomes available for use. A Capacity Reservation can start **immediately**, or it can start at a **future date**. + If you choose to start a Capacity Reservation immediately, the reserved capacity becomes available for use immediately after you create it, and billing starts as soon as the Capacity Reservation enters the active state. You do not need to enter into any term commitments. You can modify the Capacity Reservation as needed at any time to meet your needs, and you can cancel it at any time to release the capacity and to stop incurring charges. + If you choose to start a Capacity Reservation at a future date, you specify a *future date and time* at which you will need the reserved capacity, and a *commitment duration*, which is the minimum duration for which you commit to keeping the requested Capacity Reservation in your account after it has been provisioned. At the specified future date, the Capacity Reservation becomes available for use and billing starts at that time, once the Capacity Reservation enters the active state. The commit duration starts as soon as the Capacity Reservation is provisioned in your account. During this time, you can't decrease the instance count below the committed instance count, choose an end date that is before the commitment duration, or cancel the Capacity Reservation. However, after the commitment duration lapses, you are free to modify the Capacity Reservation in any way, or cancel it to release the reserved capacity and to stop incurring charges. ## End date and time The end date and time defines when the Capacity Reservation ends and the reserved capacity is released from your account. You can configure a Capacity Reservation to **end automatically** at a specific date and time, or you can configure it to stay active indefinitely until you ** manually cancel it**. If you configure a Capacity Reservation to end automatically, the Capacity Reservation expires within an hour of the specified time. For example, if you specify `5/31/2019, 13:30:55`, the Capacity Reservation is guaranteed to end between `13:30:55` and `14:30:55` on `5/31/2019`. After a reservation ends, the reserved capacity is released from your account and you can no longer target instances to the Capacity Reservation. Instances running in the reserved capacity continue to run uninterrupted. If instances targeting a Capacity Reservation are stopped, you can't restart them until you remove their Capacity Reservation targeting preference or configure them to target a different Capacity Reservation. For more information, see [Modify the Capacity Reservation settings of your instance](capacity-reservations-modify-instance.md). ## Commitment duration The commitment duration applies to future-dated Capacity Reservations only. The commitment duration is a minimum duration for which you commit to having the future-dated Capacity Reservation in the active state in your account after it has been provisioned. You can keep a future-dated Capacity Reservation for longer than the commitment duration, but not shorter. The following apply during the commitment duration: + You can't cancel a Capacity Reservation during the commitment duration. + You can't decrease the instance count below the committed instance count, but you can increase it. + You can't configure a Capacity Reservation to automatically end at a date or time that is within the commitment duration. You can extend the end date and time during the commitment period. Amazon EC2 uses the commitment duration that you specify to assess whether the request can be supported. The minimum commitment duration is 14 days. While assessing a request, Amazon EC2 might determine that it can support a shorter commitment duration. In that case, Amazon EC2 will schedule the future-dated Capacity Reservation with the shorter commitment duration. This means that you are committed to keeping the Capacity Reservation in your account for a shorter period than you initially requested. ## Future-dated Capacity Reservation assessment When you request a future-dated Capacity Reservation, Amazon EC2 assesses the request to determine whether it can be supported based on capacity availability and the commitment duration you specify. The assessment is typically completed within 5 days. Amazon EC2 considers multiple factors when evaluating a request, including: + Forecasted capacity supply + The commitment duration + How early you request the Capacity Reservation relative to your start date + The size of your request You can request a future-dated Capacity Reservation between 5 and 120 days in advance. We recommend that you make the request at least 56 days (8 weeks) in advance to improve our ability to support your request. The minimum commitment duration is 14 days and the minimum instance count is 32 vCPUs. The Capacity Reservation remains in the `assessing` state while the request is being assessed. If the request can be supported, the Capacity Reservation enters the `scheduled` state and it is scheduled for delivery on the requested date and time. The total instance count remains 0 during while the Capacity Reservation is in the `scheduled` state. A scheduled Capacity Reservation will become `active` and available for use at the requested date. If a request can't be supported, the Capacity Reservation enters the `unsupported` state. Unsupported Capacity Reservations are not delivered. You can cancel a future-dated Capacity Reservation while it is in the `assessing` state. For more information, see [Create a future-dated Capacity Reservation](capacity-reservations-create.md#create-future-cr). ## Capacity Reservation attributes When you create a Capacity Reservation, you must specify the following attributes: + Availability Zone + Instance type + Platform (operating system type) + Tenancy (`default` or `dedicated`) Only instances that match these attributes can launch or run in the Capacity Reservation. ## Instance matching criteria Instance matching criteria, or instance eligibility, determines which instances are allowed to launch and run in the Capacity Reservation. A Capacity Reservation can have one of the following matching criteria: + **Open** — The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). New and existing instances that have matching attributes automatically run in the Capacity Reservation without any additional configuration. + **Targeted** — The Capacity Reservation accepts only instances that have matching attributes (instance type, platform, and Availability Zone), and that explicitly target the Capacity Reservation. The instance must specifically target the Capacity Reservation to launch or run in its reserved capacity. This allows you to explicitly control which instances are allowed to run in the reserved capacity and helps you avoid unintentional reserved capacity usage. When you request a future-dated Capacity Reservation, you can specify only targeted matching criteria. This ensures that the capacity delivered by the Capacity Reservation is incremental, or additional, to any running instances or reserved capacity that you have at the time of delivery. After the Capacity Reservation becomes active in your account, you can change the instance matching criteria to open if needed. However, keep in mind that any matching instances will automatically run in the Capacity Reservation, which could lead to unintentional capacity usage and prevent you from launching new instances for the full requested instance count. ## Differences between Capacity Reservations, Reserved Instances, and Savings Plans The following table highlights key differences between Capacity Reservations, Reserved Instances, and Savings Plans: | | Capacity Reservations | Zonal Reserved Instances | Regional Reserved Instances | Savings Plans | | --- | --- | --- | --- | --- | | Term | No commitment required for immediate-use Capacity Reservations. They can be created, modified, and canceled as needed. With future-dated Capacity Reservations, you specify a commitment duration for which you commit to keeping the capacity in your account. After the commitment duration elapses, you can cancel the Capacity Reservation at any time. | Requires a fixed one-year or three-year commitment | | Capacity benefit | Capacity reserved in a specific Availability Zone. | No capacity reserved. | | Billing discount | No billing discount. † | Provides a billing discount. | | Instance Limits | Your On-Demand Instance limits per Region apply. | Default is 20 per Availability Zone. You can request a limit increase. | Default is 20 per Region. You can request a limit increase. | No limit. | † You can combine Capacity Reservations with Savings Plans or Regional Reserved Instances to receive a discount. For more information, see the following: + [Reserved Instances for Amazon EC2 overview](ec2-reserved-instances.md) + [Savings Plans User Guide](https://docs.aws.amazon.com/savingsplans/latest/userguide/) ## Supported platforms You must create the Capacity Reservation with the correct platform to ensure that it properly matches with your instances. Capacity Reservations support the following values for `platform`: + Linux/UNIX + Linux with SQL Server Standard + Linux with SQL Server Web + Linux with SQL Server Enterprise + SUSE Linux + Red Hat Enterprise Linux + RHEL with SQL Server Standard + RHEL with SQL Server Enterprise + RHEL with SQL Server Web + RHEL with HA + RHEL with HA and SQL Server Standard + RHEL with HA and SQL Server Enterprise + Ubuntu Pro + Windows + Windows with SQL Server + Windows with SQL Server Web + Windows with SQL Server Standard + Windows with SQL Server Enterprise To ensure that an instance runs in a specific Capacity Reservation, the platform of the Capacity Reservation must match the platform of the AMI used to launch the instance. For Linux AMIs, it is important to check whether the AMI platform uses the general value **Linux/UNIX** or a more specific value like **SUSE Linux**. ------ #### [ Console ] **To check the AMI platform** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **AMIs**. 1. Select the AMI. 1. On the **Details** tab, note the value of **Platform details**. ------ #### [ AWS CLI ] **To check the AMI platform** Use the [describe-images](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html) command and check the value of `PlatformDetails`. ``` aws ec2 describe-images \ --image-ids ami-0abcdef1234567890 \ --query Images[*].PlatformDetails ``` The following is example output. ``` [ "Linux/UNIX" ] ``` ------ #### [ PowerShell ] **To check the AMI platform** Use the [Get-EC2Image](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Image.html) cmdlet and check the value of `PlatformDetails`. ``` Get-EC2Image ` -ImageId ami-0abcdef1234567890 | ` Select PlatformDetails ``` The following is example output. ``` PlatformDetails --------------- Linux/UNIX ``` ------ ## Quotas The number of instances for which you are allowed to reserve capacity is based on your account's On-Demand Instance quota. You can reserve capacity for as many instances as that quota allows, minus the number of instances that are already running. Capacity Reservations in the `assessing`, `scheduled`, `pending` , `active`, and `delayed` state count towards your On-Demand Instance quota. ## Limitations Before you create Capacity Reservations, take note of the following limitations and restrictions. + Active and unused Capacity Reservations count toward your On-Demand Instance limits. + Capacity Reservations are not transferable from one AWS account to another. However, you can share Capacity Reservations with other AWS accounts. For more information, see [Shared Capacity Reservations](capacity-reservation-sharing.md). + Zonal Reserved Instance billing discounts do not apply to Capacity Reservations. + Capacity Reservations can be created in cluster placement groups. Spread and partition placement groups are not supported. + Capacity Reservations can't be used with Dedicated Hosts. Capacity Reservations can be used with Dedicated Instances. + [Windows instances] Capacity Reservations can't be used with Bring Your Own License (BYOL). + [Red Hat instances] Capacity Reservations can be used with Bring Your Own License (BYOL). + Capacity Reservations do not ensure that a hibernated instance can resume after you try to start it. + You can request future-dated Capacity Reservations for an instance count with a minimum of 32 vCPUs. For example, if you request a future-dated Capacity Reservation for `m5.xlarge` instances, you must request at least 8 instances (*8 \$1 m5.xlarge = 32 vCPUs*). + You can request future-dated Capacity Reservations for instance types in the following series only: C, G, I, M, R, and T. # Capacity Reservation pricing and billing Pricing and billing The topics in this section provide an overview of pricing and billing for Capacity Reservations. **Topics** + [ ## Pricing ](#capacity-reservations-pricing) + [ ## Billing ](#capacity-reservations-billing) + [ ## Billing discounts ](#capacity-reservations-discounts) + [ ## Viewing your bill ](#capacity-reservations-viewing-bill) ## Pricing Capacity Reservations are charged at the equivalent On-Demand rate whether you run instances in reserved capacity or not, including any applicable regional surcharge for Dedicated Instances. If you do not use the reservation, this shows up as unused reservation on your Amazon EC2 bill. When you run an instance that matches the attributes of a reservation, you just pay for the instance and nothing for the reservation. There are no upfront or additional charges. For example, if you create a Capacity Reservation for 20 `m4.large` Linux instances and run 15 `m4.large` Linux instances in the same Availability Zone, you will be charged for 15 active instances and for 5 unused instances in the reservation. Billing discounts for Savings Plans and Regional Reserved Instances apply to Capacity Reservations. For more information, see [Billing discounts](#capacity-reservations-discounts). For more information, see [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/). ## Billing Billing starts as soon as the Capacity Reservation is provisioned in your account, and it continues while the Capacity Reservation remains provisioned in your account. For future-dated Capacity Reservations, this means that billing starts only once the Capacity Reservation is provisioned in your account at the requested future date. Capacity Reservations are billed at per-second granularity. This means that you are charged for partial hours. For example, if a Capacity Reservation remains provisioned in your account for `24` hours and `15` minutes, you are billed for `24.25` reservation hours. The following example shows how a Capacity Reservation is billed. The Capacity Reservation is created for one `m4.large` Linux instance, which has an On-Demand rate of \$10.10 per usage hour. In this example, the Capacity Reservation is provisioned in the account for five hours. The Capacity Reservation is unused for the first hour, so it is billed for one unused hour at the `m4.large` instance type's standard On-Demand rate. In hours two through five, the Capacity Reservation is occupied by an `m4.large` instance. During this time, the Capacity Reservation accrues no charges, and the account is instead billed for the `m4.large` instance occupying it. In the sixth hour, the Capacity Reservation is canceled and the `m4.large` instance runs normally outside of the reserved capacity. For that hour, it is charged at the On-Demand rate of the `m4.large` instance type. ![\[Capacity Reservation billing example\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/cr-billing-example.png) ## Billing discounts Billing discounts for Savings Plans and Regional Reserved Instances apply to Capacity Reservations. AWS automatically applies these discounts to Capacity Reservations that have matching attributes. When a Capacity Reservation is used by an instance, the discount is applied to the instance. Discounts are preferentially applied to instance usage before covering unused Capacity Reservations. Billing discounts for zonal Reserved Instances do not apply to Capacity Reservations. For more information, see the following: + [Reserved Instances for Amazon EC2 overview](ec2-reserved-instances.md) + [Savings Plans User Guide](https://docs.aws.amazon.com/savingsplans/latest/userguide/) + [Billing and purchase options](https://aws.amazon.com/ec2/faqs/#capacityreservations) ## Viewing your bill You can review the charges and fees to your account on the AWS Billing and Cost Management console. + The **Dashboard** displays a spend summary for your account. + On the **Bills** page, under **Details**, expand the **Elastic Compute Cloud** section and the Region to get billing information about your Capacity Reservations. You can view the charges online, or you can download a CSV file. For more information, see [Capacity Reservation line items](https://docs.aws.amazon.com/cur/latest/userguide/monitor-ondemand-reservations.html#capacity-reservation-li). # Create a Capacity Reservation You can create a Capacity Reservation at any time to ensure that you have compute capacity available in a specific Availability Zone. A Capacity Reservation can start immediately, or it can start at a future date. The capacity becomes available for use only once the Capacity Reservation enters the `active` state. **Note** If you create a Capacity Reservation with `open` instance matching criteria, and you have running instances with matching attributes at the time the Capacity Reservation becomes active, those instances automatically run in the reserved capacity. To avoid this, use `targeted` instance matching criteria. For more information, see [Instance matching criteria](cr-concepts.md#cr-instance-eligibility). Your request to create a Capacity Reservation could fail if one of the following is true: + Amazon EC2 does not have sufficient capacity to fulfill the request. Either try again at a later time, try a different Availability Zone, or try a smaller request. If your application is flexible across instance types and sizes, try different instance attributes. + The requested quantity exceeds your On-Demand Instance limit for the selected instance family. Increase your On-Demand Instance limit for the instance family and try again. For more information, see [On-Demand Instance quotas](ec2-on-demand-instances.md#ec2-on-demand-instances-limits). **Topics** + [ ## Create a Capacity Reservation for immediate use ](#create-immediate-cr) + [ ## Create a future-dated Capacity Reservation ](#create-future-cr) ## Create a Capacity Reservation for immediate use You create a Capacity Reservation for immediate use. ------ #### [ Console ] **To create a Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations**, and then choose **Create Capacity Reservation**. 1. Configure the following settings in the **Instance details** section. 1. **Instance Type** — The instance type for which to reserve capacity. 1. **Platform** — The operating system for your instances. For more information, see [Supported platforms](ec2-capacity-reservations.md#capacity-reservations-platforms). 1. **Availability Zone** — The Availability Zone in which to reserve the capacity. 1. **Tenancy** — The type of tenancy to use for the reserved capacity. Choose Default to reserve capacity on shared hardware, or Dedicated to reserve capacity on hardware that is dedicated to your account. 1. (*Optional*) **Placement group ARN** — The ARN of the cluster placement group in which to create the Capacity Reservation. For more information, see [Use Capacity Reservations with cluster placement groups](cr-cpg.md). 1. **Total instance count** — The number of instances for which to reserve capacity. If you specify a quantity that exceeds your remaining On-Demand Instance quota for the selected instance type, the request fails. 1. Configure the following settings in the **Reservation details** section: 1. **Capacity Reservation starts** — Choose **Immediately**. 1. **Capacity Reservation ends** — Choose one of the following options: + **Manually** — Reserve the capacity until you explicitly cancel it. + **Specific time** — Cancel the capacity reservation automatically at the specified date and time. 1. **Instance eligibility** — Choose one of the following options: + **open** — (Default) The Capacity Reservation matches any instance that has matching attributes (instance type, platform, Availability Zone, and tenancy). If you launch an instance with matching attributes, it is placed into the reserved capacity automatically. + **targeted** — The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, Availability Zone, and tenancy), and that explicitly target the reservation. 1. Choose **Create**. ------ #### [ AWS CLI ] **To create a Capacity Reservation** Use the [create-capacity-reservation](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-capacity-reservation.html) command. ``` aws ec2 create-capacity-reservation \ --availability-zone az_name \ --instance-type instance_type \ --instance-count number_of_instances \ --instance-platform operating_system \ --instance-match-criteria open|targeted ``` ------ #### [ PowerShell ] **To create a Capacity Reservation** Use the [Add-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Add-EC2CapacityReservation.html) cmdlet. ``` Add-EC2CapacityReservation ` -AvailabilityZone az_name ` -InstanceType instance_type ` -InstanceCount number_of_instances ` -InstancePlatform operating_system ` -InstanceMatchCriterion open|targeted ``` ------ ## Create a future-dated Capacity Reservation Request a future-dated Capacity Reservation if you need the reserved capacity to become available at a future date and time. After you request a future-dated Capacity Reservation, the request undergoes an assessment to determine whether it can be supported. For more information, see [Future-dated Capacity Reservation assessment](cr-concepts.md#cr-future-dated-assessment). **Considerations** + You can request future-dated Capacity Reservations for instance types in the following series: C, G, I, M, R, and T. + You can request future-dated Capacity Reservations for an instance count with a minimum of 32 vCPUs. For example, if you request a future-dated Capacity Reservation for `m5.xlarge` instances, you must request capacity for at least 8 instances (*8 \$1 m5.xlarge = 32 vCPUs*). + You can request a future-dated Capacity Reservation between 5 and 120 days in advance. However, we recommend that you request it at least 56 days (8 weeks) in advance to improve supportability. + The minimum commitment duration is 14 days. ------ #### [ Console ] **To create a Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations**, and then choose **Create Capacity Reservation**. 1. Configure the following settings in the **Instance details** section. 1. **Instance Type** — The instance type for which to reserve capacity. 1. **Platform** — The operating system for your instances. For more information, see [Supported platforms](ec2-capacity-reservations.md#capacity-reservations-platforms). 1. **Availability Zone** — The Availability Zone in which to reserve the capacity. 1. **Tenancy** — The type of tenancy to use for the reserved capacity. Choose Default to reserve capacity on shared hardware, or Dedicated to reserve capacity on hardware that is dedicated to your account. 1. **Total instance count** — The number of instances for which to reserve capacity. If you specify a quantity that exceeds your remaining On-Demand Instance quota for the selected instance type, the request fails. 1. Configure the following settings in the **Reservation details** section: 1. **Capacity Reservation starts** — Choose **At a specific time**. 1. **Start date** — Specify the date and time at which the Capacity Reservation must become available for use. For more information, see [Start date and time](cr-concepts.md#cr-start-date). 1. **Commitment duration** — Specify the minimum duration for which you commit keeping the Capacity Reservation after it has been delivered. For more information, see [Commitment duration](cr-concepts.md#cr-commitment-duration). 1. **Capacity Reservation ends** — Choose one of the following options: + **When I cancel it** — Reserve the capacity until you explicitly cancel it. + **Specific time** — Cancel the capacity reservation automatically at the specified date and time. 1. Choose **Create**. ------ #### [ AWS CLI ] **To create a Capacity Reservation** Use the [create-capacity-reservation](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-capacity-reservation.html) command. ``` aws ec2 create-capacity-reservation \ --availability-zone az_name \ --instance-type instance_type \ --instance-count number_of_instances \ --instance-platform operating_system \ --instance-match-criteria targeted \ --delivery-preference incremental \ --commitment-duration commitment_in_seconds \ --start-date YYYY-MMDDThh:mm:ss.sssZ ``` ------ #### [ PowerShell ] **To create a Capacity Reservation** Use the [Add-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Add-EC2CapacityReservation.html) cmdlet. ``` Add-EC2CapacityReservation ` -AvailabilityZone az_name ` -InstanceType instance_type ` -InstanceCount number_of_instances ` -InstancePlatform operating_system ` -InstanceMatchCriterion targeted ` -DeliveryPreference incremental ` -CommitmentDuration commitment_in_seconds ` -StartDate YYYY-MMDDThh:mm:ss.sssZ ``` ------ # View the state of a Capacity Reservation Amazon EC2 constantly monitors the state of your Capacity Reservations. Due to the [eventual consistency](https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html) model followed by the Amazon EC2 API, after you create a Capacity Reservation, it can take up to 5 minutes for the state of the Capacity Reservation to reflect that it is `active`. During this time, the Capacity Reservation might remain in the `pending` state. However, it might already be available for use, in which case attempts to launch instances into the Capacity Reservation would succeed. ------ #### [ Console ] **To view your Capacity Reservations** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. Select the Capacity Reservation. ------ #### [ AWS CLI ] **To describe your Capacity Reservations** Use the [describe-capacity-reservations](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-reservations.html) command. For example, the following command describes all Capacity Reservations. ``` aws ec2 describe-capacity-reservations ``` The following is example output. ``` { "CapacityReservations": [ { "CapacityReservationId": "cr-1234abcd56EXAMPLE", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "open", "Tags": [], "EphemeralStorage": false, "CreateDate": "2019-08-16T09:03:18.000Z", "AvailableInstanceCount": 1, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 1, "State": "active", "Tenancy": "default", "EbsOptimized": true, "InstanceType": "a1.medium", "PlacementGroupArn": "arn:aws:ec2:us-east-1:123456789012:placement-group/MyPG" }, { "CapacityReservationId": "cr-abcdEXAMPLE9876ef", "EndDateType": "unlimited", "AvailabilityZone": "eu-west-1a", "InstanceMatchCriteria": "open", "Tags": [], "EphemeralStorage": false, "CreateDate": "2019-08-07T11:34:19.000Z", "AvailableInstanceCount": 3, "InstancePlatform": "Linux/UNIX", "TotalInstanceCount": 3, "State": "cancelled", "Tenancy": "default", "EbsOptimized": true, "InstanceType": "m5.large" } ] } ``` ------ #### [ PowerShell ] **To describe a Capacity Reservation** Use the [Get-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CapacityReservation.html) cmdlet. ``` Get-EC2CapacityReservation ` -CapacityReservationId cr-1234abcd56EXAMPLE ``` ------ ## Capacity Reservation states Capacity Reservations have the following possible states. | State | Description | | --- | --- | | active | The capacity is available for use. | | expired | The Capacity Reservation expired automatically at the date and time specified in your reservation request. The reserved capacity is no longer available for your use. | | cancelled | The Capacity Reservation was canceled. The reserved capacity is no longer available for your use. | | pending | The Capacity Reservation request was successful but the capacity provisioning is still pending. | | failed | The Capacity Reservation request has failed. A request can fail due to request parameters that are not valid, capacity constraints, or instance limit constraints. You can view a failed request for 60 minutes. | | scheduled | (Future-dated Capacity Reservations only) The future-dated Capacity Reservation request was approved and the Capacity Reservation is scheduled for delivery on the requested start date. | | assessing | (Future-dated Capacity Reservations only) Amazon EC2 is assessing your request for a future-dated Capacity Reservation. For more information, see [Future-dated Capacity Reservation assessment](cr-concepts.md#cr-future-dated-assessment). | | delayed | (Future-dated Capacity Reservations only) Amazon EC2 encountered a delay in provisioning the requested future-dated Capacity Reservation. Amazon EC2 is unable to deliver the requested capacity by the requested start date and time. | | unsupported | (Future-dated Capacity Reservations only) Amazon EC2 can't support the future-dated Capacity Reservation request due to capacity constraints. You can view unsupported requests for 30 days. The Capacity Reservation will not be delivered. | # Launch instances into an existing Capacity Reservation Launch instances into Capacity Reservation You can only launch an instance into a Capacity Reservation that: + Has matching attributes (instance type, platform, Availability Zone, and tenancy) + Has sufficient available capacity + Is in the `active` state When you launch an instance, you can specify whether to launch the instance into any `open` Capacity Reservation, into a specific Capacity Reservation, or into a group of Capacity Reservations. Alternatively, you can configure the instance to avoid running in a Capacity Reservation, even if you have an `open` Capacity Reservation that has matching attributes and available capacity. Launching an instance into a Capacity Reservation reduces its available capacity by the number of instances launched. For example, if you launch three instances, the available capacity of the Capacity Reservation is reduced by three. ------ #### [ Console ] **To launch instances into an existing Capacity Reservation** 1. Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md), but don't launch the instance until you've completed the following steps to specify the settings for the placement group and Capacity Reservation. 1. Expand **Advanced details** and do the following: 1. For **Placement group**, select the cluster placement group in which to launch the instance. 1. For **Capacity Reservation**, choose one of the following options depending on the configuration of the Capacity Reservation: + **None** – Prevents the instances from launching into a Capacity Reservation. The instances run in On-Demand capacity. + **Open** – Launches the instances into any Capacity Reservation that has matching attributes and sufficient capacity for the number of instances you selected. If there is no matching Capacity Reservation with sufficient capacity, the instance uses On-Demand capacity. + **Specify Capacity Reservation** – Launches the instances into the selected Capacity Reservation. If the selected Capacity Reservation does not have sufficient capacity for the number of instances you selected, the instance launch fails. + **Specify Capacity Reservation resource group** – Launches the instances into any Capacity Reservation with matching attributes and available capacity in the selected Capacity Reservation group. If the selected group does not have a Capacity Reservation with matching attributes and available capacity, the instances launch into On-Demand capacity. + **Specify Capacity Reservation only** – Launches the instances into a Capacity Reservation. If a Capacity Reservation ID isn't specified, the instances launch into an open Capacity Reservation. If capacity isn't available, the instances fail to launch. + **Specify Capacity Reservation resource group only** – Launches the instances into a Capacity Reservation in a Capacity Reservation resource group. If a Capacity Reservation resource group ARN isn't specified, the instances launch into an open Capacity Reservation. If capacity isn't available, the instances fail to launch. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. ------ #### [ AWS CLI ] **To launch an instance into an existing Capacity Reservation** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command and specify the `--capacity-reservation-specification` option. The following example launches an instance into any open Capacity Reservation with matching attributes and available capacity: ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type t2.micro \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --capacity-reservation-specification CapacityReservationPreference=open ``` The following example launches an instance into a `targeted` Capacity Reservation: ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type t2.micro \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --capacity-reservation-specification \ CapacityReservationTarget={CapacityReservationId=cr-1234abcd56EXAMPLE} ``` The following example launches an instance into the specified Capacity Reservation group: ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type t2.micro \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --capacity-reservation-specification \ CapacityReservationTarget={CapacityReservationResourceGroupArn=arn:aws:resource-groups:us-west-2:123456789012:group/my-cr-group} ``` The following example launches an instance into a Capacity Reservation only. Because it does not specify a Capacity Reservation ID, the instance launches in any open Capacity Reservation with matching attributes and available capacity: ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type t2.micro \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --capacity-reservation-specification \ CapacityReservationPreference=capacity-reservations-only ``` The following example launches an instance into a specific Capacity Reservation only. If capacity isn't available in the specified Capacity Reservation, the instance fails to launch. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type t2.micro \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --capacity-reservation-specification \ CapacityReservationPreference=capacity-reservations-only \ CapacityReservationTarget={CapacityReservationId=cr-1234abcd56EXAMPLE} ``` ------ #### [ PowerShell ] **To launch an instance into an existing Capacity Reservation** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet. The following example launches an instance into any open Capacity Reservation with matching attributes and available capacity: ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType t2.micro ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -CapacityReservationSpecification_CapacityReservationPreference "open" ``` The following example launches an instance into a `targeted` Capacity Reservation: ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType t2.micro ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -CapacityReservationTarget_CapacityReservationId cr-1234abcd56EXAMPLE ``` The following example launches an instance into the specified Capacity Reservation group: ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType t2.micro ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -CapacityReservationTarget_CapacityReservationResourceGroupArn ` "arn:aws:resource-groups:us-west-2:123456789012:group/my-cr-group" ``` The following example launches an instance into a Capacity Reservation only. Because it does not specify a Capacity Reservation ID, the instance launches in any open Capacity Reservation with matching attributes and available capacity: ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType t2.micro ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -CapacityReservationSpecification_CapacityReservationPreference "capacity-reservations-only" ``` The following example launches an instance into a specific Capacity Reservation only. If capacity isn't available in the specified Capacity Reservation, the instance fails to launch. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType t2.micro ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -CapacityReservationSpecification_CapacityReservationPreference "capacity-reservations-only" ` -CapacityReservationTarget_CapacityReservationId cr-1234abcd56EXAMPLE ``` ------ # Modify an active Capacity Reservation Modify Capacity Reservation If you have an existing Capacity Reservation which isn't a good fit for the workload that needs the capacity, you can modify the instance quantity, instance eligibility (`open` or `targeted`), and end time (`At specific time` or `Manually`). If you specify a new instance quantity that exceeds your remaining On-Demand Instance limit for the selected instance type, the update fails. The allowed modifications depend on the state of the Capacity Reservation: + `assessing` or `scheduled` state — You can modify the tags only. + `pending` state — You can't modify the Capacity Reservation in any way. + `active` state but still within the commitment duration — You can't decrease the instance count below the committed instance count, or set an end date that is before the committed duration. All other modifications are allowed. + `active` state with no commitment duration or elapsed commitment duration — All modifications are allowed. + `expired`, `cancelled`, `unsupported`, or `failed` state — You can't modify the Capacity Reservation in any way. **Considerations** + You can't change the instance type, platform, Availability Zone, or tenancy after creation. If you need to modify any of these attributes, we recommend that you cancel the reservation, and then create a new one with the required attributes. + If you modify an existing Capacity Reservation by changing the instance eligibility from `targeted` to `open`, any running instances that match the attributes of the Capacity Reservation, have the `CapacityReservationPreference` parameter set to `open`, and are not yet running in a Capacity Reservation, will automatically use the modified Capacity Reservation. + To change the instance eligibility, the Capacity Reservation must be completely idle (zero usage) because Amazon EC2 can't modify instance eligibility when instances are running inside the reservation. ------ #### [ Console ] **To modify a Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations**, select the Capacity Reservation to modify, and then choose **Edit**. 1. Modify the **Total capacity**, **Capacity Reservation ends**, or **Instance eligibility** options as needed, and choose **Save**. ------ #### [ AWS CLI ] **To modify a Capacity Reservation** Use the [modify-capacity-reservation](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-capacity-reservation.html) command. The following example modifies the specified Capacity Reservation to reserve capacity for eight instances. ``` aws ec2 modify-capacity-reservation \ --capacity-reservation-id cr-1234567890abcdef0 \ --instance-count 8 ``` ------ #### [ PowerShell ] **To modify a Capacity Reservation** Use the [Edit-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2CapacityReservation.html) cmdlet. The following example modifies the specified Capacity Reservation to reserve capacity for eight instances. ``` Edit-EC2CapacityReservation ` -CapacityReservationId cr-1234567890abcdef0 ` -InstanceCount 8 ``` ------ # Modify the Capacity Reservation settings of your instance Modify instance Capacity Reservation settings You can modify the following Capacity Reservation settings for a stopped instance at any time: + Start in any Capacity Reservation that has matching attributes (instance type, platform, Availability Zone, and tenancy) and available capacity. + Start the instance in a specific Capacity Reservation. + Start in any Capacity Reservation that has matching attributes and available capacity in a Capacity Reservation group + Prevent the instance from starting in a Capacity Reservation. ------ #### [ Console ] **To modify instance Capacity Reservation settings** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Instances** and select the instance to modify. Stop the instance if it is not already stopped. 1. Choose **Actions**, **Instance settings**, **Modify Capacity Reservation Settings**. 1. For **Capacity Reservation**, choose one of the following options: + **Open** – Launches the instances into any Capacity Reservation that has matching attributes and sufficient capacity for the number of instances you selected. If there is no matching Capacity Reservation with sufficient capacity, the instance uses On-Demand capacity. + **None** – Prevents the instances from launching into a Capacity Reservation. The instances run in On-Demand capacity. + **Specify Capacity Reservation** – Launches the instances into the selected Capacity Reservation. If the selected Capacity Reservation does not have sufficient capacity for the number of instances you selected, the instance launch fails. + **Specify Capacity Reservation group** – Launches the instances into any Capacity Reservation with matching attributes and available capacity in the selected Capacity Reservation group. If the selected group does not have a Capacity Reservation with matching attributes and available capacity, the instances launch into On-Demand capacity. + **Specify Capacity Reservation only** – Launches the instances into a Capacity Reservation. If a Capacity Reservation ID isn't specified, the instances launch into an open Capacity Reservation. If capacity isn't available, the instances fail to launch. + **Specify Capacity Reservation resource group only** – Launches the instances into a Capacity Reservation in a Capacity Reservation resource group. If a Capacity Reservation resource group ARN isn't specified, the instances launch into an open Capacity Reservation. If capacity isn't available, the instances fail to launch. ------ #### [ AWS CLI ] **To modify instance Capacity Reservation settings** Use the [modify-instance-capacity-reservation-attributes](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-capacity-reservation-attributes.html) command. The following example changes the Capacity Reservation preference to `none`. ``` aws ec2 modify-instance-capacity-reservation-attributes \ --instance-id i-1234567890abcdef0 \ --capacity-reservation-specification CapacityReservationPreference=none ``` The following example the target to a specific Capacity Reservation. ``` aws ec2 modify-instance-capacity-reservation-attributes \ --instance-id i-1234567890abcdef0 \ --capacity-reservation-specification \ CapacityReservationTarget={CapacityReservationId=cr-1234567890abcdef0} ``` The following example changes the target to a specific Capacity Reservation group. ``` aws ec2 modify-instance-capacity-reservation-attributes \ --instance-id i-1234567890abcdef0 \ --capacity-reservation-specification \ CapacityReservationTarget={CapacityReservationResourceGroupArn=arn:aws:resource-groups:us-west-2:123456789012:group/my-cr-group} ``` The following example changes the Capacity Reservation preference to `capacity-reservation-only`. Because it doesn't specify a Capacity Reservation, instances launch into any open Capacity Reservation with matching attributes and available capacity. ``` aws ec2 modify-instance-capacity-reservation-attributes \ --instance-id i-1234567890abcdef0 \ --capacity-reservation-specification CapacityReservationPreference=capacity-reservation-only ``` The following example changes the Capacity Reservation preference to `capacity-reservation-only` and changes the target to a specific Capacity Reservation. If capacity isn't available in the specified Capacity Reservation, the instances fail to launch. ``` aws ec2 modify-instance-capacity-reservation-attributes \ --instance-id i-1234567890abcdef0 \ --capacity-reservation-specification \ CapacityReservationPreference=capacity-reservation-only \ CapacityReservationTarget={CapacityReservationId=cr-1234567890abcdef0} ``` ------ #### [ PowerShell ] **To modify instance Capacity Reservation settings** Use the [Edit-EC2InstanceCapacityReservationAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceCapacityReservationAttribute.html) cmdlet. The following example changes the Capacity Reservation preference to `none`. ``` Edit-EC2InstanceCapacityReservationAttribute ` -InstanceId i-1234567890abcdef0 ` -CapacityReservationSpecification_CapacityReservationPreference "none" ``` The following example the target to a specific Capacity Reservation. ``` Edit-EC2InstanceCapacityReservationAttribute ` -InstanceId i-1234567890abcdef0 ` -CapacityReservationTarget_CapacityReservationId cr-1234567890abcdef0 ``` The following example changes the target to a specific Capacity Reservation group. ``` Edit-EC2InstanceCapacityReservationAttribute ` -InstanceId i-1234567890abcdef0 ` -CapacityReservationTarget_CapacityReservationResourceGroupArn ` "arn:aws:resource-groups:us-west-2:123456789012:group/my-cr-group" ``` The following example changes the Capacity Reservation preference to `capacity-reservation-only`. Because it doesn't specify a Capacity Reservation, instances launch into any open Capacity Reservation with matching attributes and available capacity. ``` Edit-EC2InstanceCapacityReservationAttribute ` -InstanceId i-1234567890abcdef0 ` -CapacityReservationSpecification_CapacityReservationPreference "capacity-reservation-only" ``` The following example changes the Capacity Reservation preference to `capacity-reservation-only` and changes the target to a specific Capacity Reservation. If capacity isn't available in the specified Capacity Reservation, the instances fail to launch. ``` Edit-EC2InstanceCapacityReservationAttribute ` -InstanceId i-1234567890abcdef0 ` -CapacityReservationSpecification_CapacityReservationPreference "capacity-reservation-only" ` -CapacityReservationTarget_CapacityReservationId cr-1234567890abcdef0 ``` ------ # Move capacity between Capacity Reservations Move capacity You can move capacity from one Capacity Reservation to another to redistribute your reserved compute resources as needed. For example, if you need additional capacity in a reservation with growing usage, and you have capacity available in another reservation, then you can reallocate that capacity between the two reservations. ## Prerequisites for moving capacity As a prerequisite, the two Capacity Reservations must meet the following requirements: + Both reservations must be in the active state. + Both reservations must be owned by your AWS account. You cannot move capacity between reservations owned by different AWS accounts. + Both reservations must have the same: + Instance type + Platform + Availability Zone + Tenancy + Placement group + End time The destination Capacity Reservations instance eligibility (`open` or `targeted`), and tags, don't have to match the source reservation. The configuration of both reservations remains the same, except that the source reservation has reduced capacity and the destination reservation has increased capacity. When you specify the quantity of instances to be moved, by default, any available capacity is moved first, followed by any eligible running instances (the used capacity in your reservation). For example, if you move 4 instances from a reservation with 5 used instances and 3 available instances, then the 3 available instances and 1 used instance will be moved. **Note** When you move used capacity from your reservation by specifying a **Quantity to move** that's greater than the available capacity, only the instances that were launched with their **Capacity Reservation Specification** as `open` will be moved. ## Considerations The following considerations apply when moving capacity from one reservation to another: + The used capacity can only be moved between Capacity Reservations with `open` instance eligibility that are shared with the same set of accounts. + When you move used capacity, the eligible instances are randomly selected. You cannot specify which running instances are moved. If a sufficient number of eligible instances are not found to fulfill the move quantity, the move operation will fail. + If you move all of the capacity from the source reservation, the Capacity Reservation will be automatically canceled. + **Future-dated Capacity Reservations ** — You can't move capacity for a future-dated Capacity Reservation during the commitment period. **Note** Moving capacity from a Capacity Block isn't supported. ## Move capacity You can move capacity from a source Capacity Reservation to a destination Capacity Reservation. ------ #### [ Console ] **To move capacity** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Capacity Reservations**. 1. Select an On-Demand Capacity Reservation ID that has capacity to move. 1. Under **Actions**, **Manage capacity**, choose **Move**. 1. On the **Move capacity** page, under **Destination Capacity Reservation**, select a reservation from the list. 1. Under **Quantity to move**, use the slider or type the number of instances to move from the source Capacity Reservation to the destination Capacity Reservation. 1. Review the summary, and when you're ready, choose **Move**. ------ #### [ AWS CLI ] **To move capacity** Use the [move-capacity-reservation-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/move-capacity-reservation-instances.html) command. The following example moves 10 instances from the specified source Capacity Reservation to the specified destination Capacity Reservation. ``` aws ec2 move-capacity-reservation-instances \ --source-capacity-reservation-id cr-1234567890abcdef0 \ --destination-capacity-reservation-id cr-021345abcdef56789 \ --instance-count 10 ``` ------ #### [ PowerShell ] **To move capacity** Use the [Move-EC2CapacityReservationInstance](https://docs.aws.amazon.com/powershell/latest/reference/items/Move-EC2CapacityReservationInstance.html) cmdlet. The following example moves 10 instances from the specified source Capacity Reservation to the specified destination Capacity Reservation. ``` Move-EC2CapacityReservationInstance ` -SourceCapacityReservationId cr-1234567890abcdef0 ` -DestinationCapacityReservationId cr-021345abcdef56789 ` -InstanceCount 10 ``` ------ # Split off capacity from an existing Capacity Reservation Split off capacity You can split off capacity from an existing Capacity Reservation to create a new reservation. By splitting capacity, you allocate a portion of the original reservation to a specific workload or share it with another AWS account. For example, to partially share a Capacity Reservation with another account, you can split off some of the capacity to create a smaller sized Capacity Reservation. The smaller sized Capacity Reservation can then be shared with the other accounts using [AWS Resource Access Manager](https://docs.aws.amazon.com/ram/latest/userguide/what-is.html). When you split capacity from an existing Capacity Reservation, a new Capacity Reservation is automatically created. The existing reservation will be unchanged, except for the reduced total capacity from the number of instances split off. Instances that are running in the existing Capacity Reservation are not affected. You can split the existing reservation into only one new Capacity Reservation. The new Capacity Reservation will have the same configuration as the existing Capacity Reservation except for tags. By default, the new Capacity Reservation doesn't have any tags. You can specify new tags during the split operation. The new Capacity Reservation can also be modified after it is created, if necessary. When you specify the quantity of instances to be split, by default, any available capacity is split first, followed by any eligible running instances (the used capacity in your reservation). For example: if you split 4 instances from a Capacity Reservation with 5 used instances and 3 available instances, then the 3 available instances and 1 used instance will be split into a new reservation. ## Prerequisites for splitting capacity As a prerequisite, your Capacity Reservation must meet the following requirements: + The source reservation must be in the active state. + The source reservation must be owned by your AWS account. **Note** When you split used capacity from your reservation by specifying a **Quantity to split** that's greater than the available capacity, only the instances that were launched with their **Capacity Reservation Specification** as `open` will be split. ## Considerations The following considerations apply when splitting off capacity from one reservation to a new one: + The used capacity can only be split for Capacity Reservations with “open” instance eligibility that are not shared with any account. + When you split the used capacity, the eligible instances are randomly selected. You cannot specify which running instances are split. If a sufficient number of eligible instances are not found to fulfill the split quantity, the split operation will fail. + The maximum quantity of instances to split from an existing reservation is the size of the reservation minus one. For example, if your reservation’s total capacity is 5 instances, you can split a maximum of 4 instances into a new reservation. + **Future-dated Capacity Reservations ** – You can't split capacity for a future-dated Capacity Reservation during the commitment period. + **Resource groups** – If the existing Capacity Reservation belongs to a resource group, the new Capacity Reservation will not be automatically added to the resource group. You can add the new Capacity Reservation to a resource group after it is created, if necessary. + **Sharing** – If the existing Capacity Reservation is shared with a consumer account, the new Capacity Reservation will not be automatically shared with the consumer account. You can share the new Capacity Reservation after it is created, if necessary. + **Cluster placement group** – If the existing Capacity Reservation is part of a cluster placement group, the new Capacity Reservation will be created in the same cluster placement group. **Note** Splitting capacity from a Capacity Block isn't supported. ## Control access for splitting Capacity Reservations using tags You can use tags to control access to Amazon EC2 resources, including splitting capacity from an existing Capacity Reservation to create a new Capacity Reservation. For more information, see [ Controlling access to AWS resources using tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) in the *IAM User Guide*. To control access for splitting a Capacity Reservation using tags, make sure that you specify both resource and request tags in the policy statement because IAM policies are evaluated against both the source Capacity Reservation and the newly created Capacity Reservation. The following example policy includes the `ec2:ResourceTag` condition key with the tag `Owner=ExampleDepartment1` for the source Capacity Reservation and the `ec2:RequestTag` condition key with the tag `stack=production` for the newly created Capacity Reservation. ``` { "Statement": [ { "Sid": "AllowSourceCapacityReservation", "Effect": "Allow", "Action": "ec2:CreateCapacityReservationBySplitting", "Resource": "arn:aws:ec2:us-east-1:111122223333:capacity-reservation/cr-1234567890abcdef0", "Condition": { "StringEquals": { "ec2:ResourceTag/Owner": "ExampleDepartment1" } } }, { "Sid": "AllowNewlyCreatedCapacityReservation", "Effect": "Allow", "Action": ["ec2:CreateCapacityReservationBySplitting", "ec2:CreateTags"], "Resource": "arn:aws:ec2:us-east-1:111122223333:capacity-reservation/*", "Condition": { "StringEquals": { "aws:RequestTag/stack": "production" } } } ] } ``` ## Split off capacity You can split off capacity from an existing Capacity Reservation to create a new Capacity Reservation. ------ #### [ Console ] **To split off capacity** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Capacity Reservations**. 1. Select an On-Demand Capacity Reservation ID that has capacity to split. 1. Under **Actions**, **Manage capacity**, choose **Split**. 1. On the **Split Capacity Reservation** page, under **Quantity to split**, use the slider or type the number of instances to split from the current reservation. 1. (Optional) Add tags for the new Capacity Reservation. 1. Review the summary, and when you're ready, choose **Split**. ------ #### [ AWS CLI ] **To split off capacity** Use the `create-capacity-reservation-by-splitting` command. The following example creates a new Capacity Reservation by splitting off 10 instances from the specified Capacity Reservation. ``` aws ec2 create-capacity-reservation-by-splitting \ --source-capacity-reservation-id cr-1234567890abdef0 \ --instance-count 10 ``` ------ #### [ PowerShell ] **To split off capacity** Use the [New-EC2CapacityReservationBySplitting](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2CapacityReservationBySplitting.html) cmdlet. The following example creates a new Capacity Reservation by splitting off 10 instances from the specified Capacity Reservation. ``` New-EC2CapacityReservationBySplitting ` -SourceCapacityReservationId cr-1234567890abdef0 ` -InstanceCount 10 ``` ------ # Cancel a Capacity Reservation You can cancel a Capacity Reservation that is in one of the following states: + `assessing` + `active` and there is no commitment duration or the commitment duration has elapsed. You can't cancel a future-dated Capacity Reservation during the commitment duration. **Note** You can't modify or cancel a Capacity Block. For more information, see [Capacity Blocks for ML](ec2-capacity-blocks.md). If a future-dated Capacity Reservation enters the `delayed` state, the commitment duration is waived, and you can cancel it as soon as it enters the `active` state. When you cancel a Capacity Reservation, the capacity is released immediately, and it is no longer reserved for your use. You can cancel empty Capacity Reservations and Capacity Reservations that have running instances. If you cancel a Capacity Reservation that has running instances, the instances continue to run normally outside of the capacity reservation at standard On-Demand Instance rates or at a discounted rate if you have a matching Savings Plans or Regional Reserved Instance. After you cancel a Capacity Reservation, instances that target it can no longer launch. Modify these instances so that they either target a different Capacity Reservation, launch into any open Capacity Reservation with matching attributes and sufficient capacity, or avoid launching into a Capacity Reservation. For more information, see [Modify the Capacity Reservation settings of your instance](capacity-reservations-modify-instance.md). ------ #### [ Console ] **To cancel a Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations** and select the Capacity Reservation to cancel. 1. Choose **Cancel reservation**, **Cancel reservation**. ------ #### [ AWS CLI ] **To cancel a Capacity Reservation** Use the [cancel-capacity-reservation](https://docs.aws.amazon.com/cli/latest/reference/ec2/cancel-capacity-reservation.html) command. ``` aws ec2 cancel-capacity-reservation \ --capacity-reservation-id cr-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To cancel a Capacity Reservation** Use the [Remove-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2CapacityReservation.html) cmdlet. ``` Remove-EC2CapacityReservation ` -CapacityReservationId cr-1234567890abcdef0 ``` ------ # Use Capacity Reservations with cluster placement groups You can create Capacity Reservations in a cluster placement group to reserve Amazon EC2 compute capacity for your workloads. Cluster placement groups offer the benefit of low network latency and high network throughput. Creating a Capacity Reservation in a cluster placement group ensures that you have access to compute capacity in your cluster placement groups when you need it, for as long as you need it. This is ideal for reserving capacity for high-performance (HPC) workloads that require compute scaling. It allows you to scale your cluster down while ensuring that the capacity remains available for your use so that you can scale back up when needed. After you create a Capacity Reservation in a cluster placement group, you can share it with other AWS accounts. For more information, see [Sharing Capacity Reservations in cluster placement groups](#cpg-cr-sharing). **Topics** + [ ## Limitations ](#cr-cpg-limitations) + [ ## Work with Capacity Reservations in cluster placement groups ](#work-with-crs-cpgs) + [ ## Sharing Capacity Reservations in cluster placement groups ](#cpg-cr-sharing) ## Limitations Keep the following in mind when creating Capacity Reservations in cluster placement groups: + If an existing Capacity Reservation is not in a placement group, you can't modify the Capacity Reservation to reserve capacity in a placement group. To reserve capacity in a placement group, you must create the Capacity Reservation in the placement group. + After you create a Capacity Reservation in a placement group, you can't modify it to reserve capacity outside of the placement group. + You can increase your reserved capacity in a placement group by modifying an existing Capacity Reservation in the placement group, or by creating additional Capacity Reservations in the placement group. However, you increase your chances of getting an insufficient capacity error. + You can share Capacity Reservations only from the cluster placement group that you own. You cannot share Capacity Reservations from a cluster placement group that you do not own. + You can't delete a cluster placement group that has `active` Capacity Reservations. You must cancel all Capacity Reservations in the cluster placement group before you can delete it. ## Work with Capacity Reservations in cluster placement groups To start using Capacity Reservations with cluster placement groups, perform the following steps. **Note** If you want to create a Capacity Reservation in an existing cluster placement group, skip Step 1. Then for Steps 2 and 3, specify the ARN of the existing cluster placement group. **Topics** + [ ### Step 1: (*Conditional*) Create a cluster placement group for use with a Capacity Reservation ](#create-cpg) + [ ### Step 2: Create a Capacity Reservation in a cluster placement group ](#create-cr-in-cpg) + [ ### Step 3: Launch instances into Capacity Reservations in a cluster placement group ](#launch-instance-into-cpg) ### Step 1: (*Conditional*) Create a cluster placement group for use with a Capacity Reservation Perform this step only if you need to create a new cluster placement group. To use an existing cluster placement group, skip this step and then for Steps 2 and 3, use the ARN of that cluster placement group. ------ #### [ Console ] **To create a cluster placement group** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Placement Groups**, and then choose **Create placement group**. 1. For **Name**, specify a descriptive name for the placement group. 1. For **Placement strategy**, choose **Cluster**. 1. Choose **Create group**. 1. In the **Placement groups** table, in the **Group ARN** column, make a note of the ARN of the cluster placement group that you created. You'll need it for the next step. ------ #### [ AWS CLI ] **To create a cluster placement group** Use the [create-placement-group](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-placement-group.html) command. ``` aws ec2 create-placement-group \ --group-name MyPG \ --strategy cluster ``` Make a note of the placement group ARN returned in the output, because you'll need it for the next step. ------ #### [ PowerShell ] **To create a cluster placement group** Use the [New-EC2PlacementGroup](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2PlacementGroup.html) cmdlet. ``` New-EC2PlacementGroup ` -GroupName my-placement-group ` -Strategy "cluster" ``` Make a note of the placement group ARN returned in the output, because you'll need it for the next step. ------ ### Step 2: Create a Capacity Reservation in a cluster placement group You create a Capacity Reservation in a cluster placement group in the same way that you create any Capacity Reservation. However, you must also specify the ARN of the cluster placement group in which to create the Capacity Reservation. **Considerations** + The specified cluster placement group must be in the `available` state. If the cluster placement group is in the `pending`, `deleting`, or `deleted` state, the request fails. + The Capacity Reservation and the cluster placement group must be in the same Availability Zone. If the request to create the Capacity Reservation specifies an Availability Zone that is different from that of the cluster placement group, the request fails. + You can create Capacity Reservations only for instance types that are supported by cluster placement groups. If you specify an unsupported instance type, the request fails. + If you create an `open` Capacity Reservation in a cluster placement group and there are existing running instances that have matching attributes (placement group ARN, instance type, Availability Zone, platform, and tenancy), those instances automatically run in the Capacity Reservation. + Your request to create a Capacity Reservation could fail if one of the following is true: + Amazon EC2 does not have sufficient capacity to fulfill the request. Either try again at a later time, try a different Availability Zone, or try a smaller capacity. If your workload is flexible across instance types and sizes, try different instance attributes. + The requested quantity exceeds your On-Demand Instance limit for the selected instance family. Increase your On-Demand Instance limit for the instance family and try again. For more information, see [On-Demand Instance quotas](ec2-on-demand-instances.md#ec2-on-demand-instances-limits). ------ #### [ Console ] **To create a Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations**, and then choose **Create Capacity Reservation**. 1. On the **Create a Capacity Reservation** page, specify the instance type, platform, Availability Zone, Tenancy, quantity, and end date as needed. 1. For **Placement group**, select the ARN of the cluster placement group in which to create the Capacity Reservation. 1. Choose **Create**. For more information, see [Create a Capacity Reservation](capacity-reservations-create.md). ------ #### [ AWS CLI ] **To create a Capacity Reservation** Use the [create-capacity-reservation](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-capacity-reservation.html) command. For `--placement-group-arn`, specify the ARN of the cluster placement group in which to create the Capacity Reservation. ``` aws ec2 create-capacity-reservation \ --instance-type instance_type \ --instance-platform platform \ --availability-zone-id az_id \ --instance-count quantity \ --placement-group-arn "placement_group_arn" ``` ------ #### [ PowerShell ] **To create a Capacity Reservation** Use the [Add-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Add-EC2CapacityReservation.html) cmdlet. For `-PlacementGroupArn`, specify the ARN of the cluster placement group in which to create the Capacity Reservation. ``` Add-EC2CapacityReservation ` -InstanceType instance_type ` -InstancePlatform platform ` -AvailabilityZoneId az_id ` -InstanceCount quantity ` -PlacementGroupArn "placement_group_arn" ``` ------ ### Step 3: Launch instances into Capacity Reservations in a cluster placement group You can launch an instance into a Capacity Reservation that is in a cluster placement group with one of the following options: + *Specifying the ARN of the cluster placement group in which to launch the instance* – When you provide the ARN of a cluster placement group, Amazon EC2 launches the instance into that cluster placement group. You can use one of the following methods: + *Specifying `open`* – You do not have to specify the Capacity Reservation in the instance launch request. If the instance has attributes (placement group ARN, instance type, Availability Zone, platform, and tenancy) that match a Capacity Reservation in the specified placement group, the instance automatically runs in the Capacity Reservation. + *Specifying a Capacity Reservation* – If the Capacity Reservation accepts only targeted instance launches, you must specify the target Capacity Reservation in addition to the cluster placement group in the request. + *Specifying a Capacity Reservation group* – For more information, see [ Using Capacity Reservation in cluster placement groups with a Capacity Reservation group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cpg-odcr-crg.html). + *Specifying only a Capacity Reservation group* – For more information, see [Using Capacity Reservation in cluster placement groups with a Capacity Reservation group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cpg-odcr-crg.html). + *Specifying only a Capacity Reservation* – You can launch instances into a Capacity Reservation in a cluster placement group. **Note** When you launch instances by specifying only a Capacity Reservation or only a Capacity Reservation group, the instances are launched into the Capacity Reservations that are created in the cluster placement group, but the instances are not directly attached to the cluster placement group. ------ #### [ Console ] **To launch instances into an existing Capacity Reservation** 1. Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md), but don't launch the instance until you've completed the following steps to specify the settings for the placement group and Capacity Reservation. 1. Expand **Advanced details** and do the following: 1. For **Placement group**, select the cluster placement group in which to launch the instance. 1. For **Capacity Reservation**, choose one of the following options depending on the configuration of the Capacity Reservation: + **Open** – To launch the instances into any `open` Capacity Reservation in the cluster placement group that has matching attributes and sufficient capacity. + **Target by ID** – To launch the instances into a Capacity Reservation that accepts only targeted instance launches. + **Target by group** – To launch the instances into any Capacity Reservation with matching attributes and available capacity in the selected Capacity Reservation group. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ------ #### [ AWS CLI ] **To launch instances into an existing Capacity Reservation** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command. If you need to target a specific Capacity Reservation or a Capacity Reservation group, specify the `--capacity-reservation-specification` parameter. For `--placement`, specify the `GroupName` parameter and then specify the name of the placement group that you created in the previous steps. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count quantity \ --instance-type instance_type \ --key-name key_pair_name \ --subnet-id subnet-0abcdef1234567890 \ --capacity-reservation-specification CapacityReservationTarget={CapacityReservationId=capacity_reservation_id} \ --placement "GroupName=cluster_placement_group_name" ``` ------ #### [ PowerShell ] **To launch instances into an existing Capacity Reservation** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet. For `-Placement`, specify the `GroupName` parameter and then specify the name of the placement group that you created in the previous steps. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType instance_type ` -KeyName key_pair_name ` -SubnetId subnet-0abcdef1234567890 ` -CapacityReservationTarget_CapacityReservationId capacity_reservation_id ` -Placement_GroupName cluster_placement_group_name ``` ------ ## Sharing Capacity Reservations in cluster placement groups You can share Capacity Reservations in cluster placement groups by either sharing only the Capacity Reservations, or by sharing both the Capacity Reservations and the cluster placement group in which they were created. By sharing only the Capacity Reservation, you give consumer accounts access to that Capacity Reservation only. Consumer accounts have no visibility or access to the cluster placement group in which the Capacity Reservation is created. This gives you fine-grained control over consumer account access. Consumer accounts can't view any information about the cluster placement group, including its ARN. When you share the cluster placement group and the Capacity Reservation, the cluster placement group is visible and accessible to consumer accounts. They can launch instances and create their own Capacity Reservations in it. For more information, see the following resources. + [Launch instances into Capacity Reservations in a cluster placement group](#launch-instance-into-cpg) + [Shared Capacity Reservations](capacity-reservation-sharing.md) + [Shared placement groups](share-placement-group.md) # Capacity Reservation groups You can use AWS Resource Groups to create logical collections of Capacity Reservations, called *resource groups*. A resource group is a logical grouping of AWS resources that are all in the same AWS Region. For more information about resource groups, see [What are resource groups?](https://docs.aws.amazon.com/ARG/latest/userguide/) in the *AWS Resource Groups User Guide*. You can include Capacity Reservations that you own in your account, and Capacity Reservations that are shared with you by other AWS accounts in a single resource group. You can also include Capacity Reservations that have different attributes (instance type, platform, Availability Zone, and tenancy) in a single resource group. When you create resource groups for Capacity Reservations, you can target instances to a group of Capacity Reservations instead of an individual Capacity Reservation. Instances that target a group of Capacity Reservations match with any Capacity Reservation in the group that has matching attributes (instance type, platform, Availability Zone, and tenancy) and available capacity. If the group does not have a Capacity Reservation with matching attributes and available capacity, the instances run using On-Demand capacity. If a matching Capacity Reservation is added to the targeted group at a later stage, the instance is automatically matched with and moved into its reserved capacity. To prevent unintended use of Capacity Reservations in a group, configure the Capacity Reservations in the group to accept only instances that explicitly target the capacity reservation. To do this, set **Instance eligibility** to **Only instances that specify this reservation** when creating the Capacity Reservation using the Amazon EC2 console. When using the AWS CLI, specify `--instance-match-criteria targeted` when creating the Capacity Reservation. Doing this ensures that only instances that explicitly target the group, or a Capacity Reservation in the group, can run in the group. If a Capacity Reservation in a group is canceled or expires while it has running instances, the instances are automatically moved to another Capacity Reservation in the group that has matching attributes and available capacity. If there are no remaining Capacity Reservations in the group that have matching attributes and available capacity, the instances run in On-Demand capacity. If a matching Capacity Reservation is added to the targeted group at a later stage, the instance is automatically moved into its reserved capacity. **Topics** + [Create a group](create-group.md) + [Add Capacity Reservation to group](add-to-group.md) + [Remove Capacity Reservation from group](remove-from-group.md) + [Delete group](delete-group.md) + [Using Capacity Reservation in cluster placement groups with a Capacity Reservation group](using-cpg-odcr-crg.md) # Create a Capacity Reservation group Create a group You can use the following examples to create a resource group for Capacity Reservations with the following request parameters. + `AWS::EC2::CapacityReservationPool` – Ensures that the resource group can be targeted for instance launches. + `AWS::ResourceGroups::Generic` with `allowed-resource-types` set to `AWS::EC2::CapacityReservation` – Ensures that the resource group accepts Capacity Reservations only. After you create a group, you can [add Capacity Reservations](add-to-group.md) to the group. ------ #### [ AWS CLI ] **To create a group for Capacity Reservations** Use the [create-group](https://docs.aws.amazon.com/cli/latest/reference/resource-groups/create-group.html) AWS CLI command. ``` aws resource-groups create-group \ --name MyCRGroup \ --configuration \ '{"Type": "AWS::EC2::CapacityReservationPool"}' \ '{"Type": "AWS::ResourceGroups::Generic", "Parameters": [{"Name": "allowed-resource-types", "Values": ["AWS::EC2::CapacityReservation"]}]}' ``` ------ #### [ PowerShell ] **To create a group for Capacity Reservations** Use the [New-RGGroup](https://docs.aws.amazon.com/powershell/latest/reference/items/New-RGGroup.html) cmdlet. ``` New-RGGroup ` -Name MyCRGroup ` -Configuration ` @{"Type"="AWS::EC2::CapacityReserationPool"} ` @{"Type"="AWS::ResourceGroups::Generic"; "Parameters"=@{"allowed-resource-types"=@{"Values"="AWS::EC2::CapacityReservations"}}} ``` ------ # Add a Capacity Reservation to a group Add Capacity Reservation to group If you add a Capacity Reservation that is shared with you to a group, and that Capacity Reservation is unshared, it is automatically removed from the group. ------ #### [ AWS CLI ] **To add a Capacity Reservation to a group** Use the [group-resources](https://docs.aws.amazon.com/cli/latest/reference/resource-groups/group-resources.html) command. The following example adds two Capacity Reservations to the specified group. ``` aws resource-groups group-resources \ --group MyCRGroup \ --resource-arns \ arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-1234567890abcdef1 \ arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-54321abcdef567890 ``` ------ #### [ PowerShell ] **To add a Capacity Reservation to a group** Use the [Add-RGResource](https://docs.aws.amazon.com/powershell/latest/reference/items/Add-RGResource.html) cmdlet. The following example adds two Capacity Reservations to the specified group. ``` Add-RGResource ` -Group MyCRGroup ` -ResourceArn ` "arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-1234567890abcdef1", ` "arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-54321abcdef567890" ``` ------ # Remove a Capacity Reservation from a group Remove Capacity Reservation from group You can use the following examples to remove a Capacity Reservation from a group. ------ #### [ AWS CLI ] **To remove a Capacity Reservation from a group** Use the [ungroup-resources](https://docs.aws.amazon.com/cli/latest/reference/resource-groups/ungroup-resources.html) command. The following example removes two Capacity Reservations from the specified group. ``` aws resource-groups ungroup-resources \ --group MyCRGroup \ --resource-arns \ arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-0e154d26a16094dd \ arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-54321abcdef567890 ``` ------ #### [ PowerShell ] **To remove a Capacity Reservation from a group** Use the [Remove-RGResource](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-RGResource.html) cmdlet. The following example removes two Capacity Reservations from the specified group. ``` Remove-RGResource ` -Group MyCRGroup ` -ResourceArn ` "arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-0e154d26a16094dd", ` "arn:aws:ec2:sa-east-1:123456789012:capacity-reservation/cr-54321abcdef567890" ``` ------ # Delete a Capacity Reservation group Delete group You can use the following examples to delete a Capacity Reservation group. ------ #### [ AWS CLI ] **To delete a group** Use the [delete-group](https://docs.aws.amazon.com/cli/latest/reference/resource-groups/delete-group.html) command. ``` aws resource-groups delete-group --group MyCRGroup ``` ------ #### [ PowerShell ] **To delete a group** Use the [Remove-RGGroup](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-RGGroup.html) cmdlet. ``` Remove-RGGroup -GroupName MyCRGroup ``` ------ # Using Capacity Reservation in cluster placement groups with a Capacity Reservation group Using Capacity Reservation in cluster placement groups with a Capacity Reservation group Amazon EC2 provides different launch methods for you to use Capacity Reservations in a cluster placement group with a Capacity Reservation group. You can choose one of the following methods to target a Capacity Reservation group based on your workload requirements: + *Specifying the ARN of the cluster placement group and Capacity Reservation group* – This will use any available Capacity Reservation with matching attributes and available capacity in the selected Capacity Reservation group. If the selected group does not have a Capacity Reservation with matching attributes and available capacity, the instances launch into On-Demand capacity. **Note** When you launch instances using this method, the instances are placed in the specified cluster placement group. + *Specifying only a Capacity Reservation group* – This will use all available capacity within the Capacity Reservation group by specifying only the Capacity Reservation group. While launching instances, capacity is used in the following order: + Capacity Reservations not associated with any cluster placement group. + Capacity Reservation in any cluster placement group within the Capacity Reservation group. + If the group does not have a Capacity Reservation with matching attributes and available capacity, the instances run using On-Demand capacity and they are not placed in any cluster placement group. **Note** When you launch instances by specifying only a Capacity Reservation group, the instances are launched into the Capacity Reservations that are created in the cluster placement group, but the instances are not directly attached to the cluster placement group. # Capacity Reservations in Local Zones A Local Zone is an extension of an AWS Region that is geographically close to your users. Resources created in a Local Zone can serve local users with very low-latency communications. For more information, see [AWS Local Zones](https://aws.amazon.com/about-aws/global-infrastructure/localzones/). You can extend a VPC from its parent AWS Region into a Local Zone by creating a new subnet in that Local Zone. When you create a subnet in a Local Zone, your VPC is extended to that Local Zone. The subnet in the Local Zone operates the same as the other subnets in your VPC. By using Local Zones, you can place Capacity Reservations in multiple locations that are closer to your users. You create and use Capacity Reservations in Local Zones in the same way that you create and use Capacity Reservations in regular Availability Zones. The same features and instance matching behavior apply. For more information about the pricing models that are supported in Local Zones, see [AWS Local Zones FAQs](https://aws.amazon.com/about-aws/global-infrastructure/localzones/faqs/). **Considerations** You can't use Capacity Reservation groups in a Local Zone. **To use a Capacity Reservation in a Local Zone** 1. Enable the Local Zone for use in your AWS account. For more information, see [Getting started with AWS Local Zones](https://docs.aws.amazon.com/local-zones/latest/ug/getting-started.html) in the *AWS Local Zones User Guide*. 1. Create a Capacity Reservation in the Local Zone. For **Availability Zone**, choose the Local Zone. The Local Zone is represented by an AWS Region code followed by an identifier that indicates the location, for example `us-west-2-lax-1a`. For more information, see [Create a Capacity Reservation](capacity-reservations-create.md). 1. Create a subnet in the Local Zone. For **Availability Zone**, choose the Local Zone. For more information, see [Create a subnet in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/create-subnets.html) in the *Amazon VPC User Guide*. 1. Launch an instance. For **Subnet**, choose the subnet in the Local Zone (for example `subnet-123abc | us-west-2-lax-1a`), and for **Capacity Reservation**, choose the specification (either `open` or target it by ID) that's required for the Capacity Reservation that you created in the Local Zone. For more information, see [Launch instances into an existing Capacity Reservation](capacity-reservations-launch.md). # Capacity Reservations in Wavelength Zones *AWS Wavelength* enables developers to build applications that deliver ultra-low latencies to mobile devices and end users. Wavelength deploys standard AWS compute and storage services to the edge of telecommunication carriers' 5G networks. You can extend an Amazon Virtual Private Cloud (VPC) to one or more Wavelength Zones. You can then use AWS resources like Amazon EC2 instances to run applications that require ultra-low latency and a connection to AWS services in the Region. For more information, see [AWS Wavelength Zones](https://aws.amazon.com//wavelength/). When you create On-Demand Capacity Reservations, you can choose the Wavelength Zone and you can launch instances into a Capacity Reservation in a Wavelength Zone by specifying the subnet associated with the Wavelength Zone. A Wavelength Zone is represented by an AWS Region code followed by an identifier that indicates the location, for example `us-east-1-wl1-bos-wlz-1`. Wavelength Zones are not available in every Region. For information about the Regions that support Wavelength Zones, see [Available Wavelength Zones](https://docs.aws.amazon.com/wavelength/latest/developerguide/wavelength-quotas.html) in the *AWS Wavelength Developer Guide*. **Considerations** You can't use Capacity Reservation groups in a Wavelength Zone. **To use a Capacity Reservation in a Wavelength Zone** 1. Enable the Wavelength Zone for use in your AWS account. For more information, see [Get started with AWS Wavelength](https://docs.aws.amazon.com/wavelength/latest/developerguide/get-started-wavelength.html) in the *AWS Wavelength Developer Guide*. 1. Create a Capacity Reservation in the Wavelength Zone. For **Availability Zone**, choose the Wavelength. The Wavelength is represented by an AWS Region code followed by an identifier that indicates the location, for example `us-east-1-wl1-bos-wlz-1`. For more information, see [Create a Capacity Reservation](capacity-reservations-create.md). 1. Create a subnet in the Wavelength Zone. For **Availability Zone**, choose the Wavelength Zone. For more information, see [Create a subnet in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/create-subnets.html) in the *Amazon VPC User Guide*. 1. Launch an instance. For **Subnet**, choose the subnet in the Wavelength Zone (for example `subnet-123abc | us-east-1-wl1-bos-wlz-1`), and for **Capacity Reservation**, choose the specification (either `open` or target it by ID) that's required for the Capacity Reservation that you created in the Wavelength. For more information, see [Launch instances into an existing Capacity Reservation](capacity-reservations-launch.md). # Capacity Reservations on AWS Outposts AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs. An Outpost is a pool of AWS compute and storage capacity deployed at a customer site. AWS operates, monitors, and manages this capacity as part of an AWS Region. You can create Capacity Reservations on Outposts that you have created in your account. This allows you to reserve compute capacity on an Outpost at your site. You create and use Capacity Reservations on Outposts in the same way that you create and use Capacity Reservations in regular Availability Zones. The same features and instance matching behavior apply. You can also share Capacity Reservations on Outposts with other AWS accounts within your organization using AWS Resource Access Manager. For more information about sharing Capacity Reservations, see [Shared Capacity Reservations](capacity-reservation-sharing.md). **Prerequisite** You must have an Outpost installed at your site. For more information, see [ Create an Outpost and order Outpost capacity](https://docs.aws.amazon.com/outposts/latest/userguide/order-outpost-capacity.html) in the *AWS Outposts User Guide*. **Considerations** + You can't use Capacity Reservation groups on an Outpost. **To use a Capacity Reservation on an Outpost** 1. Create a subnet on the Outpost. For more information, see [Create a subnet](https://docs.aws.amazon.com/outposts/latest/userguide/launch-instance.html#create-subnet) in the *AWS Outposts User Guide*. 1. Create a Capacity Reservation on the Outpost. 1. Open the AWS Outposts console at [https://console.aws.amazon.com/outposts/](https://console.aws.amazon.com/outposts/home). 1. In the navigation pane, choose **Outposts**, and then choose **Actions**, **Create Capacity Reservation**. 1. Configure the Capacity Reservation as needed and then choose **Create**. For more information, see [Create a Capacity Reservation](capacity-reservations-create.md). **Note** The **Instance Type** drop-down lists only instance types that are supported by the selected Outpost, and the **Availability Zone** drop-down lists only the Availability Zone with which the selected Outpost is associated. 1. Launch an instance into the Capacity Reservation. For **Subnet** choose the subnet that you created in Step 1, and for **Capacity Reservation**, select the Capacity Reservation that you created in Step 2. For more information, see [Launch an instance on the Outpost](https://docs.aws.amazon.com/outposts/latest/userguide/launch-instance.html#launch-instances) in the *AWS Outposts User Guide*. # Shared Capacity Reservations Capacity Reservation sharing enables Capacity Reservation owners to share their reserved capacity with other AWS accounts or within an AWS organization. This enables you to create and manage Capacity Reservations centrally, and share the reserved capacity across multiple AWS accounts or within your AWS organization. In this model, the AWS account that owns the Capacity Reservation (owner) shares it with other AWS accounts (consumers). Consumers can launch instances into Capacity Reservations that are shared with them in the same way that they launch instances into Capacity Reservations that they own in their own account. The Capacity Reservation owner is responsible for managing the Capacity Reservation and the instances that they launch into it. Owners cannot modify instances that consumers launch into Capacity Reservations that they have shared. Consumers are responsible for managing the instances that they launch into Capacity Reservations shared with them. Consumers cannot view or modify instances owned by other consumers or by the Capacity Reservation owner. A Capacity Reservation owner can share a Capacity Reservation with: + Specific AWS accounts inside or outside of its AWS organization + An organizational unit inside its AWS organization + Its entire AWS organization ## Prerequisites for sharing Capacity Reservations + To share a Capacity Reservation, you must own it in your AWS account. You cannot share a Capacity Reservation that has been shared with you. + You can only share Capacity Reservations for shared tenancy instances. You cannot share Capacity Reservations for dedicated tenancy instances. + Capacity Reservation sharing is not available to new AWS accounts or AWS accounts that have a limited billing history. + To share a Capacity Reservation with your AWS organization or an organizational unit in your AWS organization, you must enable sharing with AWS Organizations. For more information, see [Enable Sharing with AWS Organizations](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html) in the *AWS RAM User Guide*. + You can share a Capacity Reservation in `active` or `scheduled` state. You cannot share Capacity Reservation in other [ states ](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-capacity-block.html), such as `assessing` or `unsupported`. ## Related services Capacity Reservation sharing integrates with AWS Resource Access Manager (AWS RAM). AWS RAM is a service that enables you to share your AWS resources with any AWS account or through AWS Organizations. With AWS RAM, you share resources that you own by creating a *resource share*. A resource share specifies the resources to share, and the consumers with whom to share them. Consumers can be individual AWS accounts, or organizational units or an entire organization from AWS Organizations. For more information about AWS RAM, see the *[AWS RAM User Guide](https://docs.aws.amazon.com/ram/latest/userguide/)*. ## Share across Availability Zones To ensure that resources are distributed across the Availability Zones for a Region, we independently map Availability Zones to names for each account. This could lead to Availability Zone naming differences across accounts. For example, the Availability Zone `us-east-1a` for your AWS account might not have the same location as `us-east-1a` for another AWS account. To identify the location of your Capacity Reservations relative to your accounts, you must use the *Availability Zone ID* (AZ ID). The AZ ID is a unique and consistent identifier for an Availability Zone across all AWS accounts. For example, `use1-az1` is an AZ ID for the `us-east-1` Region and it is the same location in every AWS account. When you share a Capacity Reservation with another account, the Capacity Reservation is associated with a specific location identified by its AZ ID. The consumer account can use the shared Capacity Reservation only in the Availability Zone that maps to the same AZ ID in their account. For example, if you create a Capacity Reservation in `us-east-1a` (AZ ID `use1-az1`), the consumer must launch instances in the Availability Zone that maps to `use1-az1` in their account. That Availability Zone might have a different name, such as `us-east-1b`. **To view the AZ IDs for the Availability Zones in your account** 1. Open the AWS RAM console at [https://console.aws.amazon.com/ram/home](https://console.aws.amazon.com/ram/home). 1. The AZ IDs for the current Region are displayed in the **Your AZ ID** panel on the right-hand side of the screen. # Share a Capacity Reservation When you share a Capacity Reservation that you own with other AWS accounts, you enable them to launch instances into your reserved capacity. If you share an open Capacity Reservation, keep the following in mind as it could lead to unintended Capacity Reservation usage: + If consumers have running instances that match the attributes of the Capacity Reservation, have the `CapacityReservationPreference` parameter set to `open`, and are not yet running in reserved capacity, they automatically use the shared Capacity Reservation. + If consumers launch instances that have matching attributes (instance type, platform, Availability Zone, and tenancy) and have the `CapacityReservationPreference` parameter set to `open`, they automatically launch into the shared Capacity Reservation. To share a Capacity Reservation, you must add it to a resource share. A resource share is an AWS RAM resource that lets you share your resources across AWS accounts. A resource share specifies the resources to share, and the consumers with whom they are shared. When you share a Capacity Reservation using the Amazon EC2 console, you add it to an existing resource share. To add the Capacity Reservation to a new resource share, you must create the resource share using the [AWS RAM console](https://console.aws.amazon.com/ram). If you are part of an organization in AWS Organizations and sharing within your organization is enabled, consumers in your organization are granted access to the shared Capacity Reservation if the [prerequisites for sharing](capacity-reservation-sharing.md#sharing-cr-prereq) are met. If the Capacity Reservation is shared with external accounts, they receive an invitation to join the resource share and are granted access to the shared Capacity Reservation after accepting the invitation. **Important** Before launching instances into a Capacity Reservation that is shared with you, verify that you have access to the shared Capacity Reservation by viewing it in the console or by describing it using the [ describe-capacity-reservations](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-reservations.html) AWS CLI command. If you can view the shared Capacity Reservation in the console or describe it using the AWS CLI, it is available for your use and you can launch instances into it. If you attempt to launch instances into the Capacity Reservation and it is not accessible due to a sharing failure, the instances will launch into On-Demand capacity. ------ #### [ Console ] **To share a Capacity Reservation that you own using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. Choose the Capacity Reservation to share and choose **Actions**, **Share reservation**. 1. Select the resource share to which to add the Capacity Reservation and choose **Share Capacity Reservation**. It could take a few minutes for consumers to get access to the shared Capacity Reservation. **To share a Capacity Reservation that you own using the AWS RAM console** See [Creating a resource share](https://docs.aws.amazon.com/ram/latest/userguide/working-with-sharing.html#working-with-sharing-create) in the *AWS RAM User Guide*. ------ #### [ AWS CLI ] **To share a Capacity Reservation that you own** Use the [create-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/create-resource-share.html) command. ``` aws ram create-resource-share \ --name my-resource-share \ --resource-arns arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE ``` ------ #### [ PowerShell ] **To share a Capacity Reservation that you own** Use the [New-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/New-RAMResourceShare.html) cmdlet. ``` New-RAMResourceShare ` -Name my-resource-share ` -ResourceArn "arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE" ``` ------ # Stop sharing a Capacity Reservation The Capacity Reservation owner can stop sharing a Capacity Reservation at any time. The following rules apply: + Instances owned by consumers that were running in the shared capacity at the time sharing stops continue to run normally outside of the reserved capacity, and the capacity is restored to the Capacity Reservation subject to Amazon EC2 capacity availability. + Consumers with whom the Capacity Reservation was shared can no longer launch new instances into the reserved capacity. To stop sharing a Capacity Reservation that you own, you must remove it from the resource share. ------ #### [ Console ] **To stop sharing a Capacity Reservation that you own using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. Select the Capacity Reservation and choose the **Sharing** tab. 1. The **Sharing** tab lists the resource shares to which the Capacity Reservation has been added. Select the resource share from which to remove the Capacity Reservation and choose **Remove from resource share**. **To stop sharing a Capacity Reservation that you own using the AWS RAM console** See [Updating a Resource Share](https://docs.aws.amazon.com/ram/latest/userguide/working-with-sharing.html#working-with-sharing-update) in the *AWS RAM User Guide*. ------ #### [ AWS CLI ] **To stop sharing a Capacity Reservation that you own** Use the [disassociate-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/disassociate-resource-share.html) command. ``` aws ram disassociate-resource-share \ --resource-share-arn arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE \ --resource-arns arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE ``` ------ #### [ PowerShell ] **To stop sharing a Capacity Reservation that you own** Use the [Disconnect-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/Disconnect-RAMResourceShare.html) cmdlet. ``` Disconnect-RAMResourceShare ` -ResourceShareArn "arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE" ` -ResourceArn "arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE" ``` ------ # Billing assignment for shared Amazon EC2 Capacity Reservations Billing assignment By default, when a Capacity Reservation is shared, the owner is billed for the instances they run in the Capacity Reservation and for any available capacity, also called *unused capacity*, in the Capacity Reservation; while consumers are billed only for the instances they run in the shared Capacity Reservation. If needed, the Capacity Reservation owner can assign the billing of any available capacity in the Capacity Reservation to any one of the accounts with which the Capacity Reservation is shared. After billing is assigned to another account, that account becomes the *billing owner* of any available capacity in the Capacity Reservation. Any charges for available capacity in the Capacity Reservation, from that point onward, are billed to the assigned account instead of the owner's account. The Capacity Reservation owner and the accounts with which the Capacity Reservation is shared continue to be billed for the instances they run in the Capacity Reservation. **Important** The Capacity Reservation owner remains the resource owner and they remain responsible for managing the Capacity Reservation. The account to which billing is assigned does not get any additional privileges; they can't cancel, modify, or share the Capacity Reservation in any way. **Topics** + [ ## How it works ](#how-billing-ownership-works) + [ ## Considerations ](#billing-ownership-considerations) + [Assign billing](request-billing-transfer.md) + [View billing assignment requests](view-billing-transfers.md) + [Accept or reject billing](accept-decline-billing-transfer.md) + [Cancel or revoke requests](cancel-billing-transfer.md) + [Monitor requests](billing-ownership-events.md) ## How it works Only the Capacity Reservation owner can assign billing of a shared Capacity Reservation to another account. Billing can be assigned only to an account with which the Capacity Reservation is shared and that is consolidated under the same AWS Organizations payer account as the Capacity Reservation owner. To assign billing of the available capacity of a Capacity Reservation to another account, the Capacity Reservation owner must initiate a request to the required account. The specified account receives the request and they must either accept or reject it within 12 hours. + If they **accept**, they become the *billing owner* of any available capacity, also called *unused capacity*, in the Capacity Reservation. From that point onward, charges for any available capacity in the Capacity Reservation are billed to their account instead of the owner's account. After it is accepted, only the Capacity Reservation owner can revoke billing from the assigned account. + If they **reject**, the Capacity Reservation owner remains the billing owner of the available capacity in the Capacity Reservation. Charges for any available capacity in the Capacity Reservation continue to be billed to the owner's account. + If they **do not accept or reject** the request within 12 hours, it expires and charges for any available capacity in the Capacity Reservation continue to be billed to owner's account. For the period that billing is assigned to another account, the `Reservation` and `UnusedBox` line items appear in the assigned account's Cost and Usage Report (CUR) instead of the owner's CUR. The following table shows which line items appear in the CUR for the Capacity Reservation owner and consumer accounts **before** billing is assigned to another account. | Account | CUR line items before billing is assigned | | --- | --- | | Capacity Reservation owner | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html) | | Consumer accounts with which the Capacity Reservation is shared | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html) | The following table shows which line items appear in the CUR for the Capacity Reservation owner and consumer accounts **after** billing is assigned to another account. | Account | CUR line items after billing is assigned | | --- | --- | | Capacity Reservation owner | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html) | | Consumer account to which billing is assigned | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html) | | Other consumer accounts with which the Capacity Reservation is shared | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/assign-billing.html) | **Note** \$1 The `BoxUsage` line item appears in an account's CUR only if they have running instances in the Capacity Reservation. For more information about the CUR line items, see [Monitoring Capacity Reservations](https://docs.aws.amazon.com/cur/latest/userguide/monitor-ondemand-reservations.html). Use the Capacity Reservation ARN in the CUR to determine who owns the Capacity Reservation. If the ARN includes your AWS account ID, you are the Capacity Reservation owner. Otherwise, the Capacity Reservation is owned by a different account but billing is assigned to you. Cost allocation tags assigned to Capacity Reservation by the owner will not appear in the consumer account's CUR. Cost allocation tags appear in the Capacity Reservation owner's CUR only. ## Considerations Keep the following in mind when assigning billing of a shared Capacity Reservation: + You can't do partial or split billing assignments. Billing of all available capacity of a Capacity Reservation can be assigned to one account at a time. + The available capacity of a Capacity Reservation can change over time. This will impact billing for the assigned account. For example, available capacity can increase if the Capacity Reservation owner increases the size of the Capacity Reservation, or if other consumer accounts stop or terminate their instances running in the Capacity Reservation. + Billing can be assigned only to a consumer account that is consolidated under the same AWS Organizations payer account. Billing is automatically revoked from the consumer account if they leave the organization, or if the Capacity Reservation is no longer shared with them. + Only the Capacity Reservation owner can cancel a pending billing assignment request and revoke billing from an assigned account after the request has been accepted. # Assign billing of a shared EC2 Capacity Reservation to another account Assign billing To assign billing of the available capacity of a shared Capacity Reservation to another account, the Capacity Reservation owner must initiate a request to the required account. In the Amazon EC2 console, this request is called a *transfer request*. A Capacity Reservation owner can assign billing of the available capacity of Capacity Reservation to an account only if: + The Capacity Reservation is already shared with that account. + The account is consolidated under the same AWS Organizations payer account as the Capacity Reservation owner. Billing is assigned to the specified account only once they accept the request. When a Capacity Reservation owner initiates a request, an Amazon EventBridge event is sent to the requested account. For more information, see [Monitor billing assignment requests for shared Capacity Reservations](billing-ownership-events.md). ------ #### [ Console ] **To assign billing of a shared Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, select **Capacity Reservations** and then choose the shared Capacity Reservation. 1. In the **Billing of available capacity** section, choose **Assign billing**. 1. In the **Assign billing** screen, select the consumer account to which to assign billing, and then choose **Request**. ------ #### [ AWS CLI ] **To assign billing of a shared Capacity Reservation** Use the [associate-capacity-reservation-billing-owner](https://docs.aws.amazon.com/cli/latest/reference/ec2/associate-capacity-reservation-billing-owner.html) command. For `--capacity-reservation-id`, specify the ID of the shared Capacity Reservation. For `--unused-reservation-billing-owner-id`, specify the ID of the AWS account to which to assign billing. ``` aws ec2 associate-capacity-reservation-billing-owner \ --capacity-reservation-id cr-01234567890abcdef \ --unused-reservation-billing-owner-id 123456789012 ``` ------ #### [ PowerShell ] **To assign billing of a shared Capacity Reservation** Use the [Register-EC2CapacityReservationBillingOwner](https://docs.aws.amazon.com/powershell/latest/reference/items/Register-EC2CapacityReservationBillingOwner.html) cmdlet. For `-CapacityReservationId`, specify the ID of the shared Capacity Reservation. For `-UnusedReservationBillingOwnerId`, specify the ID of the AWS account to which to assign billing. ``` Register-EC2CapacityReservationBillingOwner ` -CapacityReservationId cr-01234567890abcdef ` -UnusedReservationBillingOwnerId 123456789012 ``` ------ # View billing assignment requests for shared EC2 Capacity Reservations View billing assignment requests A Capacity Reservation owner can view only the most recent billing assignment request that they initiated. And consumer accounts can view only the most recent billing assignment requests sent to them. Requests can be viewed for 24 hours after they enter the `cancelled`, `expired`, or `revoked` state. After 24 hours, they can no longer be viewed. ------ #### [ Console ] **(Capacity Reservation owner) To view requests you initiated** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, select **Capacity Reservations** and then choose the shared Capacity Reservation for which to view requests. 1. The **Billing of available capacity** section shows the most recent request and its current state. **(Consumer account) To requests sent to you** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, select **Capacity Reservations**. 1. If you have pending requests, the **Pending billing assignment requests** banner appears at the top of the screen. If the banner does not appear, you do not have pending requests. To view the requests, choose **Review requests** in the banner. ------ #### [ AWS CLI ] **(Capacity Reservation owner) To view requests you initiated** Use the [describe-capacity-reservation-billing-requests](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-reservation-billing-requests.html) command. ``` aws ec2 describe-capacity-reservation-billing-requests \ --role odcr-owner ``` **(Consumer account) To view requests sent to you** Use the [describe-capacity-reservation-billing-requests](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-reservation-billing-requests.html) command. ``` aws ec2 describe-capacity-reservation-billing-requests \ --role unused-reservation-billing-owner ``` ------ #### [ PowerShell ] **(Capacity Reservation owner) To view requests you initiated** Use the [Get-EC2CapacityReservationBillingRequest](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CapacityReservationBillingRequest.html) cmdlet. ``` Get-EC2CapacityReservationBillingRequest ` -Role odcr-owner ``` **(Consumer account) To view requests sent to you** Use the [Get-EC2CapacityReservationBillingRequest](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CapacityReservationBillingRequest.html) cmdlet. ``` Get-EC2CapacityReservationBillingRequest ` -Role unused-reservation-billing-owner ``` ------ A request can be in one of the following states. | State | Description | | --- | --- | | pending | The request has not been accepted or rejected, but it has not yet expired. | | accepted | The request was accepted by the specified account. Billing of available capacity of the Capacity Reservation is assigned to the consumer account. | | rejected | The request was rejected by the consumer account. | | cancelled | The request was cancelled by the Capacity Reservation owner while it was in the pending state. | | revoked | Billing was revoked from the consumer account for one of the following reasons: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/view-billing-transfers.html) | | expired | The request expired because the consumer account did not accept or reject it within 12 hours. | # Accept or reject billing of a shared EC2 Capacity Reservation Accept or reject billing If you receive a billing assignment request for a Capacity Reservation that is shared with you, you can either accept or reject it. The request remains in the `pending` state until it is accepted or rejected. If you accept the request, it enters the `accepted` state, and billing of any available, or *unused*, capacity of that Capacity Reservation is assigned to your account from that point onward. After you accept a request, only the Capacity Reservation owner can revoke billing from your account. If you reject the request, it enters the `rejected` state, and billing of the available capacity of the Capacity Reservation remains assigned to the Capacity Reservation owner. Requests expire if they are not accepted or rejected within 12 hours. If a request expires, billing of any unused capacity of the Capacity Reservation remains assigned to the Capacity Reservation owner. When a request is accepted or rejected, an Amazon EventBridge event is sent to the Capacity Reservation owner's account. When a request expires, an Amazon EventBridge event is sent to the Capacity Reservation owner and the consumer account. For more information, see [Monitor billing assignment requests for shared Capacity Reservations](billing-ownership-events.md). ------ #### [ Console ] **To accept or reject a request** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, select **Capacity Reservations**. 1. If you have pending requests, the **Pending billing assignment requests** banner appears at the top of the screen. If the banner does not appear, you do not have pending requests. To view the requests, choose **Review requests** in the banner. 1. Select the request to accept or reject, and then choose either **Accept** or **Reject**. ------ #### [ AWS CLI ] **To accept a request** Use the [accept-capacity-reservation-billing-ownership](https://docs.aws.amazon.com/cli/latest/reference/ec2/accept-capacity-reservation-billing-ownership.html) command. For `--capacity-reservation-id`, specify the ID of the Capacity Reservation for which to accept the request. ``` aws ec2 accept-capacity-reservation-billing-ownership \ --capacity-reservation-id cr-01234567890abcdef ``` **To reject a request** Use the [reject-capacity-reservation-billing-ownership](https://docs.aws.amazon.com/cli/latest/reference/ec2/reject-capacity-reservation-billing-ownership.html) command. For `--capacity-reservation-id`, specify the ID of the Capacity Reservation for which to reject the request. ``` aws ec2 reject-capacity-reservation-billing-ownership \ --capacity-reservation-id cr-01234567890abcdef ``` ------ #### [ PowerShell ] **To accept a request** Use the [Approve-EC2CapacityReservationBillingOwnership](https://docs.aws.amazon.com/powershell/latest/reference/items/Approve-EC2CapacityReservationBillingOwnership.html) cmdlet. ``` Approve-EC2CapacityReservationBillingOwnership ` -CapacityReservationId cr-01234567890abcdef ``` **To reject a request** Use the [Deny-EC2CapacityReservationBillingOwnership](https://docs.aws.amazon.com/powershell/latest/reference/items/Deny-EC2CapacityReservationBillingOwnership.html) cmdlet. ``` Deny-EC2CapacityReservationBillingOwnership ` -CapacityReservationId cr-01234567890abcdef ``` ------ # Cancel or revoke billing assignment requests for shared EC2 Capacity Reservations Cancel or revoke requests Only the Capacity Reservation owner can cancel a `pending` billing assignment request. If a pending request is cancelled, it enters the `cancelled` state and billing of any available, or *unused*, capacity of the Capacity Reservation remains assigned to Capacity Reservation owner. After a request is `accepted`, only the Capacity Reservation owner can revoke billing from the assigned account. If billing is revoked, the request enters the `revoked` state and billing of any available capacity of the Capacity Reservation is reassigned to Capacity Reservation owner. When a request is cancelled or revoked, Amazon EventBridge events are sent to the Capacity Reservation owner and specified consumer account. For more information, see [Monitor billing assignment requests for shared Capacity Reservations](billing-ownership-events.md). ------ #### [ Console ] **To cancel or revoke a request** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation panel, select **Capacity Reservations** and then choose the Capacity Reservation for which to cancel or revoke the request. 1. In the **Billing of available capacity** section, choose **Cancel transfer** or **Revoke transfer**, depending on the current state of the request. ------ #### [ AWS CLI ] **To cancel or revoke a request** Use the [disassociate-capacity-reservation-billing-owner](https://docs.aws.amazon.com/cli/latest/reference/ec2/disassociate-capacity-reservation-billing-owner.html) command. For `--unused-reservation-billing-owner-id`, specify the ID of the AWS account to which the request was sent. ``` aws ec2 disassociate-capacity-reservation-billing-owner \ --capacity-reservation-id cr-01234567890abcdef \ --unused-reservation-billing-owner-id 123456789012 ``` ------ #### [ PowerShell ] **To cancel or revoke a request** Use the [Unregister-EC2CapacityReservationBillingOwner](https://docs.aws.amazon.com/powershell/latest/reference/items/Unregister-EC2CapacityReservationBillingOwner.html) cmdlet. For `-UnusedReservationBillingOwnerId`, specify the ID of the AWS account to which the request was sent. ``` Unregister-EC2CapacityReservationBillingOwner ` -CapacityReservationId cr-01234567890abcdef ` -UnusedReservationBillingOwnerId 123456789012 ``` ------ # Monitor billing assignment requests for shared Capacity Reservations Monitor requests Amazon EC2 sends Amazon EventBridge events when the state of a billing assignment request changes. + Events are sent to the Capacity Reservation owner when a request enters the following states: `accepted` \$1 `rejected` \$1 `expired` \$1 `revoked`. + Events are sent to the requested consumer account when a request enters the following states: `pending` \$1 `expired` \$1 `cancelled` \$1 `revoked`. For more information about Amazon EventBridge, see the [ Amazon EventBridge User Guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/). The following is the Amazon EventBridge event pattern. ``` { "version":"0", "id":"12345678-1234-1234-1234-123456789012", "detail-type":"On-Demand Capacity Reservation Billing Ownership Request pending|accepted|rejected|cancelled|revoked|expired", "source":"aws.ec2", "account":"account_id", "time":"state_change_timestamp", "region":"region", "resources":[ "arn:aws:ec2:region:cr_owner_account_id:capacity-reservation/cr_id" ], "detail":{ "capacity-reservation-id":"cr_id", "updateTime":timestamp, "ownerAccountId":"cr_owner_account_id", "unusedReservationChargesOwnerID":"consumer_account_id", "status":"pending|accepted|rejected|cancelled|revoked|expired", "statusMessage":"message } } ``` The following is an example of an event that is sent to the Capacity Reservation owner (`222222222222`) when a consumer account (`111111111111`) accepts a billing assignment request for a shared Capacity Reservation (`cr-01234567890abcdef`). ``` { "version":"0", "id":"12345678-1234-1234-1234-123456789012", "detail-type":"On-Demand Capacity Reservation Billing Ownership Request accepted", "source":"aws.ec2", "account":"222222222222", "time":"2024-09-01Thh:59:59Z", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:222222222222:capacity-reservation/cr-01234567890abcdef" ], "detail":{ "capacity-reservation-id":"cr-01234567890abcdef", "updateTime":"2024-08-01Thh:59:59Z", "ownerAccountId":"222222222222", "unusedReservationChargesOwnerID":"111111111111", "status":"accepted", "statusMessage":"billing transfer status message" } } ``` ## Shared Capacity Reservation permissions ### Permissions for owners Owners are responsible for managing and canceling their shared Capacity Reservations. Owners cannot modify instances running in the shared Capacity Reservation that are owned by other accounts. Owners remain responsible for managing instances that they launch into the shared Capacity Reservation. ### Permissions for consumers Consumers are responsible for managing their instances that are running the shared Capacity Reservation. Consumers cannot modify the shared Capacity Reservation in any way, and they cannot view or modify instances that are owned by other consumers or the Capacity Reservation owner. Consumers can only view the total capacity and available capacity in the shared reservation. ## Billing and metering There are no additional charges for sharing Capacity Reservations. By default, the Capacity Reservation owner is billed for instances that they run inside the Capacity Reservation and for unused reserved capacity, while consumers are billed for the instances that they run inside the shared Capacity Reservation. However, you can assign billing of the available capacity of a shared Capacity Reservation to a specific consumer account. For more information, see [Billing assignment for shared Amazon EC2 Capacity Reservations](assign-billing.md). If the Capacity Reservation owner belongs to a different payer account and the Capacity Reservation is covered by a Regional Reserved Instance or a Savings Plan, the Capacity Reservation owner continues to be billed for the Regional Reserved Instance or Savings Plan. In these cases, the Capacity Reservation owner pays for the Regional Reserved Instance or Savings Plan, and consumers are billed for the instances that the run in the shared Capacity Reservation. ## Instance limits All Capacity Reservation usage counts toward the Capacity Reservation owner's On-Demand Instance limits. This includes: + Unused reserved capacity + Usage by instances owned by the Capacity Reservation owner + Usage by instances owned by consumers Instances launched into the shared capacity by consumers count towards the Capacity Reservation owner's On-Demand Instance limit. Consumers' instance limits are a sum of their own On-Demand Instance limits and the capacity available in the shared Capacity Reservations to which they have access. # Capacity Reservation Fleets An *On-Demand Capacity Reservation Fleet* is a group of Capacity Reservations. A Capacity Reservation Fleet request contains all of the configuration information that's needed to launch a Capacity Reservation Fleet. Using a single request, you can reserve large amounts of Amazon EC2 capacity for your workload across multiple instance types, up to a target capacity that you specify. After you create a Capacity Reservation Fleet, you can manage the Capacity Reservations in the fleet collectively by modifying or canceling the Capacity Reservation Fleet. **Topics** + [ ## How Capacity Reservation Fleets work ](#cr-how-it-works) + [ ## Considerations ](#considerations) + [ ## Pricing ](#pricing) + [Concepts and planning](crfleet-concepts.md) + [Create](create-crfleet.md) + [Modify](modify-crfleet.md) + [Cancel](cancel-crfleet.md) + [Example configurations](crfleet-example-configs.md) + [Using service-linked roles](using-service-linked-roles.md) ## How Capacity Reservation Fleets work When you create a Capacity Reservation Fleet, the Fleet attempts to create individual Capacity Reservations to meet the total target capacity that you specified in the Fleet request. The number of instances for which the Fleet reserves capacity depends on the [*total target capacity*](crfleet-concepts.md#target-capacity) and the [*instance type weights*](crfleet-concepts.md#instance-weight) that you specify. The instance type for which it reserves capacity depends on the [*allocation strategy*](crfleet-concepts.md#allocation-strategy) and [*instance type priorities*](crfleet-concepts.md#instance-priority) that you use. If there is insufficient capacity at the time the Fleet is created, and it is unable to immediately meet its total target capacity, the Fleet asynchronously attempts to create Capacity Reservations until it has reserved the requested amount of capacity. When the Fleet reaches its total target capacity, it attempts to maintain that capacity. If a Capacity Reservation in the Fleet is cancelled, the Fleet automatically creates one or more Capacity Reservations, depending on your Fleet configuration, to replace the lost capacity and to maintain its total target capacity. The Capacity Reservations in the Fleet can't be managed individually. They must be managed collectively by modifying the Fleet. When you modify a Fleet, the Capacity Reservations in the Fleet are automatically updated to reflect the changes. Currently, Capacity Reservation Fleets support the `open` instance matching criteria, and all Capacity Reservations launched by a Fleet automatically use this instance matching criteria. With this criteria, new instances and existing instances that have matching attributes (instance type, platform, Availability Zone, and tenancy) automatically run in the Capacity Reservations created by a Fleet. Capacity Reservation Fleets do not support targeted instance matching criteria. ## Considerations Keep the following in mind when working with Capacity Reservation Fleets: + A Capacity Reservation Fleet can be created, modified, viewed, and cancelled using the AWS CLI and AWS API. + The Capacity Reservations in a Fleet can't be managed individually. They must be managed collectively by modifying or cancelling the Fleet. + A Capacity Reservation Fleet can't span across Regions. + A Capacity Reservation Fleet can't span across Availability Zones. + Capacity Reservations created by a Capacity Reservation Fleet are automatically tagged with the following AWS generated tag: + Key — `aws:ec2-capacity-reservation-fleet` + Value — `fleet_id` You can use this tag to identify Capacity Reservations that were created by a Capacity Reservation Fleet. ## Pricing There are no additional charges for using Capacity Reservation Fleets. You are billed for the individual Capacity Reservations that are created by your Capacity Reservation Fleets. For more information about how Capacity Reservations are billed, see [Capacity Reservation pricing and billing](capacity-reservations-pricing-billing.md). # Capacity Reservation Fleet concepts and planning Concepts and planning The following information describes how to plan a Capacity Reservation Fleet and describes Capacity Reservation Fleet concepts including total target capacity, allocation strategy, instance type weight, and instance type priority. **Topics** + [ ## Plan a Capacity Reservation Fleet ](#plan-cr-fleet) + [ ## Total target capacity ](#target-capacity) + [ ## Allocation strategy ](#allocation-strategy) + [ ## Instance type weight ](#instance-weight) + [ ## Instance type priority ](#instance-priority) ## Plan a Capacity Reservation Fleet When planning your Capacity Reservation Fleet, we recommend that you do the following: 1. Determine the amount of compute capacity that is needed by your workload. 1. Decide on the instance types and Availability Zones that you want to use. 1. Assign each instance type a priority based on your needs and preferences. For more information, see [Instance type priority](#instance-priority). 1. Create a capacity weighting system that makes sense for your workload. Assign a weight to each instance type and determine your total target capacity. For more information, see [Instance type weight](#instance-weight) and [Total target capacity](#target-capacity). 1. Determine whether you need the Capacity Reservation indefinitely or only for a specific period of time. ## Total target capacity The *total target capacity* defines the total amount of compute capacity that the Capacity Reservation Fleet reserves. You specify the total target capacity when you create the Capacity Reservation Fleet. After the Fleet has been created, Amazon EC2 automatically creates Capacity Reservations to reserve capacity up to the total target capacity. The number of instances for which the Capacity Reservation Fleet reserves capacity is determined by the total target capacity and the *instance type weight* that you specify for each instance type in the Capacity Reservation Fleet (`total target capacity`/`instance type weight`=`number of instances`). You can assign a total target capacity based on units that are meaningful to your workload. For example, if your workload requires a certain number of vCPUs, you can assign the total target capacity based on the number of vCPUs required. If your workload requires `2048` vCPUs, specify a total target capacity of `2048` and then assign instance type weights based on the number of vCPUs provided by the instance types in the Fleet. For an example, see [Instance type weight](#instance-weight). ## Allocation strategy The allocation strategy for your Capacity Reservation Fleet determines how it fulfills your request for reserved capacity from the instance type specifications in the Capacity Reservation Fleet configuration. Currently, only the `prioritized` allocation strategy is supported. With this strategy, the Capacity Reservation Fleet creates Capacity Reservations using the priorities that you have assigned to each of the instance type specifications in the Capacity Reservation Fleet configuration. Lower priority values indicate higher priority for use. For example, say you create a Capacity Reservation Fleet that uses the following instance types and priorities: + `m4.16xlarge` — priority = 1 + `m5.16xlarge` — priority = 3 + `m5.24xlarge` — priority = 2 The Fleet first attempts to create Capacity Reservations for `m4.16xlarge`. If Amazon EC2 has insufficient `m4.16xlarge` capacity, the Fleet attempts to create Capacity Reservations for `m5.24xlarge`. If Amazon EC2 has insufficient `m5.24xlarge` capacity, the Fleet creates Capacity Reservations for `m5.16xlarge`. ## Instance type weight The *instance type weight* is a weight that you assign to each instance type in the Capacity Reservation Fleet. The weight determines how many units of capacity each instance of that specific instance type counts toward the Fleet's *total target capacity*. You can assign weights based on units that are meaningful to your workload. For example, if your workload requires a certain number of vCPUs, you can assign weights based on the number of vCPUs provided by each instance type in the Capacity Reservation Fleet. In this case, if you create a Capacity Reservation Fleet using `m4.16xlarge` and `m5.24xlarge` instances, you would assign weights that correspond to the number of vCPUs for each instance as follows: + `m4.16xlarge` — `64` vCPUs, weight = `64` units + `m5.24xlarge` — `96` vCPUs, weight = `96` units The instance type weight determines the number of instances for which the Capacity Reservation Fleet reserves capacity. For example, if a Capacity Reservation Fleet with a total target capacity of `384` units uses the instance types and weights in the preceding example, the Fleet could reserve capacity for `6` `m4.16xlarge` instances (384 total target capacity/64 instance type weight=6 instances), or `4` `m5.24xlarge` instances (384 / 96 = 4). If you do not assign instance type weights, or if you assign an instance type weight of `1`, the total target capacity is based purely on instance count. For example, if a Capacity Reservation Fleet with a total target capacity of `384` units uses the instance types in the preceding example, but omits the weights or specifies a weight of `1` for both instance types, the Fleet could reserve capacity for either `384` `m4.16xlarge` instances or `384` `m5.24xlarge` instances. ## Instance type priority The *instance type priority* is a value that you assign to the instance types in the Fleet. The priorities are used to determine which of the instance types specified for the Fleet should be prioritized for use. Lower priority values indicate a higher priority for use. # Create a Capacity Reservation Fleet Create When you create a Capacity Reservation Fleet it automatically creates Capacity Reservations for the instance types specified in the Fleet request, up to the specified total target capacity. The number of instances for which the Capacity Reservation Fleet reserves capacity depends on the total target capacity and instance type weights that you specify in the request. For more information, see [Instance type weight](crfleet-concepts.md#instance-weight) and [Total target capacity](crfleet-concepts.md#target-capacity). When you create the Fleet, you must specify the instance types to use and a priority for each of those instance types. For more information, see [Allocation strategy](crfleet-concepts.md#allocation-strategy) and [Instance type priority](crfleet-concepts.md#instance-priority). **Note** The **AWSServiceRoleForEC2CapacityReservationFleet** service-linked role is automatically created in your account the first time that you create a Capacity Reservation Fleet. For more information, see [Using service-linked roles for Capacity Reservation FleetUsing service-linked roles for EC2 Capacity Manager](using-service-linked-roles.md). Currently, Capacity Reservation Fleets support the `open` instance matching criteria only. ------ #### [ AWS CLI ] **To create a Capacity Reservation Fleet** Use the [create-capacity-reservation-fleet](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-capacity-reservation-fleet.html) command. ``` aws ec2 create-capacity-reservation-fleet \ --total-target-capacity 24 \ --allocation-strategy prioritized \ --instance-match-criteria open \ --tenancy default \ --end-date 2021-12-31T23:59:59.000Z \ --instance-type-specifications file://instanceTypeSpecification.json ``` The following are the contents of `instanceTypeSpecification.json`. ``` [ { "InstanceType": "m5.xlarge", "InstancePlatform": "Linux/UNIX", "Weight": 3.0, "AvailabilityZone":"us-east-1a", "EbsOptimized": true, "Priority" : 1 } ] ``` The following is example output. ``` { "Status": "submitted", "TotalFulfilledCapacity": 0.0, "CapacityReservationFleetId": "crf-abcdef01234567890", "TotalTargetCapacity": 24 } ``` ------ #### [ PowerShell ] **To create a Capacity Reservation Fleet** Use the [New-EC2CapacityReservationFleet](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2CapacityReservationFleet.html) cmdlet. ``` New-EC2CapacityReservationFleet ` -TotalTargetCapacity 24 ` -AllocationStrategy "prioritized" ` -InstanceMatchCriterion "open" ` -Tenancy "default" ` -EndDate 2021-12-31T23:59:59.000Z ` -InstanceTypeSpecification $specification ``` The specification is defined as follows. ``` $specification = New-Object Amazon.EC2.Model.ReservationFleetInstanceSpecification $specification.InstanceType = "m5.xlarge" $specification.InstancePlatform = "Linux/UNIX" $specification.Weight = 3.0 $specification.AvailabilityZone = "us-east-1a" $specification.EbsOptimized = $true $specification.Priority = 1 ``` ------ # Modify a Capacity Reservation Fleet Modify You can modify the total target capacity and date of a Capacity Reservation Fleet at any time. When you modify the total target capacity of a Capacity Reservation Fleet, the Fleet automatically creates new Capacity Reservations, or modifies or cancels existing Capacity Reservations in the Fleet to meet the new total target capacity. When you modify the end date for the Fleet, the end dates for all of the individual Capacity Reservations are updated accordingly. **Considerations** + After you modify a Fleet, its status transitions to `modifying`. You can't attempt additional modifications to a Fleet while it is in the `modifying` state. + You can't modify the tenancy, Availability Zone, instance types, instance platforms, priorities, or weights used by a Capacity Reservation Fleet. If you need to change any of these parameters, you might need to cancel the existing Fleet and create a new one with the required parameters. + You can't specify `--end-date` and `--remove-end-date` in the same command. ------ #### [ AWS CLI ] **To modify a Capacity Reservation Fleet** Use the [modify-capacity-reservation-fleet](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-capacity-reservation-fleet.html) command. **Example 1: Modify total target capacity** ``` aws ec2 modify-capacity-reservation-fleet \ --capacity-reservation-fleet-id crf-01234567890abcedf \ --total-target-capacity 160 ``` **Example 2: Modify end date** ``` aws ec2 modify-capacity-reservation-fleet \ --capacity-reservation-fleet-id crf-01234567890abcedf \ --end-date 2021-07-04T23:59:59.000Z ``` **Example 3: Remove end date** ``` aws ec2 modify-capacity-reservation-fleet \ --capacity-reservation-fleet-id crf-01234567890abcedf \ --remove-end-date ``` ------ #### [ PowerShell ] **To modify a Capacity Reservation Fleet** Use the [Edit-EC2CapacityReservationFleet](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2CapacityReservationFleet.html) cmdlet. **Example 1: Modify total target capacity** ``` Edit-EC2CapacityReservationFleet ` -CapacityReservationFleetId crf-01234567890abcedf ` -TotalTargetCapacity 160 ``` **Example 2: Modify end date** ``` Edit-EC2CapacityReservationFleet ` -CapacityReservationFleetId crf-01234567890abcedf ` -EndDate 2021-07-04T23:59:59.000Z ``` **Example 3: Remove end date** ``` Edit-EC2CapacityReservationFleet ` -CapacityReservationFleetId crf-01234567890abcedf ` -RemoveEndDate ``` ------ # Cancel a Capacity Reservation Fleet Cancel When you no longer need a Capacity Reservation Fleet and the capacity it reserves, you can cancel it. When you cancel a Fleet, its status changes to `cancelled` and it can no longer create new Capacity Reservations. Additionally, all of the individual Capacity Reservations in the Fleet are canceled. The instances that were previously running in the reserved capacity continue to run normally in the shared capacity. ------ #### [ AWS CLI ] **To cancel a Capacity Reservation Fleet** Use the [cancel-capacity-reservation-fleets](https://docs.aws.amazon.com/cli/latest/reference/ec2/cancel-capacity-reservation-fleets.html) command. ``` aws ec2 cancel-capacity-reservation-fleets \ --capacity-reservation-fleet-ids crf-abcdef01234567890 ``` The following is example output. ``` { "SuccessfulFleetCancellations": [ { "CurrentFleetState": "cancelling", "PreviousFleetState": "active", "CapacityReservationFleetId": "crf-abcdef01234567890" } ], "FailedFleetCancellations": [] } ``` ------ #### [ PowerShell ] **To cancel a Capacity Reservation Fleet** Use the [Stop-EC2CapacityReservationFleet](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2CapacityReservationFleet.html) cmdlet. ``` Stop-EC2CapacityReservationFleet ` -CapacityReservationFleetId crf-abcdef01234567890 ``` ------ # Example Capacity Reservation Fleet configurations Example configurations The following example creates a Capacity Reservation Fleet that uses two instance types: `m5.4xlarge` and `m5.12xlarge`. It uses a weighting system based on the number of vCPUs provided by the specified instance types. The total target capacity is `480` vCPUs. The `m5.4xlarge` provides 16 vCPUs and gets a weight of `16`, while the `m5.12xlarge` provides 48 vCPUs and gets a weight of `48`. This weighting system configures the Capacity Reservation Fleet to reserve capacity for either 30 `m5.4xlarge` instances (480/16=30), or 10 `m5.12xlarge` instances (480/48=10). The Fleet is configured to prioritize the `m5.12xlarge` capacity and gets priority of `1`, while the `m5.4xlarge` gets a lower priority of `2`. This means that the fleet will attempt to reserve the `m5.12xlarge` capacity first, and only attempt to reserve the `m5.4xlarge` capacity if Amazon EC2 has insufficient `m5.12xlarge` capacity. The Fleet reserves the capacity for `Windows` instances and the reservation automatically expires on `October 31, 2021` at `23:59:59` UTC. ``` aws ec2 create-capacity-reservation-fleet \ --total-target-capacity 480 \ --allocation-strategy prioritized \ --instance-match-criteria open \ --tenancy default \ --end-date 2021-10-31T23:59:59.000Z \ --instance-type-specifications file://instanceTypeSpecification.json ``` The following is the contents of `instanceTypeSpecification.json`. ``` [ { "InstanceType": "m5.4xlarge", "InstancePlatform":"Windows", "Weight": 16, "AvailabilityZone":"us-east-1a", "EbsOptimized": true, "Priority" : 2 }, { "InstanceType": "m5.12xlarge", "InstancePlatform":"Windows", "Weight": 48, "AvailabilityZone":"us-east-1a", "EbsOptimized": true, "Priority" : 1 } ] ``` # Using service-linked roles for Capacity Reservation Fleet Using service-linked roles On-Demand Capacity Reservation Fleet uses AWS Identity and Access Management (IAM) [service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts). A service-linked role is a unique type of IAM role that is linked directly to Capacity Reservation Fleet. Service-linked roles are predefined by Capacity Reservation Fleet and include all the permissions that the service requires to call other AWS services on your behalf. A service-linked role makes setting up Capacity Reservation Fleet easier because you don’t have to manually add the necessary permissions. Capacity Reservation Fleet defines the permissions of its service-linked roles, and unless defined otherwise, only Capacity Reservation Fleet can assume its roles. The defined permissions include the trust policy and the permissions policy, and that permissions policy cannot be attached to any other IAM entity. You can delete a service-linked role only after first deleting their related resources. This protects your Capacity Reservation Fleet resources because you can't inadvertently remove permission to access the resources. ## Service-linked role permissions for Capacity Reservation Fleet Service-linked role permissions Capacity Reservation Fleet uses the service-linked role named **AWSServiceRoleForEC2CapacityReservationFleet** to create, describe, modify, and cancel Capacity Reservations in a Capacity Reservation Fleet on your behalf. The AWSServiceRoleForEC2CapacityReservationFleet service-linked role trusts the following entity to assume the role: + `capacity-reservation-fleet.amazonaws.com` The role uses the `AWSEC2CapacityReservationFleetRolePolicy` AWS managed policy. For more information, see [AWS managed policy: AWSEC2CapacityReservationFleetRolePolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-AWSEC2CapacityReservationFleetRolePolicy). You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role. For more information, see [Service-linked role permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create-service-linked-role.html#service-linked-role-permissions) in the *IAM User Guide*. ## Create a service-linked role for Capacity Reservation Fleet Create a service-linked role You don't need to manually create a service-linked role. When you create a Capacity Reservation Fleet using the `create-capacity-reservation-fleet` AWS CLI command or the `CreateCapacityReservationFleet` API, the service-linked role is automatically created for you. If you delete this service-linked role, and then need to create it again, you can use the same process to recreate the role in your account. When you create a Capacity Reservation Fleet, Capacity Reservation Fleet creates the service-linked role for you again. ## Edit a service-linked role for Capacity Reservation Fleet Edit a service-linked role Capacity Reservation Fleet does not allow you to edit the AWSServiceRoleForEC2CapacityReservationFleet service-linked role. After you create a service-linked role, you cannot change the name of the role because various entities might reference the role. However, you can edit the description of the role using IAM. For more information, see [Edit a service-linked role description](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-service-linked-role.html#edit-service-linked-role-iam-console) in the *IAM User Guide*. ## Delete a service-linked role for Capacity Reservation Fleet Delete a service-linked role If you no longer need to use a feature or service that requires a service-linked role, we recommend that you delete that role. That way you don’t have an unused entity that is not actively monitored or maintained. However, you must delete the resources for your service-linked role before you can manually delete it. **Note** If the Capacity Reservation Fleet service is using the role when you try to delete the resources, then the deletion might fail. If that happens, wait for a few minutes and try the operation again. **To delete the AWSServiceRoleForEC2CapacityReservationFleet service-linked role** 1. Use the `delete-capacity-reservation-fleet` AWS CLI command or the `DeleteCapacityReservationFleet` API to delete the Capacity Reservation Fleets in your account. 1. Use the IAM console, the AWS CLI, or the AWS API to delete the AWSServiceRoleForEC2CapacityReservationFleet service-linked role. For more information, see [Delete a service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#id_roles_manage_delete_slr) in the *IAM User Guide*. ## Supported Regions for Capacity Reservation Fleet service-linked roles Supported Regions Capacity Reservation Fleet supports using service-linked roles in all of the Regions where the service is available. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/ec2-service.html#ec2_region). # Monitor Capacity Reservations usage with CloudWatch metrics Monitor with CloudWatch metrics With CloudWatch metrics, you can efficiently monitor your Capacity Reservations and identify unused capacity by setting CloudWatch alarms to notify you when usage thresholds are met. This can help you maintain a constant Capacity Reservation volume and achieve a higher level of utilization. Capacity Reservations send metric data to CloudWatch every five minutes. Metrics are not supported for Capacity Reservations that are active for less than five minutes. For more information about viewing metrics in the CloudWatch console, see [Using Amazon CloudWatch Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/working_with_metrics.html). For more information about creating alarms, see [Creating Amazon CloudWatch Alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html). **Topics** + [ ## Capacity Reservation usage metrics ](#capacity-reservation-usage-metrics) + [ ## Capacity Reservation metric dimensions ](#capacity-reservation-dimensions) + [ ## View CloudWatch metrics for Capacity Reservations ](#viewing-capacity-reservation-metrics) ## Capacity Reservation usage metrics The `AWS/EC2CapacityReservations` namespace includes the following usage metrics you can use to monitor and maintain on-demand capacity within thresholds you specify for your reservation. | Metric | Description | | --- | --- | | UsedInstanceCount | The number of instances that are currently in use. Unit: Count | | AvailableInstanceCount | The number of instances that are available. Unit: Count | | TotalInstanceCount | The total number of instances you have reserved. Unit: Count | | InstanceUtilization | The percentage of reserved capacity instances that are currently in use. Unit: Percent | ## Capacity Reservation metric dimensions You can use the following dimensions to refine the metrics listed in the previous table within the selected Region and account. | Dimension | Description | | --- | --- | | (No dimension) | This dimension filters the specified metric for all Capacity Reservations. | | CapacityReservationId | This dimension filters the specified metric for the identified Capacity Reservation. | | InstanceType | This dimension filters the specified metric for the identified instance type. | | AvailabilityZone | This dimension filters the specified metric for the identified Availability Zone. | | InstanceMatchCriteria | This dimension filters the specified metric for the identified instance match criteria (`open` or `targeted`). | | InstancePlatform | This dimension filters the specified metric data for the identified platform. | | Tenancy | This dimension filters the specified metric for the identified tenancy. | ## View CloudWatch metrics for Capacity Reservations Metrics are grouped first by the service namespace, and then by the supported dimensions. You can use the following procedures to view the metrics for your Capacity Reservations. **To view Capacity Reservation metrics using the CloudWatch console** 1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/). 1. If necessary, change the Region. From the navigation bar, select the Region where your Capacity Reservation resides. For more information, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html). 1. In the navigation pane, choose **Metrics**. 1. For **All metrics**, choose **EC2 Capacity Reservations**. 1. Choose from the preceding metric dimensions **Across All Capacity Reservations**, **By Capacity Reservation**, **By Instance Type**, **By Availability Zone**, **By Platform**, **By Instance Match Criteria** or **By Tenancy** and metrics will be grouped by No dimension, `CapacityReservationId`, `InstanceType`, `AvailabilityZone`, `Platform`, `InstanceMatchCriteria`, and `Tenancy` respectively. 1. To sort the metrics, use the column heading. To graph a metric, select the checkbox next to the metric. **To view Capacity Reservation metrics using the AWS CLI** Use the following [list-metrics](https://docs.aws.amazon.com/cli/latest/reference/cloudwatch/list-metrics.html) command: ``` aws cloudwatch list-metrics --namespace "AWS/EC2CapacityReservations" ``` # Monitor Capacity Reservation underutilization Monitor underutilization You can monitor Capacity Reservation underutilization using the following: **Topics** + [ ## Amazon EventBridge events ](#cr-underutilization-events) + [ ## Email and AWS Health Dashboard notifications ](#monitor-cr-utilization) ## Amazon EventBridge events AWS Health sends events to Amazon EventBridge when a Capacity Reservation in your account is below 20 percent usage over certain periods. With EventBridge, you can establish rules that trigger programmatic actions in response to such events. For example, you can create a rule that automatically cancels a Capacity Reservation when its utilization drops below 20 percent utilization over a 7-day period. Events in EventBridge are represented as JSON objects. The fields that are unique to the event are contained in the "detail" section of the JSON object. The "event" field contains the event name. The "result" field contains the completed status of the action that triggered the event. For more information, see [Amazon EventBridge event patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html) in the *Amazon EventBridge User Guide*. For more information, see the [Amazon EventBridge User Guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/). This feature is not supported in AWS GovCloud (US). ### Events AWS Health sends the following events when capacity usage for a Capacity Reservation is below 20 percent. + `AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION` The following is an example of an event that is generated when a newly created Capacity Reservation is below 20 percent capacity usage over a 24-hour period. ``` { "version": "0", "id": "b3e00086-f271-12a1-a36c-55e8ddaa130a", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2023-03-10T12:03:38Z", "region": "ap-south-1", "resources": [ "cr-01234567890abcdef" ], "detail": { "eventArn": "arn:aws:health:ap-south-1::event/EC2/AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION/AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION_cr-01234567890abcdef-6211-4d50-9286-0c9fbc243f04", "service": "EC2", "eventTypeCode": "AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION", "eventTypeCategory": "accountNotification", "startTime": "Fri, 10 Mar 2023 12:03:38 GMT", "endTime": "Fri, 10 Mar 2023 12:03:38 GMT", "eventDescription": [ { "language": "en_US", "latestDescription": "A description of the event will be provided here" } ], "affectedEntities": [ { "entityValue": "cr-01234567890abcdef" } ] } } ``` + `AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION_SUMMARY` The following is an example of an event that is generated when one or more Capacity Reservation is below 20 percent capacity usage over a 7-day period. ``` { "version": "0", "id":"7439d42b-3c7f-ad50-6a88-25e2a70977e2", "detail-type": "AWS Health Event", "source": "aws.health", "account": "123456789012", "time": "2023-03-07T06:06:01Z", "region": "us-east-1", "resources": [ "cr-01234567890abcdef | us-east-1b | t3.medium | Linux/UNIX | 0.0%", "cr-09876543210fedcba | us-east-1a | t3.medium | Linux/UNIX | 0.0%" ], "detail": { "eventArn": "arn:aws:health:us-east-1::event/EC2/AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION_SUMMARY/AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION_SUMMARY_726c1732-d6f6-4037-b9b8-bec3c2d3ba65", "service": "EC2", "eventTypeCode": "AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION_SUMMARY", "eventTypeCategory": "accountNotification", "startTime": "Tue, 7 Mar 2023 06:06:01 GMT", "endTime": "Tue, 7 Mar 2023 06:06:01 GMT", "eventDescription": [ { "language": "en_US", "latestDescription": "A description of the event will be provided here" } ], "affectedEntities": [ { "entityValue": "cr-01234567890abcdef | us-east-1b | t3.medium | Linux/UNIX | 0.0%" }, { "entityValue": "cr-09876543210fedcba | us-east-1a | t3.medium | Linux/UNIX | 0.0%" } ] } } ``` ### Create an EventBridge rule To receive email notifications when your Capacity Reservation utilization drops below 20 percent, create an Amazon SNS topic, and then create an EventBridge rule for the `AWS_EC2_ODCR_UNDERUTILIZATION_NOTIFICATION` event. **To create the Amazon SNS topic** 1. Open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home). 1. In the navigation pane, choose **Topics**, and then choose **Create topic**. 1. For **Type**, choose **Standard**. 1. For **Name**, enter a name for the new topic. 1. Choose **Create topic**. 1. Choose **Create subscription**. 1. For **Protocol**, choose **Email**, and then for **Endpoint**, enter the email address that receives the notifications. 1. Choose **Create subscription**. 1. The email address entered above will receive email message with the following subject line: `AWS Notification - Subscription Confirmation`. Follow the directions to confirm your subscription. **To create the EventBridge rule** 1. Open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/). 1. In the navigation pane, choose **Rules**, and then choose **Create rule**. 1. For **Name**, enter a name for the new rule. 1. For **Rule type**, choose **Rule with an event pattern**. 1. Choose **Next**. 1. In the **Event pattern**, do the following: 1. For **Event source**, choose **AWS services**. 1. For **AWS service**, choose **AWS Health**. 1. For **Event type**, choose **EC2 ODCR Underutilization Notification**. 1. Choose **Next**. 1. For **Target 1**, do the following: 1. For **Target types**, choose **AWS service**. 1. For **Select a target**, choose **SNS topic**. 1. For **Topic**, choose the topic that you created earlier. 1. Choose **Next** and then **Next** again. 1. Choose **Create rule**. ## Email and AWS Health Dashboard notifications AWS Health sends the following email and Health Dashboard notifications when capacity utilization for Capacity Reservations in your account drops below 20 percent. + Individual notifications for each newly created Capacity Reservation that has been below 20 percent utilization over the last 24-hour period. + A summary notification for all Capacity Reservations that have been below 20 percent utilization over the last 7-day period. The email notifications and Health Dashboard notifications are sent to the email address associated with the AWS account that owns the Capacity Reservations. The notifications include the following information: + The ID of the Capacity Reservation. + The Availability Zone of the Capacity Reservation. + The average utilization rate for the Capacity Reservation. + The instance type and platform (operating system) of the Capacity Reservation. Additionally, when capacity utilization for a Capacity Reservation in your account drops below 20 percent over a 24-hour and 7-day period, AWS Health sends events to EventBridge. With EventBridge, you can create rules that activate automatic actions, such as sending email notifications or triggering AWS Lambda functions, in response to such events. For more information, see [Monitor Capacity Reservation underutilization](#cr-eventbridge). # Monitor state changes for future-dated Capacity Reservations Monitor state changes Amazon EC2 sends an event to Amazon EventBridge when the state of a future-dated Capacity Reservation changes. The following is example of this event. In this example, the future-dated Capacity Reservation entered the `scheduled` state. Note the state highlighted in the `detail-type` field. ``` { "version":"0", "id":"12345678-1234-1234-1234-123456789012", "detail-type":"EC2 Capacity Reservation Scheduled", "source":"aws.ec2", "account":"123456789012", "time":"yyyy-mm-ddThh:mm:ssZ", "region":"us-east-1", "resources":[ "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-1234567890abcdefg" ], "detail":{ "capacity-reservation-id":"cr-1234567890abcdefg", "state":"scheduled" } } ``` The possible values for the `detail-type` field are: + `Scheduled` + `Active` + `Delayed` + `Unsupported` + `Failed` + `Expired` For more information about these states, see [View the state of a Capacity Reservation](capacity-reservations-view.md). You can create Amazon EventBridge events that monitor for these events and then trigger specific actions when they occur. For more information, see [Creating rules that react to events in Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule.html). To create a rule that monitors for all state change events, you can use the following event pattern. ``` { "source": ["aws.ec2"], "detail-type": [{ "prefix": "EC2 Capacity Reservation" }] } ``` To create a rule that monitors for only specific state changes, you can use the following event pattern. ``` { "source": ["aws.ec2"], "detail-type": [{ "prefix": "EC2 Capacity Reservation state" }] } ``` For example, the following event pattern monitors for events that are sent when a future-dated Capacity Reservation enters the `active` state. ``` { "source": ["aws.ec2"], "detail-type": [{ "prefix": "EC2 Capacity Reservation Active" }] } ``` # Interruptible Capacity Reservations Interruptible Capacity Reservations help you make unused capacity temporarily available for other workloads within your account. This gives you control to reclaim capacity when needed. When you reclaim capacity, any instances running inside the interruptible reservation are terminated. After creating an interruptible reservation, you can share it with additional AWS accounts or your AWS organization using AWS Resource Access Manager (RAM). Use interruptible Capacity Reservations when you have unused reserved capacity during off-peak periods, between deployments, or when workloads scale down. If you know another team that could use this capacity, you can make it available by creating an interruptible Capacity Reservation. When your critical workload needs capacity back, you can reclaim it. You can use interruptible Capacity Reservations as one of the following: + **Capacity owner** – You own the source Capacity Reservation and create the interruptible Capacity Reservation to share unused capacity with other teams while retaining control to reclaim it when needed. + **Capacity consumer** – You launch instances into shared interruptible reservations, understanding that your instances may be terminated when the owner reclaims capacity. **Topics** + [ ## How it works ](#how-interruptible-cr-works) + [ ## Billing ](#interruptible-cr-billing) + [ ## Considerations ](#interruptible-cr-considerations) + [ # Interruptible Capacity Reservations for capacity owners ](capacity-owner-procedures.md) + [ # Interruptible Capacity Reservations for capacity consumers ](capacity-consumer-procedures.md) + [ # Monitor interruptible Capacity Reservations with EventBridge and CloudTrail ](monitor-interruptible-cr.md) ## How it works To make unused capacity available to other teams, create an interruptible reservation by specifying the number of unused instances you want to share from your source reservation. When you create the interruptible reservation, we transfer these instances from your source reservation to the new interruptible reservation within your account. We retain the association between the source reservation and the interruptible Capacity Reservation. As a result, when you reclaim your capacity, any running consumer instances are terminated, and the capacity is restored to your original source reservation. Key features: + Make unused capacity temporarily available while maintaining control to reclaim it + Reclaim capacity at any time. For more information, see [Reclamation process and tracking](capacity-owner-procedures.md#reclamation-process) + Share with additional accounts or your AWS organization using AWS Resource Access Manager (RAM) ## Billing When you create an interruptible reservation, you're billed for it as an independent new reservation. This splits your billing: + Source reservation: You're billed for total capacity minus allocated capacity + Interruptible reservation: You're billed for the allocated capacity For more information about On-Demand Capacity Reservation billing, see [Capacity Reservation pricing and billing](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservations-pricing-billing.html). ## Considerations Before using interruptible Capacity Reservations, review the following limitations and requirements that apply to capacity owners and consumers. ### Capacity owners + You cannot directly modify or cancel an interruptible Capacity Reservation. To edit it, update the capacity allocated from the source Capacity Reservation. + You can only view, launch, tag, share, and assign billing for interruptible reservations. + You can create only one interruptible allocation per source Capacity Reservation. ### Capacity consumers + Interruptible Capacity Reservations are by default targeted Capacity Reservations, so you need to target them in your instance launch. + You can't add interruptible Capacity Reservations to capacity reservation groups. + We recommend that you only use interruptible Capacity Reservations for applications that can be interrupted. + Your instances will be terminated when the owner reclaims capacity - there is no fallback to On-Demand or Spot. For more information, see [Interruption experience](capacity-consumer-procedures.md#interruption-experience). # Interruptible Capacity Reservations for capacity owners Capacity owners The capacity owner is the account that owns the source Capacity Reservation and creates the interruptible Capacity Reservation to share unused capacity with other teams while retaining control to reclaim it when needed. This section covers how you (the capacity owner) can create, modify, reclaim, and track an interruptible Capacity Reservation. **Topics** + [ ## Creating an interruptible Capacity Reservation ](#creating-interruptible-cr) + [ ## View your interruptible Capacity Reservation ](#view-interruptible-cr) + [ ## Modifying your interruptible Capacity Reservation ](#modify-interruptible-cr) + [ ## Reclamation process and tracking ](#reclamation-process) + [ ## Sharing interruptible reservations ](#sharing-interruptible-reservations) ## Creating an interruptible Capacity Reservation Create an interruptible Capacity Reservation to make unused capacity from your source reservation available for other workloads while maintaining control to reclaim it when needed. ### Prerequisites Before creating an interruptible allocation, ensure your source On-Demand Capacity Reservation meets these requirements: + Your Capacity Reservation must be in active state with no end date set. You can't create allocations from reservations that are pending, expired, cancelled, or have scheduled end dates. + Your Capacity Reservation must have available capacity for allocation. You can only allocate available instances (also called unused capacity). + You can create only one interruptible allocation per source Capacity Reservation. If an allocation already exists, you must modify or cancel it before creating a new one. + You can allocate a maximum of 1000 instances at once to an interruptible Capacity Reservation. Use can use the console or the AWS CLI to create an interruptible Capacity Reservation. ------ #### [ Console ] **To create an interruptible Capacity Reservation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations**. 1. Select your Capacity Reservation. 1. Choose **Actions**, **Create interruptible allocation**. 1. For **Instances to allocate**, enter the number of instances to allocate. 1. (Optional) Add tags. 1. Choose **Create interruptible capacity allocation**. ------ #### [ AWS CLI ] **To create an interruptible Capacity Reservation** Use the [create-interruptible-capacity-reservation-allocation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-interruptible-capacity-reservation-allocation.html) command: ``` aws ec2 create-interruptible-capacity-reservation-allocation \ --capacity-reservation-id cr-1234567890abcdef0 \ --instance-count 10 ``` ------ ## View your interruptible Capacity Reservation After creating an interruptible Capacity Reservation, you can view the interruptible reservation in your account or from a specific resource. ### View all interruptible Capacity Reservations in your account Use the following procedure to view the interruptible Capacity Reservations in your account. ------ #### [ Console ] **To view the interruptible Capacity Reservations in your account** 1. Go to the Capacity Reservations page in the console. 1. Look for reservations with **Interruptible** in the type column. 1. Select the interruptible reservation to view details. ------ #### [ AWS CLI ] **To view the interruptible Capacity Reservations in your account** ``` aws ec2 describe-capacity-reservations \ --capacity-reservation-id cr-interruptible-id \ --filters Name=interruptible,Values=true ``` ------ ### View interruptible Capacity Reservation from a specific source Use the following procedure to view the interruptible Capacity Reservation created from a specific source Capacity Reservation. ``` aws ec2 describe-capacity-reservations \ --capacity-reservation-id cr-source-id ``` In the response, you'll find an `interruptibleCapacityAllocations` object that contains the interruptible Capacity Reservation ID and allocation details. For information about the response structure, see [InterruptibleCapacityAllocation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InterruptibleCapacityAllocation.html) in the *Amazon EC2 API Reference*. ## Modifying your interruptible Capacity Reservation Use the following procedures to edit or cancel your interruptible Capacity Reservation. **Note** When you reduce the allocation, we first reclaim available instances, then running instances, until we meet the requested count. If we can meet the count entirely with available instances, no termination occurs. All modifications to allocated instance count are done through the source Capacity Reservation, not directly on the interruptible Capacity Reservation. You can only modify an interruptible Capacity Reservation by a maximum of 1000 instances at once (increase or decrease). ### Edit your interruptible Capacity Reservation Use the following procedure to edit your interruptible Capacity Reservation. ------ #### [ Console ] 1. From the source Capacity Reservation details page, choose **Actions**. Then, **Edit interruptible Capacity Reservation**. 1. For **Instances to allocate**, enter the new number: + Add more capacity to share + Reclaim capacity to your source Capacity Reservation 1. Choose **Update**. ------ #### [ AWS CLI ] ``` aws ec2 update-interruptible-capacity-reservation-allocation \ --capacity-reservation-id cr-1234567890abcdef0 \ --target-instance-count 80 ``` ------ ### Cancel your interruptible Capacity Reservation Use the following procedure to permanently remove the allocation and return all capacity. ------ #### [ Console ] 1. From the source Capacity Reservation details page, navigate to the interruptible capacity allocation details. 1. Choose **Edit interruptible allocation**. 1. For Instance count, enter **0**. 1. Choose **Update**. ------ #### [ AWS CLI ] ``` aws ec2 update-interruptible-capacity-reservation-allocation \ --capacity-reservation-id cr-1234567890abcdef0 \ --target-instance-count 0 ``` ------ ## Reclamation process and tracking When you reclaim capacity: + Running instances receive a 2-minute interruption warning through EventBridge events. + After the notice period, running instances in the reclaimed capacity enter a shutting down state and get terminated. + When terminated, the reclaimed instances become available in your source Capacity Reservation for immediate use. + Your allocation status changes from **updating** to **active** when complete. Complete reclamation can take a few minutes depending on instance type and shutdown time. For more information about the EventBridge notification you receive when the process is complete, see [Reclamation completion](monitor-interruptible-cr.md#reclamation-completion). ### Track reclamation status Monitor reclamation progress by describing your source reservation: ``` aws ec2 describe-capacity-reservations \ --capacity-reservation-id cr-1234567890abcdef0 ``` The response shows these fields within the `interruptibleCapacityAllocation` object: + `instance-count`: Current allocated instances + `target-instance-count`: Requested quantity after reclamation + `status`: **updating** during reclamation and **active** when complete ## Sharing interruptible reservations You can share interruptible reservations only within your AWS organization using AWS Resource Access Manager (RAM). Considerations: + If a consumer account leaves your organization, the interruptible reservation is automatically unshared from that account. + Any instances running in the unshared reservation are eventually terminated. + All other sharing functionality works the same as standard Capacity Reservations. For complete sharing procedures, see [Sharing Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservation-sharing.html). # Interruptible Capacity Reservations for capacity consumers Capacity consumers The capacity consumer is the account that launches instances into shared interruptible Capacity Reservations, understanding that their instances may be terminated when the owner reclaims capacity. This section covers how you (the capacity consumer) can launch instances into an interruptible Capacity Reservation and learn about what happens when capacity is reclaimed by the owner. **Topics** + [ ## View an interruptible Capacity Reservation ](#view-interruptible-cr-consumer) + [ ## Launch instances into interruptible reservations ](#launch-instances-interruptible) + [ ## Interruption experience ](#interruption-experience) ## View an interruptible Capacity Reservation Use the following procedures to view an interruptible Capacity Reservation. ------ #### [ Console ] **To view interruptible Capacity Reservations in your account** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Choose **Capacity Reservations**. 1. In the **Type** column, look for reservations marked as **Interruptible**. 1. Note the reservation IDs for use in your instance launches. ------ #### [ AWS CLI ] **To find all interruptible Capacity Reservations in your account** Use the [describe-capacity-reservations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-capacity-reservations.html) command: ``` aws ec2 describe-capacity-reservations \ --filters Name=state,Values=active ``` Look for reservations where `Interruptible` is set to `true` in the response. **To filter specifically for interruptible reservations** Use the following command: ``` aws ec2 describe-capacity-reservations \ --capacity-reservation-ids cr-example123 \ --query 'CapacityReservations[?Interruptible==`true`]' ``` ------ **Note** Interruptible Capacity Reservations are by default targeted Capacity Reservations, so you need to target them specifically in your instance launch. Unlike open reservations, interruptible reservations will not automatically cover matching instances. You must explicitly specify the reservation ID when launching. ## Launch instances into interruptible reservations Use the following procedure to launch Amazon EC2 instances into interruptible Capacity Reservations within your account. **Note** We recommend that you only use interruptible Capacity Reservations for applications that can be interrupted. ------ #### [ Console ] **To launch instances into interruptible Capacity Reservations** 1. Open the Amazon Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the Amazon EC2 dashboard, choose **Launch instance**. 1. Configure your instance settings. 1. In **Advanced details** for Capacity Reservation, choose **Launch interruptible instances in your active reservation**. 1. Select the interruptible reservation ID and the new instance purchasing option. 1. Choose **Launch instance**. ------ #### [ AWS CLI ] ``` aws ec2 run-instances \ --instance-type m5.large \ --count 2 \ --image-id ami-12345678 \ --instance-market-options '{ "MarketType": "interruptible-capacity-reservation" }' \ --capacity-reservation-specification '{ "CapacityReservationTarget": { "CapacityReservationId": "cr-abcdef1234567890" } }' ``` ------ ### Launch instances with Auto Scaling Groups You can also launch instances into interruptible reservations using Auto Scaling Groups with launch templates. Configure the launch template with the interruptible market type and reservation ID, then create your Auto Scaling Group using that template. For more information, see [Interruptible Capacity Reservations with EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-interruptible-capacity-reservations.html). ## Interruption experience When capacity is reclaimed by the owner, you receive an interruption notice 2 minutes before instance termination. This warning comes through EventBridge events, giving you time to: + Save your work or checkpoint your applications + Shut down processes + Prepare for instance termination The EventBridge event includes details about which instances will be terminated and the exact termination time. For more information, see [Instance interruption warning](monitor-interruptible-cr.md#instance-interruption-warning). # Monitor interruptible Capacity Reservations with EventBridge and CloudTrail Monitor with EventBridge and CloudTrail Interruptible Capacity Reservations send EventBridge notifications and CloudTrail events to help you monitor and respond to capacity changes. **Topics** + [ ## EventBridge notifications ](#eventbridge-notifications) + [ ## CloudTrail events ](#cloudtrail-events) ## EventBridge notifications You receive two types of EventBridge notifications. For information about how to set up EventBridge notifications, see [Creating Amazon EventBridge rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule.html). ### Instance interruption warning If you're running instances in an interruptible reservation, you receive this notification 2 minutes before your instances are terminated: ``` { "version": "0", "id": "12345678-1234-1234-1234-123456789012", "detail-type": "EC2 Capacity Reservation Instance Interruption Warning", "source": "aws.ec2", "account": "[instance owner Account ID]", "time": "[Current time in yyyy-mm-ddThh:mm:ssZ]", "resources": "[instance arn]", "region": "[region]", "detail": { "instance-id": "[instance-id]", "instance-action": "terminate", "instance-termination-time": "yyyy-mm-ddThh:mm:ssZ", "azId": "[availability-zone-id]" } } ``` ### Reclamation completion If you own the source reservation, you receive this notification when capacity reclamation finishes: ``` { "version": "0", "id": "12345678-1234-1234-1234-123456789012", "detail-type": "EC2 Interruptible Capacity Reservation Allocation Reclamation Completed", "source": "aws.ec2", "account": "[source Capacity Reservation Owner Account ID]", "time": "[Current time in yyyy-mm-ddThh:mm:ssZ]", "region": "us-east-1", "resources": ["source_cr_arn"], "detail": { "sourceCapacityReservationId": "string", "instanceType": "string", "availabilityZoneId": "string", "TotalInstanceCount": "current total count in the source", "ReclaimedInstanceCount": "count of instances added to the source", "targetInstanceCount": "number" } } ``` ## CloudTrail events CloudTrail logs these events for interruptible Capacity Reservations: + `InterruptibleCapacityReservationCreated` — When you create an interruptible allocation + `InterruptibleCapacityReservationAllocationUpdated` — When you modify the allocation + `InterruptibleCapacityReservationCancelled` — When you cancel the allocation + `CapacityReservationModified` — When we modify the source reservation for allocation + `InterruptibleCapacityReservationInstancesTerminated` — When we terminate instances during reclamation # Capacity Blocks for ML Capacity Blocks for ML allow you to reserve GPU-based accelerated computing instances on a future date to support your short duration machine learning (ML) workloads. Instances that run inside a Capacity Block are automatically placed close together inside [ Amazon EC2 UltraClusters](https://aws.amazon.com/ec2/ultraclusters/), for low-latency, petabit-scale, non-blocking networking. You can also use Capacity Blocks to reserve capacity for Amazon EC2 UltraServers. UltraServers connect multiple Amazon EC2 instances within a low-latency, high-bandwidth accelerator interconnect. You can use UltraServers to handle the most compute and memory intensive AI/ML workloads in training, fine-tuning, and inference. For more information, see [Amazon EC2 UltraServers](https://aws.amazon.com/ec2/ultraservers/). With Capacity Blocks, you can see when GPU instance capacity is available on future dates, and you can schedule a Capacity Block to start at a time that works best for you. When you reserve a Capacity Block, you get predictable capacity assurance for GPU instances while paying only for the amount of time that you need. We recommend Capacity Blocks when you need GPUs to support your ML workloads for days or weeks at a time and don't want to pay for a reservation while your GPU instances aren't in use. The following are some common use cases for Capacity Blocks. + **ML model training and fine-tuning** – Get uninterrupted access to the GPU instances that you reserved to complete ML model training and fine-tuning. + **ML experiments and prototypes** – Run experiments and build prototypes that require GPU instances for short durations. Capacity Blocks are available for select instance types in some AWS Regions. For more information, see [Supported instance types and Regions](#capacity-blocks-prerequisites). You can reserve a Capacity Block with a reservation start time up to eight weeks in the future. Each Capacity Block can have up to 64 instances, and you can have up to 256 instances across Capacity Blocks. **Topics** + [ ## Supported instance types and Regions ](#capacity-blocks-prerequisites) + [ ## Supported platforms ](#capacity-blocks-platforms) + [ ## Considerations ](#capacity-blocks-considerations) + [ ## Related resources ](#capacity-blocks-related-resources) + [ # How Amazon EC2 Capacity Blocks work ](capacity-blocks-how.md) + [ # Capacity Blocks pricing and billing ](capacity-blocks-pricing-billing.md) + [ # Find and purchase Capacity Blocks ](capacity-blocks-purchase.md) + [ # Launch instances using Capacity Blocks ](capacity-blocks-launch.md) + [ # View Capacity Blocks ](capacity-blocks-view.md) + [ # Extend Capacity Blocks ](capacity-blocks-extend.md) + [ # Share Capacity Blocks ](capacity-blocks-share.md) + [ # Create a resource group for UltraServer Capacity Blocks ](cb-group.md) + [ # Monitor Capacity Blocks using EventBridge ](capacity-blocks-monitor.md) + [ # Logging Capacity Blocks API calls with AWS CloudTrail ](capacity-blocks-logging-using-cloudtrail.md) ## Supported instance types and Regions Instance and UltraServer Capacity Blocks can use be used with the following instance types and AWS regions. **Note** Capacity Block sizes of 64 instances are not supported for all instance types in all AWS Regions. ### Instance Capacity Blocks + **`p6-b300.48xlarge`** + US West (Oregon) — `us-west-2` + **`p6-b200.48xlarge`** + US East (N. Virginia) — `us-east-1` + US East (Ohio) — `us-east-2` + US West (Oregon) — `us-west-2` + **`p5.4xlarge`** + US East (N. Virginia) — `us-east-1` + US East (Ohio) — `us-east-2` + US West (Oregon) — `us-west-2` + Europe (London) — `eu-west-2` + Asia Pacific (Mumbai) — `ap-south-1` + Asia Pacific (Tokyo) — `ap-northeast-1` + Asia Pacific (Sydney) — `ap-southeast-2` + South America (São Paulo) — `sa-east-1` + **`p5.48xlarge`** + US East (N. Virginia) — `us-east-1` + US East (Ohio) — `us-east-2` + US West (N. California) — `us-west-1` + US West (Oregon) — `us-west-2` + Europe (Stockholm) — `eu-north-1` + Europe (London) — `eu-west-2` + South America (São Paulo) — `sa-east-1` + Asia Pacific (Tokyo) — `ap-northeast-1` + Asia Pacific (Mumbai) — `ap-south-1` + Asia Pacific (Sydney) — `ap-southeast-2` + Asia Pacific (Jakarta) — `ap-southeast-3` + US East (Atlanta) Local Zone — `us-east-1-atl-2a` + **`p5e.48xlarge`** + US East (N. Virginia) — `us-east-1` + US East (Ohio) — `us-east-2` + US West (N. California) — `us-west-1` + US West (Oregon) — `us-west-2` + Europe (Stockholm) — `eu-north-1` + Europe (London) — `eu-west-2` + Europe (Spain) — `eu-south-2` + South America (São Paulo) — `sa-east-1` + Asia Pacific (Tokyo) — `ap-northeast-1` + Asia Pacific (Seoul) — `ap-northeast-2` + Asia Pacific (Mumbai) — `ap-south-1` + Asia Pacific (Jakarta) — `ap-southeast-3` + US West (Phoenix) Local Zone — `us-west-2-phx-2a` + **`p4d.24xlarge`** + US East (N. Virginia) — `us-east-1` + US East (Ohio) — `us-east-2` + US West (Oregon) — `us-west-2` + **`p4de.24xlarge`** + US East (N. Virginia) — `us-east-1` + US West (Oregon) — `us-west-2` + **`trn1.32xlarge`** + US East (N. Virginia) — `us-east-1` + US East (Ohio) — `us-east-2` + US West (N. California) — `us-west-1` + US West (Oregon) — `us-west-2` + Europe (Stockholm) — `eu-north-1` + Asia Pacific (Mumbai) — `ap-south-1` + Asia Pacific (Sydney) — `ap-southeast-2` + Asia Pacific (Melbourne) — `ap-southeast-4` + **`trn2.3xlarge `** + Asia Pacific (Melbourne) — `ap-southeast-4` + South America (São Paulo) — `sa-east-1` + **`trn2.48xlarge`** + US East (Ohio) — `us-east-2` ### UltraServer Capacity Blocks + **`Trn2`** + US East (Ohio) — `us-east-2` + **`P6e-GB200`** + US East (Dallas) Local Zone — `us-east-1-dfw-2a` ## Supported platforms Capacity Blocks for ML currently support instances and UltraServers with default tenancy only. When you use the AWS Management Console to purchase a Capacity Block, the default platform option is Linux/UNIX. When you use the AWS Command Line Interface (AWS CLI) or AWS SDK to purchase a Capacity Block, the following platform options are available: + Linux/Unix + Red Hat Enterprise Linux + RHEL with HA + SUSE Linux + Ubuntu Pro ## Considerations Before you use Capacity Blocks, consider the following details and limitations. + If we detect impairment impacting an UltraServer Capacity Block, we will notify you but generally will not take action to terminate your instances on the Capacity Block. This is to minimize unintended disruption to your workloads. You can continue using the UltraServer Capacity Block as is after receiving this notification or request remediation by terminating all instances on the capacity block and submitting an AWS support case. After we receive your support case, we will notify you when we have completed remediation and you can relaunch instances onto your UltraServer Capacity Block. + For `P6e-GB200` UltraServer Capacity Blocks, you must terminate your instances at least 60 minutes before the Capacity Block end time. + To purchase and use Capacity Blocks in Local Zones, you must be opted in to the Local Zone. + Each Capacity Block can have up to 64 instances, and you can have up to 256 instances across Capacity Blocks. + You can describe Capacity Block offerings that can start in as soon as 30 minutes. + Capacity Blocks end at 11:30AM Coordinated Universal Time (UTC). + The termination process for instances running in a Capacity Block begins at 11:00AM Coordinated Universal Time (UTC) on the final day of the reservation. + Capacity Blocks can be reserved with a start time up to 8 weeks in the future. + Capacity Block cancellations aren't allowed. + UltraServer Capacity Blocks can't be shared across AWS accounts or within your AWS Organization. + Capacity Block can't be [moved](capacity-reservations-move.md) or [split](capacity-reservations-split.md). + Only UltraServer Capacity Blocks can be used with resource groups. Instance Capacity Blocks can't be used with resource groups. For more information, see [Create a resource group for UltraServer Capacity Blocks](cb-group.md). + The total number of instances that can be reserved in Capacity Blocks across all accounts in your AWS Organization can't exceed 256 instances on a particular date. + To use a Capacity Block, instances must specifically target the reservation ID. + Instances in a Capacity Block don't count against your On-Demand Instances limits. + For P5 instances using a custom AMI, ensure that you have the [required software and configuration for EFA](gpu-instances-started.md). + For Amazon EKS managed node groups, see [Create a managed node group with Amazon EC2 Capacity Blocks for ML](https://docs.aws.amazon.com/eks/latest/userguide/capacity-blocks-mng.html). For Amazon EKS self-managed node groups, see [Use Capacity Blocks for ML with self-managed nodes](https://docs.aws.amazon.com/eks/latest/userguide/capacity-blocks.html). ## Related resources After you create a Capacity Block, you can do the following with the Capacity Block: + Launch instances into the Capacity Block. For more information, see [Launch instances using Capacity Blocks](capacity-blocks-launch.md). + Create an Amazon EC2 Auto Scaling group. For more information, see [Use Capacity Blocks for machine learning workloads](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-template-capacity-blocks.html) in the *Amazon EC2 Auto Scaling User Guide*. **Note** If you use Amazon EC2 Auto Scaling or Amazon EKS, you can schedule scaling to run at the start of the Capacity Block reservation. With scheduled scaling, AWS automatically handles retries for you, so you don't need to worry about implementing retry logic to handle transient failures. + Enhance ML workflows with AWS Parallel Computing Service. For more information, see [ Capacity Blocks support for AWS Parallel Computing Service](https://aws.amazon.com/blogs/hpc/announcing-capacity-blocks-support-for-aws-parallel-computing-service/). + Enhance ML workflows with AWS ParallelCluster. For more information, see [ Enhancing ML workflows with AWS ParallelCluster and Amazon EC2 Capacity Blocks for ML](https://aws.amazon.com/blogs/hpc/enhancing-ml-workflows-with-aws-parallelcluster-and-amazon-ec2-capacity-blocks-for-ml/). For more information about AWS Parallel Computing Service, see [What is AWS Parallel Computing Service](https://docs.aws.amazon.com/pcs/latest/userguide/what-is-service.html). For more information about AWS ParallelCluster, see [What is AWS ParallelCluster](https://docs.aws.amazon.com/parallelcluster/latest/ug/what-is-aws-parallelcluster.html). # How Amazon EC2 Capacity Blocks work How it works You can reserve a Capacity Block with the following specifications: + Reserve a start time up to 8 weeks in advance + Set a reservation duration of one to 14 days or a multiple of 7 days, up to 182 days (Examples: 21 days, 28 days) + Configure up to 64 instances per Capacity Block + Configure up to 256 instances across multiple Capacity Blocks For Amazon EC2 UltraServers, each UltraServer corresponds to one Capacity Block. You can request multiple UltraServers through a single request. You can use Capacity Blocks to reserve `p6-b200`, `p5`, `p5e`, `p5en`, `p4d`, `p4de`, `trn1`, and `trn2` instances. You can purchase the following UltraServer types through Capacity Blocks: `P6e-GB200` and `Trn2` (in preview). To reserve a Capacity Block, you start by specifying your capacity needs, including the instance type or UltraServer type, the number of instances or UltraServers, amount of time, earliest start date, and latest end date that you need. Then, you can see an available Capacity Block offering that meets your specifications. The Capacity Block offering includes details such as start time, Availability Zone, and reservation price. The price of a Capacity Block offering depends on available supply and demand at the time the offering was delivered. After you reserve a Capacity Block, the price doesn't change. For more information, see [Capacity Blocks pricing and billing](capacity-blocks-pricing-billing.md). When you purchase a Capacity Block offering, your reservation is created for the date and number of instances that you selected. When your Capacity Block reservation begins, you can target instance launches by specifying the reservation ID in your launch requests. You can use all the instances you reserved until 30 minutes (for instance types) or 60 minutes (for UltraServer type) before the end time of the Capacity Block. With 30 minutes (for instance types) or 60 minutes (for UltraServer types) left in your Capacity Block reservation, we begin terminating any instances that are running in the Capacity Block. We use this time to clean up your instances before delivering the Capacity Block to the next customer. We emit an event through EventBridge 10 minutes before the termination process begins. For more information, see [Monitor Capacity Blocks using EventBridge](capacity-blocks-monitor.md). # Capacity Blocks pricing and billing Pricing and billing With Amazon EC2 Capacity Blocks for ML, you pay only for what you reserve. The price of a Capacity Block depends on available supply and demand for Capacity Blocks at the time of purchase. You can view the price of a Capacity Block offering before you reserve it. The price of the Capacity Block is charged up front at the time the reservation is made. When you search for a Capacity Block across a range of dates, we return the lowest-priced Capacity Block offering available. After you've reserved a Capacity Block, the price doesn't change. When you use a Capacity Block, you pay for the operating system you use when your instances are running. For more information about operating system prices, see [Amazon EC2 Capacity Blocks for ML Pricing](https://aws.amazon.com/ec2/capacityblocks/pricing/). ## Billing The price of a Capacity Block offering is charged up front. Payment is billed to your AWS account within 5 minutes to 12 hours after you purchase a Capacity Block. While your payment is processing, your Capacity Block reservation resource remains in a state of `payment-pending`. If your payment can't be processed at least 5 minutes before your block start time, or within 12 hours (whichever comes first), your Capacity Block is released and the reservation state changes to `payment-failed`. After your payment is processed successfully, the Capacity Block resource state changes from `payment-pending` to `scheduled`. You receive an invoice that reflects the one-time upfront payment. In the invoice, you can associate the paid amount with the Capacity Block reservation ID. When your Capacity Block reservation begins, you are billed based only on the operating system you use while your instances are running in the reservation. You can view your usage and associated charges in your anniversary bill for the month of usage in your AWS Cost and Usage Report. **Note** Savings Plans and Reserved Instance discounts don't apply to Capacity Blocks. **Viewing your bill** You can view your bill in the AWS Billing and Cost Management console. The upfront payment for your Capacity Block appears in the month that you purchased the reservation. After your reservation begins, your bill shows separate lines for the block reservation used and unused time. You can use these line items to see how much time was used in your reservation. You will see only a usage charge in the line for used time if you use a premium operating system. For more information, see [Capacity Blocks pricing and billing](#capacity-blocks-pricing-billing). There is no additional charge for unused time. For more information, see [Viewing your bill](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/getting-viewing-bill.html) in the *AWS Billing and Cost Management User Guide*. If your Capacity Block starts in a different month then the month you purchased your reservation, the upfront price and reservation usage show up under separate billing months. In your AWS Cost and Usage Report, the Capacity Block reservation ID is listed in the **reservation/ReservationARN** line item of your upfront fee and the **lineitem/ResourceID** in your anniversary bill so that you can associate the usage to the corresponding upfront price. # Find and purchase Capacity Blocks Find and purchase To reserve a Capacity Block, you first need to find a block of time when capacity is available that matches your needs. To find a Capacity Block that is available to reserve, you specify the following. + The number of instances that you need + The duration of time you that you need the instances + The date range that you need your reservation To search for an available Capacity Block offering, you specify a reservation duration and instance count. You must specify reservation durations in ** 1-day increments up to 14 days, and in 7-day increments up to 182 days**. Each Capacity Block can have up to 64 instances, and you can have up to 256 instances across Capacity Blocks. When you request a Capacity Block that matches your specifications, we provide the details of up to 6 available blocks. All Capacity Blocks end at 11:30AM UTC, so the blocks starting on the same day will have durations that are the closest match to your desired duration. One block will have a duration that is slightly less than your desired duration, while the other will have a duration slightly greater than your desired duration. The offering details include the start time of the reservation, the Availability Zone for the reservation, and the price of the reservation. For more information, see [Capacity Blocks pricing and billing](capacity-blocks-pricing-billing.md). You can purchase the Capacity Block offering you are shown, or you can modify your search criteria to see the other options that are available. There is no predefined expiration time for the offering, but offerings are only available on a first-come, first-served basis. When you purchase a Capacity Block offering, you get an immediate response confirming that your Capacity Block was reserved. After confirmation, you will see a new Capacity Reservation in your account with a reservation type of `capacity-block` and a `start-date` set to the start time of the offering that you purchased. Your Capacity Block reservation is created with a state of `payment-pending`. After the upfront payment is successfully processed, the reservation state changes to `scheduled`. For more information, see [Billing](capacity-blocks-pricing-billing.md#capacity-blocks-billing). **Note** To purchase and use Capacity Blocks in Local Zones, you must be opted in to the Local Zone. ------ #### [ Console ] **To find and purchase a Capacity Block** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, select an AWS Region. This choice is important because Capacity Block sizes of 64 instances are not supported for all instance types in all Regions. 1. In the navigation pane, choose **Capacity Reservations**, **Create Capacity Block**. 1. Under **Capacity Block types**, choose either **Instances** or ** UltraServers**. 1. Under **Capacity attributes**, you can define your Capacity Block search parameters. By default, the platform is Linux. If you want to select a different operating system, use the AWS CLI. For more information, see [Supported platforms](ec2-capacity-blocks.md#capacity-blocks-platforms). 1. Under **Total capacity** (for Instances) or **UltraServer count** (for UltraServers), specify the number of instances or UltraServers you want to reserve. 1. Under **Duration**, enter the number of days or weeks you need the reservation for. 1. Under **Date range to search for Capacity Blocks**, enter the earliest date that you want your reservation to start. 1. Choose **Find Capacity Blocks**. 1. If a Capacity Block is available that meets your specifications, you see an offering under **Recommended Capacity Blocks**. If there are multiple offerings that meet your specifications, the earliest available Capacity Block offering is shown. To view other Capacity Block offerings, adjust your search inputs and choose **Find Capacity Blocks** again. 1. When you find a Capacity Block offering that you want to purchase, choose **Next**. 1. (Optional) On the **Add tags** page, choose **Add new tag**. 1. The **Review and purchase** page lists the start and end date, duration, total number of instances, and price. **Note** Capacity Blocks can't be canceled after you reserve them. 1. In the popup window **Purchase a Capacity Block**, type confirm, then choose **Purchase**. ------ #### [ AWS CLI ] **To find an instance Capacity Block** Use the [ describe-capacity-block-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-block-offerings.html) command. The following example finds instance Capacity Blocks. ``` aws ec2 describe-capacity-block-offerings \ --instance-type p5.48xlarge \ --instance-count 16 \ --start-date-range 2023-08-14T00:00:00Z \ --end-date-range 2023-10-22-T00:00:00Z \ --capacity-duration-hours 48 \ --all-availability-zones ``` The following example finds UltraServer Capacity Blocks. ``` aws ec2 describe-capacity-block-offerings \ --ultraserver-type u-p6e-gb200x72 \ --ultraserver-count 1 \ --start-date-range 2023-08-14T00:00:00Z \ --end-date-range 2023-10-22-T00:00:00Z \ --capacity-duration-hours 48 ``` **To purchase a Capacity Block** Use the [ purchase-capacity-block](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-capacity-block.html) command with the offering ID of the Capacity Block from the output of the previous example. ``` aws ec2 purchase-capacity-block \ --capacity-block-offering-id cb-0123456789abcdefg \ --instance-platform Linux/UNIX ``` ------ #### [ PowerShell ] **To find Capacity Blocks** Use the [Get-EC2CapacityBlockOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CapacityBlockOffering.html) cmdlet. The following example finds instance Capacity Blocks. ``` Get-EC2CapacityBlockOffering ` -InstanceType p5.48xlarge ` -InstanceCount 16 ` -CapacityDurationHour 48 ` -StartDateRange 2023-08-14T00:00:00Z ` -EndDateRange 2023-10-22-T00:00:00Z ` -AllAvailabilityZones $true ``` The following example finds UltraServer Capacity Blocks. ``` Get-EC2CapacityBlockOffering ` -UltraserverType u-p6e-gb200x72 ` -UltraserverCount 1 ` -CapacityDurationHour 48 ` -StartDateRange 2023-08-14T00:00:00Z ` -EndDateRange 2023-10-22-T00:00:00Z ``` **To purchase a Capacity Block** Use the [New-EC2EC2CapacityBlock](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2EC2CapacityBlock.html) cmdlet with the offering ID of the Capacity Block from the output of the previous example. ``` New-EC2EC2CapacityBlock ` -CapacityBlockOfferingId cb-0123456789abcdefg ` -InstancePlatform Linux/UNIX ``` ------ # Launch instances using Capacity Blocks Launch instances To use your Capacity Block, you must specify the Capacity Block reservation ID when launching instances. Launching an instance into a Capacity Block reduces the available capacity by the number of instances launched. For example, if your purchased instance capacity is eight instances and you launch four instances, the available capacity is reduced by four. If you terminate an instance running in the Capacity Block before the reservation ends, you can launch a new instance in its place. When you stop or terminate an instance in a Capacity Block, it takes several minutes to clean up your instance before you can launch another instance to replace it. During this time, your instance will be in a stopping or `shutting-down` state. After this process is complete, your instance state will change to `stopped` or `terminated`. Then, the available capacity in your Capacity Block will update to show another instance available to use. **Requirements** + Your instance can't launch in a subnet in a different Availability Zone from the Availability Zone where your Capacity Block is located. + Your instance can't launch using an AMI with a different platform than the platform for your Capacity Block. + To use Capacity Blocks in Local Zones, you must be opted in to the Local Zone. ------ #### [ Console ] **To launch instances into a Capacity Block** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, select the Region for your Capacity Block reservation. 1. From the Amazon EC2 console dashboard, choose **Launch instance**. 1. Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md). 1. Expand **Advanced details**, and for **Purchasing option**, choose **Capacity Blocks**. Then do one of the following: + To launch the instances into a specific Capacity Block, for **Capacity Reservation** choose **Specify Capacity Reservation**, and then select the Capacity Block. + (*UltraServers only*) To launch the instances into an UltraServer Capacity Block resource group, for **Capacity Reservation** choose **Specify Capacity Reservation resource group**, and then select the resource group. 1. Choose **Launch instance**. ------ #### [ AWS CLI ] **To launch instances using into a Capacity Block** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command with the `instance-market-options MarketType` option. The following example launches an instance into a specific Capacity Block. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type p5.48xlarge \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --instance-market-options MarketType='capacity-block' \ --capacity-reservation-specification CapacityReservationTarget={CapacityReservationId=capacity_block_id} ``` The following example launches an instance into an UltraServer Capacity Block resource group. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --count 1 \ --instance-type p6e-gb200.36xlarge \ --key-name my-key-pair \ --subnet-id subnet-0abcdef1234567890 \ --instance-market-options MarketType='capacity-block' \ --capacity-reservation-specification CapacityReservationTarget={CapacityReservationResourceGroupArn=resource_group_arn} ``` ------ #### [ PowerShell ] **To launch instances into a Capacity Block** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet with the `-InstanceMarketOption` option defined as follows. ``` $marketoption = New-Object Amazon.EC2.Model.InstanceMarketOptionsRequest $marketoption.MarketType = "capacity-block" ``` The following example launches an instance into a specific Capacity Block. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType p5.48xlarge ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -InstanceMarketOptions $marketoption ` -CapacityReservationTarget_CapacityReservationId capacity_block_id ``` The following example launches an instance into an UltraServer Capacity Block resource group. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType p6e-gb200.36xlarge ` -KeyName "my-key-pair" ` -SubnetId subnet-0abcdef1234567890 ` -InstanceMarketOptions $marketoption ` -CapacityReservationTarget_CapacityReservationResourceGroupArn "resource_group_arn" ``` ------ **Related resources** + To create a launch template targeting a Capacity Block, see [Store instance launch parameters in Amazon EC2 launch templates](ec2-launch-templates.md). + To launch instances into a Capacity Block using EC2 Fleet, see [Tutorial: Configure your EC2 Fleet to launch instances into Capacity Blocks](ec2-fleet-launch-instances-capacity-blocks-walkthrough.md). + To set up an EKS managed node group with a Capacity Block, see [Create a managed node group with Capacity Blocks for ML](https://docs.aws.amazon.com/eks/latest/userguide/capacity-blocks-mng.html) in the **Amazon EKS User Guide**. + To set up AWS ParallelCluster using a Capacity Block, see [ML on AWS ParallelCluster](https://catalog.workshops.aws/ml-on-aws-parallelcluster/en-US). # View Capacity Blocks View After you reserve a Capacity Block, you can view the Capacity Block reservation in your AWS account. You can view the `start-date` and `end-date` to see when your reservation will begin and end. Before a Capacity Block reservation begins, the available capacity appears as zero. You can see how many instances will be available in your Capacity Block by the tag value for the tag key `aws:ec2capacityreservation:incrementalRequestedQuantity`. When a Capacity Block reservation begins, the reservation state changes from `scheduled` to `active`. We emit an event through Amazon EventBridge to notify you that the Capacity Block is available to use. For more information, see [Monitor Capacity Blocks using EventBridge](capacity-blocks-monitor.md). Capacity Blocks have the following states: + `payment-pending` – The upfront payment hasn't been processed yet. + `payment-failed`—The payment couldn't be processed in the 12 hour time frame. Your Capacity Block was released. + `scheduled` – The payment was processed and the Capacity Block reservation hasn't started yet. + `active` – The reserved capacity is available for your use. + `expired` – The Capacity Block reservation expired automatically at the date and time specified in your reservation request. The reserved capacity is no longer available for your use. ------ #### [ Console ] **To view Capacity Blocks** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. On the **Capacity Reservations overview** page, you see a resource table with details about all of your Capacity Reservation resources. To find your Capacity Blocks reservations, select **Capacity Blocks** from the dropdown list above **Capacity Reservation ID**. In the table, you can see information about your Capacity Blocks such as start and end dates, duration, and status. 1. For more details about a Capacity Block, select the reservation ID for the Capacity Block that you want to view. The **Capacity Reservation details** page displays all the properties of the reservation and the number of instances in use and available in the Capacity Block. **Note** Before a Capacity Block reservation begins, the available capacity appears as zero. You can see how many instances will be available when the Capacity Block reservation starts by using the following tag value for the tag key: `aws:ec2capacityreservation:incrementalRequestedQuantity`. ------ #### [ AWS CLI ] **To view Capacity Blocks** By default, when you use the [describe-capacity-reservations](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-reservations.html) command both On-Demand Capacity Reservations and Capacity Block reservations are listed. To view only your Capacity Block reservations, filter for reservations of type `capacity-block`. ``` aws ec2 describe-capacity-reservations \ --filters Name=reservation-type,Values=capacity-block ``` ------ #### [ PowerShell ] **To view Capacity Blocks** Use the [Get-EC2CapacityReservation](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CapacityReservation.html) cmdlet. By default, both On-Demand Capacity Reservations and Capacity Block reservations are listed. To view only your Capacity Block reservations, filter for reservations of type `capacity-block`. ``` Get-EC2CapacityReservation ` -Filter @{Name="reservation-type"; Values="capacity-block"} ``` ------ # Extend Capacity Blocks Extend With Capacity Blocks, you reserve compute capacity for your workloads, ensuring availability and consistency. To accommodate your changing needs, you can extend the duration of your existing Capacity Blocks as required. To extend a Capacity Block, it must have a status of `active` or `scheduled`, and have no extensions that are `payment-pending`. You can request to extend the duration of your Capacity Block up to a minimum of 1 hour or a maximum of 56 days before it expires. You can extend your Capacity Block by 1-day increments up to 14 days, and 7-day increments up to 182 days (26 weeks) total. When you extend your Capacity Block, its end date will be updated so that your instances can continue to run without disruption. + There is no limit to the number of extensions you can apply to a Capacity Block + Your Capacity Reservation ID will remain the same after extending the block + Capacity Blocks can only be extended if there is sufficient capacity available to support them, which is not guaranteed. ## Billing The price of a Capacity Block offering is charged up front. The extension will remain in `payment-pending` until the bill is paid. If your payment can't be processed within 12 hours, or up to 35 minutes before the Capacity Block is scheduled to end (whichever comes first), your extension is not successful and the status changes to `payment-failed`. Your Capacity Block reservation will remain `active` and will be terminated on the original end date. After your payment is processed successfully, the Capacity Block extension status changes to `payment-succeeded` and the end date of the Capacity Block reservation will be updated to the new end date. The details of your extension can be viewed in the **Capacity Block Extension details** section of the console, or by using the [describe-capacity-block-extension-history](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-block-extension-history.html) command. ## Extend your Capacity Block ------ #### [ Console ] **To extend a Capacity Block** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. On the **Capacity Reservations overview** page, you see a resource table with details about all of your Capacity Reservations resources. Select the reservation ID for the Capacity Block that you want to extend. 1. From the **Actions** drop down menu, choose **Extend Capacity Block**. 1. Under **Duration**, enter the number of days or weeks you need to extend the reservation for. 1. Choose **Find Capacity Block**. 1. If a Capacity Block is available that meets your specifications, an offering appears under **Recommended Capacity Blocks**. To view other Capacity Block offerings, adjust your search inputs and choose **Find Capacity Blocks** again. 1. When you find a Capacity Block offering that you want to purchase, choose **Extend**. 1. In the pop-up window **Extend Capacity Block**, enter *confirm*, then choose **Extend**. ------ #### [ AWS CLI ] **To find a Capacity Block extension** Use the [describe-capacity-block-extension-offerings](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-capacity-block-extension-offerings.html) command. The following example searches for a 48 hour Capacity Block extension for the specified Reservation. ``` aws ec2 describe-capacity-block-extension-offerings \ --capacity-reservation-id cr-1234567890abcdefg \ --capacity-block-extension-duration-hours 48 ``` **To extend a Capacity Block** Use the [purchase-capacity-block-extension](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-capacity-block-extension.html) command. Specify the extension offering ID from the output of the previous example. ``` aws ec2 purchase-capacity-block-extension \ --capacity-block-extension-offering-id cbe-0123456789abcdefg \ --capacity-reservation-id cr-1234567890abcdefg ``` ------ #### [ PowerShell ] **To find a Capacity Block extension** Use the [Get-EC2CapacityBlockExtensionOffering](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2CapacityBlockExtensionOffering.html) cmdlet. The following example searches for a 48 hour Capacity Block extension for the specified Reservation. ``` Get-EC2CapacityBlockExtensionOffering ` -CapacityReservationId cr-1234567890abcdefg ` -CapacityBlockExtensionDurationHour 48 ``` **To extend a Capacity Block** Use the [Invoke-EC2CapacityBlockExtension](https://docs.aws.amazon.com/powershell/latest/reference/items/Invoke-EC2CapacityBlockExtension.html) cmdlet. Specify the extension offering ID from the output of the previous example. ``` Invoke-EC2CapacityBlockExtension ` -CapacityBlockExtensionOfferingId cbe-0123456789abcdefg ` -CapacityReservationId cr-1234567890abcdefg ``` ------ # Share Capacity Blocks Share Capacity Block sharing enables Capacity Block owners to share Amazon EC2 Capacity Blocks with other AWS accounts within an AWS Organization. This allows you to maximize utilization of reserved GPU capacity across different teams and projects to efficiently use the Capacity Blocks. The AWS account that owns the Capacity Block (owner) can share it with other AWS accounts (consumers). An owner can share a Capacity Block with specific AWS accounts inside their AWS Organization, an organizational unit inside their AWS Organization, or the entire AWS Organization. Consumers can launch instances into Capacity Blocks that are shared with them in the same way that they launch instances into Capacity Blocks they own. ## Prerequisites for sharing Capacity Blocks Before you can share a Capacity Block, the following conditions must be met: + **You must own the Capacity Block** - You cannot share a Capacity Block that has been shared with you. + **The Capacity Block state must be active or scheduled** - Capacity Blocks that are in other [states](https://docs.aws.amazon.com/cli/latest/reference/ec2/purchase-capacity-block.html), such as `expired` or `payment-pending` cannot be shared. + **Sharing within your AWS Organization only** - An owner can share a Capacity Block with specific AWS accounts inside their AWS Organization, an organizational unit inside their AWS Organization, or the entire AWS Organization. + **UltraServer Capacity Blocks not supported** - You cannot share Capacity Blocks for Amazon EC2 UltraServers. + **Account eligibility** - Capacity Block sharing is not available to new AWS accounts or AWS accounts that have a limited billing history. ## Related services Capacity Block sharing integrates with AWS Resource Access Manager (AWS RAM). AWS RAM is a service that enables you to share your AWS resources with any AWS account or through AWS Organizations. With AWS RAM, you share resources that you own by creating a *resource share*. A resource share specifies the resources to share, and the consumers with whom to share them. Consumers can be individual AWS accounts, or organizational units or an entire organization from AWS Organizations. For more information about AWS RAM, see the *[AWS RAM User Guide](https://docs.aws.amazon.com/ram/latest/userguide/)*. ## Shared Capacity Block permissions ### Permissions for owners The Capacity Block owner remains responsible for managing the Capacity Block (e.g. extending, sharing), and the instances they launch into it. Owners cannot modify instances that consumers launch into Capacity Blocks they have shared. ### Permissions for consumers Consumers can launch instances into the shared capacity and are responsible for managing those instances. Consumers cannot view or modify instances owned by other consumers or by the Capacity Block owner. Consumers can also only view the total capacity and available capacity in the shared Capacity Block. ## Share a Capacity Block To share a Capacity Block, you must add it to a resource share. A resource share is an AWS RAM resource that lets you share your resources across AWS accounts. If you added your Capacity Block to a resource share that is shared with the entire AWS Organization, consumers in your organization are granted access to the shared Capacity Block. ------ #### [ Console ] **To share a Capacity Block that you own using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. Select the Capacity Block to share and choose **Actions, Share reservation**. 1. Select the resource share to which to add the Capacity Block and choose **Share Capacity Reservation**. It could take a few minutes for consumers to get access to the shared Capacity Block. **To add a Capacity Block to a new resource share** You must first create the resource share using the AWS RAM console. For more information, see [Creating a resource share](https://docs.aws.amazon.com/ram/latest/userguide/working-with-sharing.html#working-with-sharing-create) in the *AWS RAM User Guide*. ------ #### [ AWS CLI ] **To share a Capacity Block that you own** Use the [create-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/create-resource-share.html) and [associate-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/associate-resource-share.html) commands. ``` aws ram create-resource-share \ --name my-resource-share \ --resource-arns arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE ``` ``` aws ram associate-resource-share \ --resource-share-arn arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE \ --resource-arns arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE ``` ------ #### [ PowerShell ] **To share a Capacity Block that you own** Use the [New-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/New-RAMResourceShare.html) and [Connect-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/Connect-RAMResourceShare.html) cmdlets. ``` New-RAMResourceShare ` -Name my-resource-share ` -ResourceArn "arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE" ``` ``` Connect-RAMResourceShare ` -ResourceShareArn "arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE" ` -ResourceArn "arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE" ``` ------ Capacity Blocks operate on a **first-come, first-served basis** for all accounts, regardless of ownership status. When you share a Capacity Block, if a consumer launches instances before the owner, those instances occupy the capacity until the consumer terminates the instances or until 30 minutes before the Capacity Block expires. ## Stop sharing a Capacity Block You can stop sharing a Capacity Block at any time until 30 minutes before the block expiry date. **What happens when you stop sharing:** + Consumers can no longer launch new instances into the Capacity Block that was unshared. + Any running instances continue running until 30 minutes before the Capacity Block expiry date, unless terminated by the consumer. ------ #### [ Console ] **To stop sharing a Capacity Block that you own using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Capacity Reservations**. 1. Select the Capacity Block and choose the **Sharing** tab. 1. The **Sharing** tab lists the resource shares to which the Capacity Block has been added. Select the resource share from which to remove the Capacity Block. 1. Choose **Remove from resource share**. ------ #### [ AWS CLI ] **To stop sharing a Capacity Block that you own** Use the [disassociate-resource-share](https://docs.aws.amazon.com/cli/latest/reference/ram/disassociate-resource-share.html) command. ``` aws ram disassociate-resource-share \ --resource-share-arn arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE \ --resource-arns arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE ``` ------ #### [ PowerShell ] **To stop sharing a Capacity Block that you own** Use the [Disconnect-RAMResourceShare](https://docs.aws.amazon.com/powershell/latest/reference/items/Disconnect-RAMResourceShare.html) cmdlet. ``` Disconnect-RAMResourceShare ` -ResourceShareArn "arn:aws:ram:us-east-2:123456789012:resource-share/7ab63972-b505-7e2a-420d-6f5d3EXAMPLE" ` -ResourceArn "arn:aws:ec2:us-east-2:123456789012:capacity-reservation/cr-1234abcd56EXAMPLE" ``` ------ ## Monitor shared Capacity Block usage Capacity Block owners can monitor which accounts are using their shared Capacity Blocks and track instance usage per account. ------ #### [ AWS CLI ] **To monitor usage of a Capacity Block** Use the [get-capacity-reservation-usage](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-capacity-reservation-usage.html) command. ``` aws ec2 get-capacity-reservation-usage \ --capacity-reservation-id cr-1234abcd56EXAMPLE ``` **This API enables owners to:** + View which accounts are currently using the Capacity Block. + See the number of instances each account is running. ------ ## Instance termination notices Owner and consumer accounts that have instances running in the Capacity Block will receive an EventBridge event 40 minutes before the Capacity Block reservation ends, indicating that any instances running in the reservation will begin to terminate in 10 minutes. For more information, see [Monitor Capacity Blocks using EventBridge](capacity-blocks-monitor.md). ## Capacity Block extensions Capacity Blocks can be extended while they are shared. Only the owner account can extend a shared Capacity Block. When a Capacity Block is extended, running instances launched by the owner or consumers automatically inherit the new expiry date, and consumers can continue using the shared capacity until the new expiry date without any instance interruption. ## Pricing and billing Owners are billed for the Capacity Blocks they share and pay upfront for the Capacity Block when they purchase it. Owners also pay for operating system charges for instances they run on the Capacity Block. Consumers are billed only for the operating system charges for instances they run in the shared Capacity Block. Consumers are not charged for the Capacity Block reservation itself. # Create a resource group for UltraServer Capacity Blocks Create UltraServer group You can use AWS Resource Groups to create logical collections of UltraServer Capacity Blocks. After you create the resource group, you can add UltraServer Capacity Blocks that you own in your account. After you add the UltraServer Capacity Blocks, you can target instances launches to the resource group instead of the individual Capacity Blocks. Instances that target a resource group match with any UltraServer Capacity Blocks in the group that has matching attributes and available capacity. If the resource group does not have an UltraServer Capacity Block with matching attributes and available capacity, the instance launch fails. If an UltraServer Capacity Block is removed from a resource group while it has running instances, those instances continue to run in the Capacity Block. If an UltraServer Capacity Block in a group ends while it has running instances, the instances are terminated. You can't add instance Capacity Blocks to a resource group. To create a resource group for UltraServer Capacity Blocks, use one of the following methods. ------ #### [ AWS CLI ] **To create a resource group for UltraServer Capacity Blocks** Use the [create-group](https://docs.aws.amazon.com/cli/latest/reference/resource-groups/create-group.html) AWS CLI command, and for `--configuration`, specify the following: ``` { "Configuration": [ { "Type": "AWS::EC2::CapacityReservationPool", "Parameters": [ { "Name": "instance-type", "Values": [ "instance_type" ] }, { "Name": "reservation-type", "Values": [ "capacity-block" ] } ] }, { "Type": "AWS::ResourceGroups::Generic", "Parameters": [ { "Name": "allowed-resource-types", "Values": [ "AWS::EC2::CapacityReservation" ] } ] } ] } ``` ------ #### [ PowerShell ] **To create a resource group for UltraServer Capacity Blocks** Use the [New-RGGroup](https://docs.aws.amazon.com/powershell/latest/reference/items/New-RGGroup.html) cmdlet. For `-Configuration`, specify the following: ``` { "Configuration": [ { "Type": "AWS::EC2::CapacityReservationPool", "Parameters": [ { "Name": "instance-type", "Values": [ "instance_type" ] }, { "Name": "reservation-type", "Values": [ "capacity-block" ] } ] }, { "Type": "AWS::ResourceGroups::Generic", "Parameters": [ { "Name": "allowed-resource-types", "Values": [ "AWS::EC2::CapacityReservation" ] } ] } ] } ``` ------ After you create a resource group for UltraServer Capacity Block, use one of the following methods to add existing UltraServer Capacity Blocks to it. ------ #### [ AWS CLI ] **To add an UltraServer Capacity Block to a resource group** Use the [ group-resources](https://docs.aws.amazon.com/cli/latest/reference/resource-groups/group-resources.html) command. For `--group` specify the name of the resource group you created. For `--resource-arns`, specify the ARNs of the UltraServer Capacity Blocks to add. ``` aws resource-groups group-resources \ --group MyCRGroup \ --resource-arns CapacityReservationArn ``` ------ #### [ PowerShell ] **To add an UltraServer Capacity Block to a resource group** Use the [Add-RGResource](https://docs.aws.amazon.com/powershell/latest/reference/items/Add-RGResource.html) cmdlet. For `-Group` specify the name of the resource group you created. For `-ResourceArn `, specify the ARNs of the UltraServer Capacity Blocks to add. The following example adds two Capacity Reservations to the specified group. ``` Add-RGResource ` -Group MyCRGroup ` -ResourceArn CapacityReservationArn ``` ------ # Monitor Capacity Blocks using EventBridge Monitor using EventBridge When your Capacity Block reservation starts, Amazon EC2 will emit an event through EventBridge that indicates your capacity is ready to use. Forty minutes before your Capacity Block reservation ends, you receive another EventBridge event that tells you that any instances running in the reservation will begin to terminate in 10 minutes. For more information about EventBridge events, see [Amazon EventBridge Events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-events.html). The following event structures for events emitted for Capacity Blocks: **Capacity Block Delivered** The following example shows an event for Capacity Block Delivered. ``` { "customer_event_id": "[Capacity Reservation Id]-delivered", "detail_type": "Capacity Block Reservation Delivered", "source": "aws.ec2", "account": "[Customer Account ID]", "time": "[Current time]", "resources": [ "[ODCR ARN]" ], "detail": { "capacity-reservation-id": "[ODCR ID]", "end-date": "[ODCR End Date]" } } ``` **Capacity Block Expiration Warning** The following example shows an event for Capacity Block Expiration Warning. ``` { "customer_event_id": "[Capacity Reservation Id]-approaching-expiry", "detail_type": "Capacity Block Reservation Expiration Warning", "source": "aws.ec2", "account": "[Customer Account ID]", "time": "[Current time]", "resources": [ "[ODCR ARN]" ], "detail": { "capacity-reservation-id": "[ODCR ID]", "end-date": "[ODCR End Date]" } } ``` **Capacity Reservation Instance Interruption Warning** The following example shows an event for EC2 Capacity Reservation Instance Interruption Warning. ``` { "version": "0", "id": "12345678-1234-1234-1234-123456789012", "detail_type": "EC2 Capacity Reservation Instance Interruption Warning", "source": "aws.ec2", "account": "[Customer Account ID]", "time": "[Current time]", "region": "[Region]", "resources": [ "[Instance ARN]" ], "detail": { "instance-id": "[Instance ID]", "instance-action": "terminate", "instance-termination-time": "[Current time]", "availability-zone-id": "[Availability Zone ID]", "instance-lifecycle": "capacity-block" } } ``` # Logging Capacity Blocks API calls with AWS CloudTrail Logging API calls with CloudTrail Capacity Blocks is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Capacity Blocks. CloudTrail captures API calls for Capacity Blocks as events. The calls captured include calls from the Capacity Blocks console and code calls to the Capacity Blocks API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Capacity Blocks. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in **Event history**. Using the information collected by CloudTrail, you can determine the request that was made to Capacity Blocks, the IP address from which the request was made, who made the request, when it was made, and additional details. To learn more about CloudTrail, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html). ## Capacity Blocks information in CloudTrail CloudTrail is enabled on your AWS account when you create the account. When activity occurs in Capacity Blocks, that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your AWS account. For more information, see [Viewing events with CloudTrail Event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). For an ongoing record of events in your AWS account, including events for Capacity Blocks, create a trail. A *trail* enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: + [Overview for creating a trail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html) + [CloudTrail supported services and integrations](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html) + [Configuring Amazon SNS notifications for CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html) + [Receiving CloudTrail log files from multiple regions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html) and [Receiving CloudTrail log files from multiple accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html) All Capacity Blocks actions are logged by CloudTrail and are documented in the Amazon EC2 API Reference. For example, calls to the `CapacityBlockScheduled`, and `CapacityBlockActive` actions generate entries in the CloudTrail log files. Every event or log entry contains information about who generated the request. The identity information helps you determine the following: + Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials. + Whether the request was made with temporary security credentials for a role or federated user. + Whether the request was made by another AWS service. For more information, see the [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html). ## Understanding Capacity Blocks log file entries A trail is a configuration that enables delivery of events as log files to an Amazon S3 bucket that you specify. CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so they don't appear in any specific order. The following examples show CloudTrail log entries for: + [TerminateCapacityBlocksInstances](#understanding-capacity-blocks-entries-terminatecapacityblockinstances) + [CapacityBlockPaymentFailed](#understanding-capacity-blocks-entries-capacityblockpaymentfailed) + [CapacityBlockScheduled](#understanding-capacity-blocks-entries-capacityblockscheduled) + [CapacityBlockActive](#understanding-capacity-blocks-entries-capacityblockactive) + [CapacityBlockFailed](#understanding-capacity-blocks-entries-capacityblockfailed) + [CapacityBlockExpired](#understanding-capacity-blocks-entries-capacityblockexpired) **Note** Some fields have been redacted from the examples for data privacy. ### TerminateCapacityBlocksInstances ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal;" }, "eventTime": "2023-10-02T00:06:08Z", "eventSource": "ec2.amazonaws.com", "eventName": "TerminateCapacityBlockInstances", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.25", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": null, "responseElements": null, "eventID": "a1b2c3d4-EXAMPLE", "readOnly": false, "resources": [ { "accountId": "123456789012", "type": "AWS::EC2::Instance", "ARN": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0" } { "accountId": "123456789012", "type": "AWS::EC2::Instance", "ARN": "arn:aws:ec2:us-east-1:123456789012:instance/i-0598c7d356eba48d7" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "capacityReservationId": "cr-12345678", } } ``` ### CapacityBlockPaymentFailed ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal;" }, "eventTime": "2023-10-02T00:06:08Z", "eventSource": "ec2.amazonaws.com", "eventName": "CapacityBlockPaymentFailed", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.25", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": null, "responseElements": null, "eventID": "a1b2c3d4-EXAMPLE", "readOnly": false, "resources": [ { "ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678", "accountId": "123456789012", "type": "AWS::EC2::CapacityReservation" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "capacityReservationId": "cr-12345678", "capacityReservationState": "payment-failed" } } ``` ### CapacityBlockScheduled ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal;" }, "eventTime": "2023-10-02T00:06:08Z", "eventSource": "ec2.amazonaws.com", "eventName": "CapacityBlockScheduled", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.25", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": null, "responseElements": null, "eventID": "a1b2c3d4-EXAMPLE", "readOnly": false, "resources": [ { "ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678", "accountId": "123456789012", "type": "AWS::EC2::CapacityReservation" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "capacityReservationId": "cr-12345678", "capacityReservationState": "scheduled" } } ``` ### CapacityBlockActive ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal;" }, "eventTime": "2023-10-02T00:06:08Z", "eventSource": "ec2.amazonaws.com", "eventName": "CapacityBlockActive", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.25", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": null, "responseElements": null, "eventID": "a1b2c3d4-EXAMPLE", "readOnly": false, "resources": [ { "ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678", "accountId": "123456789012", "type": "AWS::EC2::CapacityReservation" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "capacityReservationId": "cr-12345678", "capacityReservationState": "active" } } ``` ### CapacityBlockFailed ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal;" }, "eventTime": "2023-10-02T00:06:08Z", "eventSource": "ec2.amazonaws.com", "eventName": "CapacityBlockFailed", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.25", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": null, "responseElements": null, "eventID": "a1b2c3d4-EXAMPLE", "readOnly": false, "resources": [ { "ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678", "accountId": "123456789012", "type": "AWS::EC2::CapacityReservation" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "capacityReservationId": "cr-12345678", "capacityReservationState": "failed" } } ``` ### CapacityBlockExpired ``` { "eventVersion": "1.05", "userIdentity": { "accountId": "123456789012", "invokedBy": "AWS Internal;" }, "eventTime": "2023-10-02T00:06:08Z", "eventSource": "ec2.amazonaws.com", "eventName": "CapacityBlockExpired", "awsRegion": "us-east-1", "sourceIPAddress": "203.0.113.25", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": null, "responseElements": null, "eventID": "a1b2c3d4-EXAMPLE", "readOnly": false, "resources": [ { "ARN": "arn:aws:ec2:us-east-1:123456789012:capacity-reservation/cr-12345678", "accountId": "123456789012", "type": "AWS::EC2::CapacityReservation" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "123456789012", "serviceEventDetails": { "capacityReservationId": "cr-12345678", "capacityReservationState": "expired" } } ``` # Store instance launch parameters in Amazon EC2 launch templates Launch templates You can use an Amazon EC2 *launch template* to store instance launch parameters so that you don't have to specify them every time you launch an Amazon EC2 instance. For example, you can create a launch template that stores the AMI ID, instance type, and network settings that you typically use to launch instances. When you launch an instance using the Amazon EC2 console, an AWS SDK, or a command line tool, you can specify the launch template instead of entering the parameters again. For each launch template, you can create one or more numbered *launch template versions*. Each version can have different launch parameters. When you launch an instance from a launch template, you can use any version of the launch template. If you don't specify a version, the default version is used. You can set any version of the launch template as the default version—by default, it's the first version of the launch template. The following diagram shows a launch template with three versions. The first version specifies the instance type, AMI ID, subnet, and key pair to use to launch the instance. The second version is based on the first version and also specifies a security group for the instance. The third version uses different values for some of the parameters. Version 2 is set as the default version. If you launched an instance from this launch template, the launch parameters from version 2 would be used if no other version were specified. ![\[Launch template with three versions.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/launch-template-diagram.png) **Topics** + [ # Restrictions for Amazon EC2 launch templates ](launch-template-restrictions.md) + [ # IAM permissions required for Amazon EC2 launch templates ](permissions-for-launch-templates.md) + [ # Use Amazon EC2 launch templates to control launching Amazon EC2 instances ](use-launch-templates-to-control-launching-instances.md) + [ # Create an Amazon EC2 launch template ](create-launch-template.md) + [ # Modify a launch template (manage launch template versions) ](manage-launch-template-versions.md) + [ # Delete a launch template or a launch template version ](delete-launch-template.md) # Restrictions for Amazon EC2 launch templates Restrictions The following restrictions apply to launch templates and launch template versions: + **Quotas** – To view the quotas for your launch templates and launch template versions, open the [Service Quotas](https://console.aws.amazon.com/servicequotas/) console or use the [ list-service-quotas](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-service-quotas.html) AWS CLI command. Each AWS account can have up to a maximum of 5,000 launch templates per Region and up to 10,000 versions per launch template. Your accounts might have different quotas based on their age and usage history. + **Parameters are optional** – Launch template parameters are optional. However, you must ensure that your instance launch request includes all required parameters. For example, if your launch template does not include an AMI ID, you must specify an AMI ID when launching an instance with this launch template. + **Parameters not validated** – Launch template parameters are not fully validated when you create the launch template. If you specify incorrect values or use unsupported parameter combinations, instances will fail to launch using this launch template. To avoid issues, make sure to specify correct values and use supported parameter combinations. For example, to launch an instance in a placement group, you must specify a supported instance type. + **Tags** – You can tag a launch template, but you can't tag a launch template version. + **Immutable** – Launch templates are immutable. To modify a launch template, you must create a new version of the launch template. + **Version numbers** – Launch template versions are numbered in the order in which they are created. When you create a launch template version, you can't specify the version number yourself. # IAM permissions required for Amazon EC2 launch templates Permissions You can use IAM permissions to control whether users can list, view, create, or delete launch templates or launch template versions. **Important** You can't use resource-level permissions to restrict the resources that users can specify in a launch template when they create a launch template or launch template version. Therefore, make sure that only trusted administrators are granted permission to create launch templates and launch template versions. You must grant anyone that will use a launch template the permissions required to create and access the resources that are specified in the launch template. For example: + To launch an instance from a shared private Amazon Machine Image (AMI), the user must have launch permission for the AMI. + To create EBS volumes with tags from existing snapshots, the user must have read access to the snapshots, and permissions to create and tag volumes. **Topics** + [ ## ec2:CreateLaunchTemplate ](#permissions-for-launch-templates-create) + [ ## ec2:DescribeLaunchTemplates ](#permissions-for-launch-templates-view) + [ ## ec2:DescribeLaunchTemplateVersions ](#permissions-for-launch-template-versions-view) + [ ## ec2:DeleteLaunchTemplate ](#permissions-for-launch-templates-delete) + [ ## Control versioning permissions ](#permissions-for-launch-template-versions) + [ ## Control access to tags on launch templates ](#permissions-for-launch-templates-tags) ## ec2:CreateLaunchTemplate To create a launch template in the console or by using the APIs, the principal must have the `ec2:CreateLaunchTemplate` permission in an IAM policy. Whenever possible, use tags to help you control access to the launch templates in your account. For example, the following IAM policy statement gives the principal permission to create launch templates only if the template uses the specified tag (*`purpose`*=*`testing`*). ``` { "Sid": "IAMPolicyForCreatingTaggedLaunchTemplates", "Action": "ec2:CreateLaunchTemplate", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/purpose": "testing" } } } ``` Principals who create launch templates might need some related permissions, such as: + **ec2:CreateTags** – To add tags to the launch template during the `CreateLaunchTemplate` operation, the `CreateLaunchTemplate` caller must have the `ec2:CreateTags` permission in an IAM policy. + **ec2:RunInstances** – To launch EC2 instances from the launch template that they created, the principal must also have the `ec2:RunInstances` permission in an IAM policy. For resource-creating actions that apply tags, users must have the `ec2:CreateTags` permission. The following IAM policy statement uses the `ec2:CreateAction` condition key to allow users to create tags only in the context of `CreateLaunchTemplate`. Users cannot tag existing launch templates or any other resources. For more information, see [Grant permission to tag Amazon EC2 resources during creation](supported-iam-actions-tagging.md). ``` { "Sid": "IAMPolicyForTaggingLaunchTemplatesOnCreation", "Action": "ec2:CreateTags", "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1:111122223333:launch-template/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateLaunchTemplate" } } } ``` The IAM user who creates a launch template doesn't automatically have permission to use the launch template that they created. Like any other principal, the launch template creator needs to get permission through an IAM policy. If an IAM user wants to launch an EC2 instance from a launch template, they must have the `ec2:RunInstances` permission. When granting these permissions, you can specify that users can only use launch templates with specific tags or specific IDs. You can also control the AMI and other resources that anyone using launch templates can reference and use when launching instances by specifying resource-level permissions for the `RunInstances` call. For example policies, see [Launch templates](ExamplePolicies_EC2.md#iam-example-runinstances-launch-templates). ## ec2:DescribeLaunchTemplates To list and view launch templates in the account, the principal must have the `ec2:DescribeLaunchTemplates` permission in an IAM policy. Because `Describe` actions do not support resource-level permissions, you must specify them without conditions and the value of the resource element in the policy must be `"*"`. For example, the following IAM policy statement gives the principal permission to list and view all launch templates in the account. ``` { "Sid": "IAMPolicyForDescribingLaunchTemplates", "Action": "ec2:DescribeLaunchTemplates", "Effect": "Allow", "Resource": "*" } ``` ## ec2:DescribeLaunchTemplateVersions Principals who list and view launch templates should also have the `ec2:DescribeLaunchTemplateVersions` permission to retrieve the entire set of attributes that make up the launch templates. To list and view launch template versions in the account, the principal must have the `ec2:DescribeLaunchTemplateVersions` permission in an IAM policy. Because `Describe` actions do not support resource-level permissions, you must specify them without conditions and the value of the resource element in the policy must be `"*"`. For example, the following IAM policy statement gives the principal permission to list and view all launch template versions in the account. ``` { "Sid": "IAMPolicyForDescribingLaunchTemplateVersions", "Effect": "Allow", "Action": "ec2:DescribeLaunchTemplateVersions", "Resource": "*" } ``` ## ec2:DeleteLaunchTemplate **Important** Use caution when giving principals permission to delete a resource. Deleting a launch template might cause a failure in an AWS resource that relies on the launch template. To delete a launch template, the principal must have the `ec2:DeleteLaunchTemplate` permission in an IAM policy. Whenever possible, use tag-based condition keys to limit the permissions. For example, the following IAM policy statement gives the principal permission to delete launch templates only if the template has the specified tag (*`purpose`*=*`testing`*). ``` { "Sid": "IAMPolicyForDeletingLaunchTemplates", "Action": "ec2:DeleteLaunchTemplate", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/purpose": "testing" } } } ``` Alternatively, you can use ARNs to identify the launch template that the IAM policy applies to. A launch template has the following ARN. ``` "Resource": "arn:aws:ec2:us-east-1:111122223333:launch-template/lt-09477bcd97b0d310e" ``` You can specify multiple ARNs by enclosing them in a list, or you can specify a `Resource` value of `"*"` without the `Condition` element to allow the principal to delete any launch template in the account. ## Control versioning permissions For trusted administrators, you can grant access for creating and deleting versions of a launch template, and for changing the default version of a launch template, by using IAM policies similar to the following examples. **Important** Be cautious when giving principals permission to create launch template versions or modify launch templates. When you create a launch template version, you affect any AWS resources that allow Amazon EC2 to launch instances on your behalf with the `Latest` version. When you modify a launch template, you can change which version is the `Default` and therefore affect any AWS resources that allow Amazon EC2 to launch instances on your behalf with this modified version. You also need to be cautious in how you handle AWS resources that interact with the `Latest` or `Default` launch template version, such as EC2 Fleet and Spot Fleet. When a different launch template version is used for `Latest` or `Default`, Amazon EC2 does not re-check user permissions for actions to be completed when launching new instances to fulfil the fleet’s target capacity because there is no user interaction with the AWS resource. By granting a user permission to call the `CreateLaunchTemplateVersion` and `ModifyLaunchTemplate` APIs, the user is effectively also granted the `iam:PassRole` permission if they point the fleet to a different launch template version that contains an instance profile (a container for an IAM role). It means that a user can potentially update a launch template to pass an IAM role to an instance even if they don’t have the `iam:PassRole` permission. You can manage this risk by being careful when granting permissions to who can create and manage launch template versions. ### ec2:CreateLaunchTemplateVersion To create a new version of a launch template, the principal must have the `ec2:CreateLaunchTemplateVersion` permission for the launch template in an IAM policy. For example, the following IAM policy statement gives the principal permission to create launch template versions only if the version uses the specified tag (*`environment`*=*`production`*). Alternatively, you can specify one or multiple launch template ARNs, or you can specify a `Resource` value of `"*"` without the `Condition` element to allow the principal to create versions of any launch template in the account. ``` { "Sid": "IAMPolicyForCreatingLaunchTemplateVersions", "Action": "ec2:CreateLaunchTemplateVersion", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/environment": "production" } } } ``` ### ec2:DeleteLaunchTemplateVersion **Important** As always, you should exercise caution when giving principals permission to delete a resource. Deleting a launch template version might cause a failure in an AWS resource that relies on the launch template version. To delete a launch template version, the principal must have the `ec2:DeleteLaunchTemplateVersion` permission for the launch template in an IAM policy. For example, the following IAM policy statement gives the principal permission to delete launch template versions only if the version uses the specified tag (*`environment`*=*`production`*). Alternatively, you can specify one or multiple launch template ARNs, or you can specify a `Resource` value of `"*"` without the `Condition` element to allow the principal to delete versions of any launch template in the account. ``` { "Sid": "IAMPolicyForDeletingLaunchTemplateVersions", "Action": "ec2:DeleteLaunchTemplateVersion", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/environment": "production" } } } ``` ### ec2:ModifyLaunchTemplate To change the `Default` version that is associated with a launch template, the principal must have the `ec2:ModifyLaunchTemplate` permission for the launch template in an IAM policy. For example, the following IAM policy statement gives the principal permission to modify launch templates only if the launch template uses the specified tag (*`environment`*=*`production`*). Alternatively, you can specify one or multiple launch template ARNs, or you can specify a `Resource` value of `"*"` without the `Condition` element to allow the principal to modify any launch template in the account. ``` { "Sid": "IAMPolicyForModifyingLaunchTemplates", "Action": "ec2:ModifyLaunchTemplate", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/environment": "production" } } } ``` ## Control access to tags on launch templates You can use condition keys to limit tagging permissions when the resource is a launch template. For example, the following IAM policy allows removing only the tag with the `temporary` key from launch templates in the specified account and Region. ``` { "Sid": "IAMPolicyForDeletingTagsOnLaunchTemplates", "Action": "ec2:DeleteTags", "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1:111122223333:launch-template/*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": ["temporary"] } } } ``` For more information about conditions keys that you can use to control the tag keys and values that can be applied to Amazon EC2 resources, see [Control access to specific tags](supported-iam-actions-tagging.md#control-tagging). # Use Amazon EC2 launch templates to control launching Amazon EC2 instances Control launching instances You can control the configuration of your Amazon EC2 instances by specifying that users can only launch instances if they use a launch template, and that they can only use a specific launch template. You can also control who can create, modify, describe, and delete launch templates and launch template versions. ## Use launch templates to control launch parameters A launch template can contain all or some of the parameters to configure an instance at launch. However, when you launch an instance using a launch template, you can override parameters that are specified in the launch template. Or, you can specify additional parameters that are not in the launch template. **Note** You can't remove launch template parameters during launch (for example, you can't specify a null value for the parameter). To remove a parameter, create a new version of the launch template without the parameter and use that version to launch the instance. To launch instances, users must have permission to use the `ec2:RunInstances` action. Users must also have permissions to create or use the resources that are created or associated with the instance. You can use resource-level permissions for the `ec2:RunInstances` action to control the launch parameters that users can specify. Alternatively, you can grant users permissions to launch an instance using a launch template. This enables you to manage launch parameters in a launch template rather than in an IAM policy, and to use a launch template as an authorization vehicle for launching instances. For example, you can specify that users can only launch instances using a launch template, and that they can only use a specific launch template. You can also control the launch parameters that users can override in the launch template. For example policies, see [Launch templates](ExamplePolicies_EC2.md#iam-example-runinstances-launch-templates). ## Control the use of launch templates By default, users do not have permissions to work with launch templates. You can create a policy that grants users permissions to create, modify, describe, and delete launch templates and launch template versions. You can also apply resource-level permissions to some launch template actions to control a user's ability to use specific resources for those actions. For more information, see the following example policies: [Example: Work with launch templates](ExamplePolicies_EC2.md#iam-example-launch-templates). Take care when granting users permissions to use the `ec2:CreateLaunchTemplate` and `ec2:CreateLaunchTemplateVersion` actions. You can't use resource-level permissions to control which resources users can specify in the launch template. To restrict the resources that are used to launch an instance, ensure that you grant permissions to create launch templates and launch template versions only to appropriate administrators. ## Important security concerns when using launch templates with EC2 Fleet or Spot Fleet To use launch templates, you must grant your users permissions to create, modify, describe, and delete launch templates and launch template versions. You can control who can create launch templates and launch template versions by controlling access to the `ec2:CreateLaunchTemplate` and `ec2:CreateLaunchTemplateVersion` actions. You can also control who can modify launch templates by controlling access to the `ec2:ModifyLaunchTemplate` action. **Important** If an EC2 Fleet or Spot Fleet is configured to use the Latest or Default launch template version, the fleet is not aware if Latest or Default are later changed to point to a different launch template version. When a different launch template version is used for Latest or Default, Amazon EC2 does not re-check permissions for actions to be completed when launching new instances to fulfil the fleet’s target capacity. This is an important consideration when granting permissions to who can create and manage launch template versions, particularly the `ec2:ModifyLaunchTemplate` action that allows a user to change the Default launch template version. By granting a user permission to use the EC2 actions for the launch template APIs, the user is effectively also granted the `iam:PassRole` permission if they create or update an EC2 Fleet or Spot Fleet to point to a different launch template version that contains an instance profile (a container for an IAM role). It means that a user can potentially update a launch template to pass an IAM role to an instance even if they don’t have the `iam:PassRole` permission. For more information and an example IAM policy, see [Using an IAM role to grant permissions to applications running on Amazon EC2 instances](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) in the *IAM User Guide*. For more information, see [Control the use of launch templates](#launch-template-permissions) and [Example: Work with launch templates](ExamplePolicies_EC2.md#iam-example-launch-templates). # Create an Amazon EC2 launch template Create You can create an Amazon EC2 launch template by specifying your own values for the instance configuration parameters, or by getting the values from an existing launch template or Amazon EC2 instance. You don't need to specify a value for every parameter in the launch template; you need only specify one instance configuration parameter to create a launch template. To indicate parameters that you choose not to specify, select **Don't include in launch template** when using the console. When using a command line tool, don't include the parameters to indicate that you're choosing not to specify them in the launch template. If you want to specify an AMI in the launch template, you can either select an AMI, or specify a Systems Manager parameter that will point to an AMI on instance launch. When an instance is launched with a launch template, the values that are specified in the launch template are used to configure the corresponding instance parameters. If a value isn't specified in the launch template, then the default value for the corresponding instance parameter is used. **Topics** + [ ## Create a launch template by specifying parameters ](#create-launch-template-define-parameters) + [ ## Create a launch template from an existing launch template ](#create-launch-template-from-existing-launch-template) + [ ## Create a launch template from an instance ](#create-launch-template-from-instance) + [ ## Use a Systems Manager parameter instead of an AMI ID ](#use-an-ssm-parameter-instead-of-an-ami-id) ## Create a launch template by specifying parameters To create a launch template, you must specify the launch template name and at least one instance configuration parameter. For a description of each parameter, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). ------ #### [ Console ] **To create a launch template** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**, and then choose **Create launch template**. 1. Under **Launch template name and description**, do the following: 1. For **Launch template name**, enter a descriptive name for the launch template. 1. For **Template version description**, provide a brief description of this version of the launch template. 1. To [tag](Using_Tags.md) the launch template on creation, expand **Template tags**, choose **Add new tag**, and then enter a tag key and value pair. Choose **Add new tag** again for each additional tag to add. **Note** To tag the resources that are created when an instance is launched, you must specify the tags under **Resource tags**. For more information, see Step 9 in this procedure. 1. Under **Application and OS Images (Amazon Machine Image)**, you can either keep **Don't include in launch template** selected, or choose the operating system (OS) for the instance, and then choose an AMI. Alternatively, you can specify a Systems Manager parameter instead of specifying an AMI. For more information, see [Use a Systems Manager parameter instead of an AMI ID](#use-an-ssm-parameter-instead-of-an-ami-id). An AMI is a template that contains the operating system and software required to launch an instance. 1. Under **Instance type**, you can either keep **Don't include in launch template** selected, or select an instance type, or specify instance attributes and let Amazon EC2 identify the instance types with those attributes. **Note** Specifying instance attributes is supported only when the launch template is used by Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. For more information, see [Create mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) and [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](ec2-fleet-attribute-based-instance-type-selection.md). If you plan to use the launch template in the [launch instance wizard](ec2-launch-instance-wizard.md) or with the [RunInstances API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html), you can't specify instance type attributes. The instance type determines the hardware configuration (CPU, memory, storage, and networking capacity) and size of the host computer used for an instance. If you're not sure which instance type to choose, you can do the following: + Choose **Compare instance types** to compare different instance types by the following attributes: number of vCPUs, architecture, amount of memory (GiB), amount of storage (GB), storage type, and network performance. + Choose **Get advice** to get guidance and suggestions for instance types from the EC2 instance type finder. For more information, see [Get recommendations from EC2 instance type finder](get-ec2-instance-type-recommendations.md). **Note** Depending on when you created your account, you might be eligible to use Amazon EC2 under the Free Tier. If your created your AWS account before July 15, 2025 and it's less than 12 months old, you can use Amazon EC2 under the Free Tier by selecting the **t2.micro** instance type, or the **t3.micro** instance type in Regions where **t2.micro** is unavailable. Be aware that when you launch a **t3.micro** instance, it defaults to [**Unlimited** mode](burstable-performance-instances-unlimited-mode.md), which might incur additional charges based on CPU usage. If an instance type can be used under the Free Tier, it is labeled **Free tier eligible**. If you created your AWS account on or after July 15, 2025, you can use **t3.micro**, **t3.small**, **t4g.micro**, **t4g.small**, **c7i-flex.large**, and **m7i-flex.large** instance types for 6 months or until your credits are used up. For more information, see [Free Tier benefits before and after July 15, 2025](ec2-free-tier-usage.md#ec2-free-tier-comparison). 1. Under **Key pair (login)**, for **Key pair name**, either keep **Don't include in launch template** selected, or choose an existing key pair, or create a new one. 1. Under **Network settings**, you can either keep **Dont include in launch template** selected, or you can specify values for the various network settings. 1. Under **Configure storage**, if you specified an AMI in the launch template, the AMI includes one or more volumes of storage, including the root volume (**Volume 1 (AMI Root)**. You can optionally specify additional volumes to attach to the instance. To add a new volume, choose **Add new volume**. 1. Under **Resource tags**, to [tag](Using_Tags.md) the resources that are created when an instance is launched, choose **Add tag**, and then enter a tag key and value pair. For **Resource types**, specify the resources to tag on creation. You can specify the same tag for all the resources, or specify different tags for different resources. Choose **Add tag** again for each additional tag to add. You can specify tags for the following resources that are created when a launch template is used: + Instances + Volumes + Elastic graphics + Spot Instance requests + Network interfaces **Note** To tag the launch template itself, you must specify the tags under **Template tags**. For more information, see Step 3 in this procedure. 1. For **Advanced details**, expand the section to view the fields and optionally specify any additional parameters for your instance. 1. Use the **Summary** panel to review your launch template configuration. You can navigate to any section by choosing its link and then make any necessary changes. 1. When you're ready to create your launch template, choose **Create launch template**. ------ #### [ AWS CLI ] **To create a launch template** Use the [create-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html) command. ``` aws ec2 create-launch-template \ --launch-template-name TemplateForWebServer \ --version-description WebVersion1 \ --tag-specifications 'ResourceType=launch-template,Tags=[{Key=purpose,Value=production}]' \ --launch-template-data file://template-data.json ``` The following is example JSON that specifies the launch template data for the instance configuration. Save the JSON to a file and include it in the `--launch-template-data` parameter as shown in the example command. ``` { "NetworkInterfaces": [{ "AssociatePublicIpAddress": true, "DeviceIndex": 0, "Ipv6AddressCount": 1, "SubnetId": "subnet-0abcdef1234567890" }], "ImageId": "ami-0abcdef1234567890", "InstanceType": "r5.4xlarge", "TagSpecifications": [{ "ResourceType": "instance", "Tags": [{ "Key":"Name", "Value":"webserver" }] }], "CpuOptions": { "CoreCount":4, "ThreadsPerCore":2 } } ``` The following is example output. ``` { "LaunchTemplate": { "LatestVersionNumber": 1, "LaunchTemplateId": "lt-01238c059e3466abc", "LaunchTemplateName": "TemplateForWebServer", "DefaultVersionNumber": 1, "CreatedBy": "arn:aws:iam::123456789012:root", "CreateTime": "2017-11-27T09:13:24.000Z" } } ``` ------ #### [ PowerShell ] **To create a launch template** Use the [New-EC2LaunchTemplate](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2LaunchTemplate.html) cmdlet. ``` $launchTemplateData = [Amazon.EC2.Model.RequestLaunchTemplateData]@{ ImageId = 'ami-0abcdef1234567890' InstanceType = 'r5.4xlarge' NetworkInterfaces = @( [Amazon.EC2.Model.LaunchTemplateInstanceNetworkInterfaceSpecificationRequest]@{ AssociatePublicIpAddress = $true DeviceIndex = 0 Ipv6AddressCount = 1 SubnetId = 'subnet-0abcdef1234567890' } ) TagSpecifications = @( [Amazon.EC2.Model.LaunchTemplateTagSpecificationRequest]@{ ResourceType = 'instance' Tags = [Amazon.EC2.Model.Tag]@{ Key = 'Name' Value = 'webserver' } } ) CpuOptions = [Amazon.EC2.Model.LaunchTemplateCpuOptionsRequest]@{ CoreCount = 4 ThreadsPerCore = 2 } } $tagSpecificationData = [Amazon.EC2.Model.TagSpecification]@{ ResourceType = 'launch-template' Tags = [Amazon.EC2.Model.Tag]@{ Key = 'purpose' Value = 'production' } } New-EC2LaunchTemplate -LaunchTemplateName 'TemplateForWebServer' ` -VersionDescription 'WebVersion1' ` -LaunchTemplateData $launchTemplateData ` -TagSpecification $tagSpecificationData ``` The following is example output. ``` CreatedBy : arn:aws:iam::123456789012:root CreateTime : 9/19/2023 16:57:55 DefaultVersionNumber : 1 LatestVersionNumber : 1 LaunchTemplateId : lt-01238c059eEXAMPLE LaunchTemplateName : TemplateForWebServer Tags : {purpose} ``` ------ ## Create a launch template from an existing launch template You can clone an existing launch template and then adjust the parameters to create a new launch template. However, you can only do this when using the Amazon EC2 console. The AWS CLI does not support cloning a template. For a description of each parameter, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). ------ #### [ Console ] **To create a launch template from an existing launch template** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**, and then choose **Create launch template**. 1. For **Launch template name**, enter a descriptive name for the launch template. 1. For **Template version description**, provide a brief description of this version of the launch template. 1. To tag the launch template on creation, expand **Template tags**, choose **Add new tag**, and then enter a tag key and value pair. 1. Expand **Source template**, and for **Launch template name** choose a launch template on which to base the new launch template. 1. For **Source template version**, choose the launch template version on which to base the new launch template. 1. Adjust any launch parameters as required, and then choose **Create launch template**. ------ ## Create a launch template from an instance You can clone the parameters of an existing Amazon EC2 instance and then adjust the parameters to create a launch template. For a description of each parameter, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). ------ #### [ Console ] **To create a launch template from an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance, and choose **Actions**, **Image and templates**, **Create template from instance**. 1. Provide a name, description, and tags, and adjust the launch parameters as required. **Note** When you create a launch template from an instance, the instance's network interface IDs and IP addresses are not included in the template. 1. Choose **Create launch template**. ------ #### [ AWS CLI ] You can use the AWS CLI to create a launch template from an existing instance by first getting the launch template data from an instance, and then creating a launch template using the launch template data. **To get launch template data from an instance** + Use the [get-launch-template-data](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-launch-template-data.html) command and specify the instance ID. You can use the output as a base to create a new launch template or launch template version. By default, the output includes a top-level `LaunchTemplateData` object, which cannot be specified in your launch template data. Use the `--query` option to exclude this object. ``` aws ec2 get-launch-template-data \ --instance-id i-0123d646e8048babc \ --query "LaunchTemplateData" ``` The following is example output. ``` { "Monitoring": {}, "ImageId": "ami-8c1be5f6", "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "DeleteOnTermination": true } } ], "EbsOptimized": false, "Placement": { "Tenancy": "default", "GroupName": "", "AvailabilityZone": "us-east-1a" }, "InstanceType": "t2.micro", "NetworkInterfaces": [ { "Description": "", "NetworkInterfaceId": "eni-35306abc", "PrivateIpAddresses": [ { "Primary": true, "PrivateIpAddress": "10.0.0.72" } ], "SubnetId": "subnet-7b16de0c", "Groups": [ "sg-7c227019" ], "Ipv6Addresses": [ { "Ipv6Address": "2001:db8:1234:1a00::123" } ], "PrivateIpAddress": "10.0.0.72" } ] } ``` You can write the output directly to a file, for example: ``` aws ec2 get-launch-template-data \ --instance-id i-0123d646e8048babc \ --query "LaunchTemplateData" >> instance-data.json ``` **To create a launch template using launch template data** + Use the [create-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html) command to create a launch template using the output from the previous procedure. For more information about creating a launch template using the AWS CLI, see [Create a launch template by specifying parameters](#create-launch-template-define-parameters). ------ ## Use a Systems Manager parameter instead of an AMI ID Instead of specifying an AMI ID in your launch templates, you can specify an AWS Systems Manager parameter. If the AMI ID changes, you can update the AMI ID in one place by updating the Systems Manager parameter in the Systems Manager Parameter Store. Parameters can also be [shared](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html) with other AWS accounts. You can centrally store and manage AMI parameters in one account and share them with every other account that needs to reference them. By using a Systems Manager parameter, all your launch templates can be updated in a single action. A Systems Manager parameter is a user-defined key-value pair that you create in the [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html). The Parameter Store provides a central place to store your application configuration values. In the following diagram, the `golden-ami` parameter is first mapped to the original AMI `ami-aabbccddeeffgghhi` in the Parameter Store. In the launch template, the value for the AMI ID is `golden-ami`. When an instance is launched using this launch template, the AMI ID resolves to `ami-aabbccddeeffgghhi`. Later, the AMI is updated resulting in a new AMI ID. In the Parameter Store, the `golden-ami` parameter is mapped to the new `ami-00112233445566778`. *The launch template remains unchanged.* When an instance is launched using this launch template, the AMI ID resolves to the new `ami-00112233445566778`. ![\[Using Systems Manager parameters in the Parameter Store to update a launch template.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/launch-template-ami-alias.png) ### Systems Manager parameter format for AMI IDs Launch templates require that user-defined Systems Manager parameters adhere to the following format when used in place of an AMI ID: + Parameter type: `String` + Parameter data type: `aws:ec2:image` – This ensures that Parameter Store validates that the value you enter is in the proper format for an AMI ID. For more information about creating a valid parameter for an AMI ID, see [Creating Systems Manager parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html) in the *AWS Systems Manager User Guide*. ### Systems Manager parameter format in launch templates To use a Systems Manager parameter in place of an AMI ID in a launch template, you must use one of the following formats when specifying the parameter in the launch template: To reference a public parameter: + `resolve:ssm:public-parameter` To reference a parameter stored in the same account: + `resolve:ssm:parameter-name` + `resolve:ssm:parameter-name:version-number` – The version number itself is a default label + `resolve:ssm:parameter-name:label` To reference a parameter shared from another AWS account: + `resolve:ssm:parameter-ARN` + `resolve:ssm:parameter-ARN:version-number` + `resolve:ssm:parameter-ARN:label` **Parameter versions** Systems Manager parameters are versioned resources. When you update a parameter, you create new, successive versions of the parameter. Systems Manager supports [parameter labels](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-labels.html) that you can map to specific versions of a parameter. For example, the `golden-ami` parameter can have three versions: `1`, `2`, and `3`. You can create a parameter label `beta` that maps to version `2`, and a parameter label `prod` that maps to version `3`. In a launch template, you can specify version 3 of the `golden-ami` parameter by using either of the following formats: + `resolve:ssm:golden-ami:3` + `resolve:ssm:golden-ami:prod` Specifying the version or label is optional. If a version or label is not specified, the latest version of the parameter is used. ### Specify a Systems Manager parameter in a launch template You can specify a Systems Manager parameter in a launch template instead of an AMI ID when you create a launch template or a new version of a launch template. ------ #### [ Console ] **To specify a Systems Manager parameter in a launch template** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**, and then choose **Create launch template**. 1. For **Launch template name**, enter a descriptive name for the launch template. 1. Under **Application and OS Images (Amazon Machine Image)**, choose **Browse more AMIs**. 1. Choose the arrow button to the right of the search bar, and then choose **Specify custom value/Systems Manager parameter**. 1. In the **Specify custom value or Systems Manager parameter** dialog box, do the following: 1. For **AMI ID or Systems Manager parameter string**, enter the Systems Manager parameter name using one of the following formats: To reference a public parameter: + **resolve:ssm:*public-parameter*** To reference a parameter stored in the same account: + **resolve:ssm:*parameter-name*** + **resolve:ssm:*parameter-name*:*version-number*** + **resolve:ssm:*parameter-name*:*label*** To reference a parameter shared from another AWS account: + **resolve:ssm:*parameter-ARN*** + **resolve:ssm:*parameter-ARN*:*version-number*** + **resolve:ssm:*parameter-ARN*:*label*** 1. Choose **Save**. 1. Specify any other launch template parameters as needed, and then choose **Create launch template**. For more information, see [Create a launch template by specifying parameters](#create-launch-template-define-parameters). ------ #### [ AWS CLI ] **To specify a Systems Manager parameter in a launch template** + Use the [create-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html) command to create the launch template. To specify the AMI to use, enter the Systems Manager parameter name using one of the following formats: To reference a public parameter: + **resolve:ssm:*public-parameter*** To reference a parameter stored in the same account: + **resolve:ssm:*parameter-name*** + **resolve:ssm:*parameter-name*:*version-number*** + **resolve:ssm:*parameter-name*:*label*** To reference a parameter shared from another AWS account: + **resolve:ssm:*parameter-ARN*** + **resolve:ssm:*parameter-ARN*:*version-number*** + **resolve:ssm:*parameter-ARN*:*label*** The following example creates a launch template that specifies the following: + A name for the launch template (`TemplateForWebServer`) + A tag for the launch template (`purpose`=`production`) + The data for the instance configuration, specified in a JSON file: + The AMI to use (`resolve:ssm:golden-ami`) + The instance type to launch (`m5.4xlarge`) + A tag for the instance (`Name`=`webserver`) ``` aws ec2 create-launch-template \ --launch-template-name TemplateForWebServer \ --tag-specifications 'ResourceType=launch-template,Tags=[{Key=purpose,Value=production}]' \ --launch-template-data file://template-data.json ``` The following is an example JSON file that contains the launch template data for the instance configuration. The value for `ImageId` is the Systems Manager parameter name, entered in the required format `resolve:ssm:golden-ami`. ``` {"LaunchTemplateData": { "ImageId": "resolve:ssm:golden-ami", "InstanceType": "m5.4xlarge", "TagSpecifications": [{ "ResourceType": "instance", "Tags": [{ "Key":"Name", "Value":"webserver" }] }] } } ``` ------ ### Verify that a launch template gets the correct AMI ID **To resolve the Systems Manager parameter to the actual AMI ID** Use the [describe-launch-template-versions](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-launch-template-versions.html) command and include the `--resolve-alias` parameter. ``` aws ec2 describe-launch-template-versions \ --launch-template-name my-launch-template \ --versions $Default \ --resolve-alias ``` The response includes the AMI ID for `ImageId`. In this example, when an instance is launched using this launch template, the AMI ID resolves to `ami-0ac394d6a3example`. ``` { "LaunchTemplateVersions": [ { "LaunchTemplateId": "lt-089c023a30example", "LaunchTemplateName": "my-launch-template", "VersionNumber": 1, "CreateTime": "2022-12-28T19:52:27.000Z", "CreatedBy": "arn:aws:iam::123456789012:user/Bob", "DefaultVersion": true, "LaunchTemplateData": { "ImageId": "ami-0ac394d6a3example", "InstanceType": "t3.micro", } } ] } ``` ### Related resources For more information about working with Systems Manager parameters, see the following reference materials in the Systems Manager documentation. + For information about how to look up the AMI public parameters supported by Amazon EC2, see [Calling AMI public parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html). + For information about sharing parameters with other AWS accounts or through AWS Organizations, see [Working with shared parameters](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html). + For information about monitoring whether your parameters are created successfully, see [Native parameter support for Amazon Machine Image IDs](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html). ### Limitations + Only EC2 Fleets of type `instant` support using a launch template that has a Systems Manager parameter specified in place of an AMI ID. + EC2 Fleets of type `maintain` and `request`, and Spot Fleets do not support using a launch template that has a Systems Manager parameter specified in place of an AMI ID. For EC2 Fleets of type `maintain` and `request`, and for Spot Fleets, if you specify an AMI in the launch template, you must specify the AMI ID. + If you use [attribute-based instance selection](ec2-fleet-attribute-based-instance-type-selection.md) in your EC2 Fleet, you can't specify a Systems Manager parameter in place of an AMI ID. When using attribute-based instance selection, you must specify the AMI ID. + Amazon EC2 Auto Scaling provides other restrictions. For more information, see [Use AWS Systems Manager parameters instead of AMI IDs in launch templates](https://docs.aws.amazon.com/autoscaling/ec2/userguide/using-systems-manager-parameters.html) in the *Amazon EC2 Auto Scaling User Guide*. # Modify a launch template (manage launch template versions) Modify (manage versions) Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes any changes you require. You can create different versions of a launch template, set the default version, describe a launch template version, and [delete versions](delete-launch-template.md#delete-launch-template-version) you no longer need. **Topics** + [ ## Create a launch template version ](#create-launch-template-version) + [ ## Set the default launch template version ](#set-default-launch-template-version) + [ ## Describe a launch template version ](#describe-launch-template-version) ## Create a launch template version When you create a launch template version, you can specify new launch parameters or use an existing version as the base for the new version. For a description of each parameter, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). ------ #### [ Console ] **To create a launch template version** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**. 1. Select a launch template, and then choose **Actions**, **Modify template (Create new version)**. 1. For **Template version description**, enter a description for this version of the launch template. 1. (Optional) Expand **Source template** and select a version of the launch template to use as a base for the new launch template version. The new launch template version inherits the launch parameters from this launch template version. 1. Modify the launch parameters as required. 1. Choose **Create launch template**. ------ #### [ AWS CLI ] **To create a launch template version** Use the [create-launch-template-version](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template-version.html) command. You can specify a source version on which to base the new version. The new version inherits the launch parameters from this version, and you can override parameters using `--launch-template-data`. The following example creates a new version based on version 1 of the launch template and specifies a different AMI ID. ``` aws ec2 create-launch-template-version \ --launch-template-id lt-0abcd290751193123 \ --version-description WebVersion2 \ --source-version 1 \ --launch-template-data "ImageId=ami-0abcdef1234567890" ``` ------ #### [ PowerShell ] **To create a launch template version** Use the [New-EC2LaunchTemplateVersion](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2LaunchTemplateVersion.html) Cmdlet. You can specify a source version on which to base the new version. The new version inherits the launch parameters from this version, and you can override parameters using `LaunchTemplateData`. The following example creates a new version based on version 1 of the launch template and specifies a different AMI ID. ``` New-EC2LaunchTemplateVersion ` -LaunchTemplateId lt-0abcd290751193123 ` -VersionDescription WebVersion2 ` -SourceVersion 1 ` -LaunchTemplateData ( New-Object ` -TypeName Amazon.EC2.Model.RequestLaunchTemplateData ` -Property @{ImageId = 'ami-0abcdef1234567890'} ) ``` ------ ## Set the default launch template version You can set the default version for the launch template. When you launch an instance from a launch template and do not specify a version, the instance is launched using the parameters of the default version. ------ #### [ Console ] **To set the default launch template version** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**. 1. Select the launch template and choose **Actions**, **Set default version**. 1. For **Template version**, select the version number to set as the default version and choose **Set as default version**. ------ #### [ AWS CLI ] **To set the default launch template version** Use the [modify-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-launch-template.html) command. ``` aws ec2 modify-launch-template \ --launch-template-id lt-0abcd290751193123 \ --default-version 2 ``` ------ #### [ PowerShell ] **To set the default launch template version** Use the [Edit-EC2LaunchTemplate](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2LaunchTemplate.html) cmdlet. ``` Edit-EC2LaunchTemplate ` -LaunchTemplateId lt-0abcd290751193123 ` -DefaultVersion 2 ``` ------ ## Describe a launch template version Using the console, you can view all the versions of the selected launch template, or get a list of the launch templates whose latest or default version matches a specific version number. Using the AWS CLI, you can describe all versions, individual versions, or a range of versions of a specified launch template. You can also describe all the latest versions or all the default versions of all the launch templates in your account. ------ #### [ Console ] **To describe a launch template version** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**. 1. You can view a version of a specific launch template, or get a list of the launch templates whose latest or default version matches a specific version number. + To view a version of a launch template: Select the launch template. On the **Versions** tab, from **Version**, select a version to view its details. + To get a list of all the launch templates whose latest version matches a specific version number: From the search bar, choose **Latest version**, and then choose a version number. + To get a list of all the launch templates whose default version matches a specific version number: From the search bar, choose **Default version**, and then choose a version number. ------ #### [ AWS CLI ] **To describe a launch template version** Use the [describe-launch-template-versions](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-launch-template-versions.html) command and specify the version numbers. In the following example, versions `1` and *`3`* are specified. ``` aws ec2 describe-launch-template-versions \ --launch-template-id lt-0abcd290751193123 \ --versions 1 3 ``` **To describe the latest and default launch template versions in your account** Use the [describe-launch-template-versions](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-launch-template-versions.html) command and specify `$Latest`, `$Default`, or both. You must omit the launch template ID and name in the call. You can't specify version numbers. ``` aws ec2 describe-launch-template-versions \ --versions "$Latest,$Default" ``` ------ #### [ PowerShell ] **To describe a launch template version** Use the [Get-EC2TemplateVersion](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2TemplateVersion.html) Cmdlet and specify the version numbers. In the following example, versions `1` and *`3`* are specified. ``` Get-EC2TemplateVersion ` -LaunchTemplateId lt-0abcd290751193123 ` -Version 1,3 ``` **To describe the latest and default launch template versions in your account** Use the [Get-EC2TemplateVersion](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2TemplateVersion.html) Cmdlet and specify `$Latest`, `$Default`, or both. You must omit the launch template ID and name in the call. You can't specify version numbers. ``` Get-EC2TemplateVersion ` -Version '$Latest','$Default' ``` ------ # Delete a launch template or a launch template version Delete If you no longer require a launch template, you can delete it. Deleting a launch template deletes all of its versions. If you only want to delete a specific version of a launch template, you can do so while retaining the other versions of the launch template. Deleting a launch template or launch template version doesn't affect any instances that you've launched from the launch template. ## Delete a launch template and all of its versions If you no longer require a launch template, including all of its versions, you can delete the launch template. Deleting a launch template deletes all of its versions. ------ #### [ Console ] **To delete a launch template and all its versions** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**. 1. Select the launch template and choose **Actions**, **Delete template**. 1. Enter **Delete** to confirm deletion, and then choose **Delete**. ------ #### [ AWS CLI ] **To delete a launch template and all its versions** Use the [delete-launch-template](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-launch-template.html) command and specify the launch template. ``` aws ec2 delete-launch-template --launch-template-id lt-01238c059e3466abc ``` ------ #### [ PowerShell ] **To delete a launch template and all its versions** Use the [Remove-EC2LaunchTemplate](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2LaunchTemplate.html) (AWS Tools for PowerShell) command and specify the launch template. If `-Force` is omitted, PowerShell prompts for a confirmation. ``` Remove-EC2LaunchTemplate -LaunchTemplateId lt-0123456789example -Force ``` ------ ## Delete a launch template version If you no longer require a launch template version, you can delete it. **Considerations** + You can't replace the version number after you delete it. + You can't delete the default version of the launch template; you must first assign a different version as the default. If the default version is the only version for the launch template, you must [delete the entire launch template](#delete-launch-template). + When using the console, you can delete one launch template version at a time. When using the AWS CLI, you can delete up to 200 launch template versions in a single request. To delete more than 200 versions in a single request, you can [delete the launch template](#delete-launch-template), which also deletes all of its versions. ------ #### [ Console ] **To delete a launch template version** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Launch Templates**. 1. Select the launch template and choose **Actions**, **Delete template version**. 1. Select the version to delete and choose **Delete**. ------ #### [ AWS CLI ] **To delete a launch template version** Use the [delete-launch-template-versions](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-launch-template-versions.html) command and specify the version numbers to delete. You can specify up to 200 launch template versions to delete in a single request. ``` aws ec2 delete-launch-template-versions \ --launch-template-id lt-0abcd290751193123 \ --versions 1 ``` ------ #### [ PowerShell ] **To delete a launch template version** Use the [Remove-EC2TemplateVersion](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2TemplateVersion.html) cmdlet and specify the version numbers to delete. You can specify up to 200 launch template versions to delete in a single request. ``` Remove-EC2TemplateVersion ` -LaunchTemplateId lt-0abcd290751193123 ` -Version 1 ``` ------ # Launch an Amazon EC2 instance Launch an instance An instance is a virtual server in the AWS Cloud. You launch an instance from an Amazon Machine Image (AMI). The AMI provides the operating system, application server, and applications for your instance. When you create your AWS account, you can get started with Amazon EC2 for free using the [AWS Free Tier](https://aws.amazon.com/free/). Your Free Tier benefits depend on when you created your AWS account. If your created your AWS account before July 15, 2025 and it's less than 12 months old, you can use the Free Tier to launch and use a `t2.micro` instance for free (in Regions where `t2.micro` is unavailable, you can use a `t3.micro` instance under the Free Tier). You incur charges for your instance or usage that counts against your Free Tier limits while the instance is running, even if it remains idle. For more information, see [Amazon EC2 pricing](https://aws.amazon.com/ec2/pricing/). If you created your AWS account on or after July 15, 2025, you can use `t3.micro`, `t3.small`, `t4g.micro`, `t4g.small`, `c7i-flex.large`, and `m7i-flex.large` instance types for 6 months or until your credits are used up. For more information, see [Free Tier benefits before and after July 15, 2025](ec2-free-tier-usage.md#ec2-free-tier-comparison). When you launch your instance, you can launch your instance in a subnet that is associated with one of the following resources: + An Availability Zone – This option is the default. + A Local Zone – To launch an instance in a Local Zone, you must opt in to the Local Zone, and then create a subnet in the zone. For more information, see [Get started with Local Zones](https://docs.aws.amazon.com/local-zones/latest/ug/getting-started.html). + A Wavelength Zone – To launch an instance in a Wavelength Zone, you must opt in to the Wavelength Zone, and then create a subnet in the zone. For information about how to launch an instance in a Wavelength Zone, see [Get started with AWS Wavelength](https://docs.aws.amazon.com/wavelength/latest/developerguide/get-started-wavelength.html). + An Outpost – To launch an instance in an Outpost, you must create an Outpost. For information about how to create an Outpost, see [Get started with AWS Outposts](https://docs.aws.amazon.com/outposts/latest/userguide/get-started-outposts.html). After you launch your instance, you can connect to it and use it. To begin, the instance state is `pending`. When the instance state is `running`, the instance has started booting. There might be a short time before you can connect to the instance. Note that bare metal instance types might take longer to launch. Depending on how you plan to connect to your instance, you might want to make certain configurations while launching your instance. These configurations could include specifying inbound security group rules for certain traffic or associating an instance profile role. For more information on the connection methods you can use to connect and their requirements, see [Connect to your EC2 instance](connect.md). The instance receives a public DNS name that you can use to contact the instance from the internet. The instance also receives a private DNS name that other instances within the same VPC can use to contact the instance. When you're finished with an instance, to avoid incurring unnecessary costs, be sure to terminate it. For more information, see [Terminate Amazon EC2 instances](terminating-instances.md). If you need to launch a large number of instances, use multiple instance types, or use multiple purchasing options such as On-Demand Instance, Reserved Instance, and Spot Instance, consider using EC2 Fleet. For more information, see [EC2 Fleet and Spot Fleet](Fleets.md). If you want to automate the lifecycle of your instances, including automatic scaling, health checks, and replacement of unhealthy instances, consider using [Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html). The following methods are some of the ways that you can launch an instance. | Method | Tool | Documentation | | --- | --- | --- | | Use the launch instance wizard to specify the launch parameters. | Amazon EC2 console | [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md) | | Create a launch template and launch the instance from the launch template. | Amazon EC2 console | [Launch EC2 instances using a launch template](launch-instances-from-launch-template.md) | | Use an existing instance as the base. | Amazon EC2 console | [Launch an EC2 instance using details from an existing instance](launch-more-like-this.md) | | Use an AMI that you purchased from the AWS Marketplace. | Amazon EC2 console | [Launch an Amazon EC2 instance from an AWS Marketplace AMI](launch-marketplace-console.md) | | Use an AMI that you specify. | AWS CLI | [Launching, listing, and deleting Amazon EC2 instances in the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2-instances.html) | | Use an AMI that you specify. | AWS Tools for Windows PowerShell | [Launch an Amazon EC2 Instance Using Windows PowerShell](https://docs.aws.amazon.com/powershell/latest/userguide/pstools-ec2-launch.html) | | Use EC2 Fleet to provision capacity across different EC2 instance types and Availability Zones, and across On-Demand Instance, Reserved Instance, and Spot Instance purchasing options. | AWS CLI | [EC2 Fleet and Spot Fleet](Fleets.md) | | Use a CloudFormation template to specify an instance. | AWS CloudFormation | [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html) in the *AWS CloudFormation User Guide* | | Use a language-specific AWS SDK to launch an instance. | AWS SDK | [AWS SDK for .NET](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/RunInstances) [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/ec2-2016-11-15/RunInstances) [AWS SDK for Go](https://docs.aws.amazon.com/goto/SdkForGoV1/ec2-2016-11-15/RunInstances) [AWS SDK for Java](https://docs.aws.amazon.com/goto/SdkForJava/ec2-2016-11-15/RunInstances) [AWS SDK for JavaScript](https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/ec2-2016-11-15/RunInstances) [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/ec2-2016-11-15/RunInstances) [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/ec2-2016-11-15/RunInstances) [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/ec2-2016-11-15/RunInstances) | # Tutorials for launching EC2 instances Tutorials There are different ways to launch and configure an Amazon EC2 instance. The method and configuration you use depends on your specific use case. The following tutorials can help you learn how to launch EC2 instances. If you're new to Amazon EC2, we recommend that you start with the first tutorial. The tutorials start by introducing you to the basics, and help you build on the basics by introducing more configuration options. | Objective | Link to tutorial | | --- | --- | | **Launch my very first EC2 instance** Learn how to quickly launch an Amazon EC2 instance by using the default settings in the Amazon EC2 launch instance wizard. Also learn how to review the instance configuration fields and terminate the instance. Duration: 10 minutes | [Tutorial 1: Launch my very first Amazon EC2 instance](tutorial-launch-my-first-ec2-instance.md) | | **Launch a test EC2 instance and connect to it** Learn how to launch an Amazon EC2 instance that you can use for testing purposes. This instance will have no advanced configuration and won't store sensitive information. You will also learn about the essential instance configuration settings, how to connect to the instance, and how to stop it. Duration: 30 minutes | [Tutorial 2: Launch a test EC2 instance and connect to it](tutorial-launch-a-test-ec2-instance.md) | ## Looking for other tutorials? + [Tutorial: Install a LAMP server on AL2023](https://docs.aws.amazon.com/linux/al2023/ug/ec2-lamp-amazon-linux-2023.html) + [Tutorial: Configure SSL/TLS on AL2023](https://docs.aws.amazon.com/linux/al2023/ug/SSL-on-amazon-linux-2023.html) + [Tutorial: Host a WordPress blog on AL2023](https://docs.aws.amazon.com/linux/al2023/ug/hosting-wordpress-aml-2023.html) + [Tutorial: Complete the configuration required to connect to your instance using EC2 Instance Connect](ec2-instance-connect-tutorial.md) + [Tutorial: Connect an Amazon EC2 instance to an Amazon RDS database](tutorial-connect-ec2-instance-to-rds-database.md) # Tutorial 1: Launch my very first Amazon EC2 instance Tutorial 1: Launch my first instance | | | | --- |--- | | Tutorial objective | Learn how to quickly launch an Amazon EC2 instance by using the default settings in the Amazon EC2 launch instance wizard. Also learn how to review the instance configuration fields and terminate the instance. | | EC2 experience | Beginner | | **Duration** | 10 minutes | | **Cost** | Free Tier eligible When you create your AWS account, you can get started with Amazon EC2 for free using the [AWS Free Tier](https://aws.amazon.com/free/). If you created your AWS account before July 15, 2025, it's less than 12 months old, and you haven't already exceeded the Free Tier benefits for Amazon EC2, it won't cost you anything to complete this tutorial, because we help you select options that are within the Free Tier benefits. Otherwise, you'll incur the standard Amazon EC2 usage fees from the time that you launch the instance (even if it remains idle) until you terminate it. If you created your AWS account on or after July 15, 2025, it's less than 6 months old, and you haven't used up all your credits, it won't cost you anything to complete this tutorial, because we help you select options that are within the Free Tier benefits. For information on how to determine whether you're eligible for the Free Tier, see [Track your Free Tier usage for Amazon EC2](ec2-free-tier-usage.md). | | Prerequisites | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/tutorial-launch-my-first-ec2-instance.html) | ## Tutorial overview This tutorial is designed for beginners with no prior experience using Amazon EC2. We'll guide you through the steps for creating—we call it *launching*—your very first EC2 instance using the EC2 console. An *instance* is essentially a web server in the AWS Cloud. After launching your instance, we'll show you how to find it in the console. Finally, to help you manage costs, we'll show you how to delete—we call it *terminate*—your instance. This tutorial is divided into the following short tasks. You must complete each task before moving to the next one. + [Task 1: Launch your instance](#task-1-quickly-launch-instance) + [Task 2: Find your instance](#task-2-find-your-first-instance-in-the-console) + [Task 3: View your instance configuration](#task-3-view-your-first-instance-configuration) + [Task 4: Terminate your instance](#task-4-terminate-your-first-instance) ## Task 1: Launch your instance In this task, you'll take the quickest path to launching your instance by doing only the essentials. We'll use the EC2 launch instance wizard, a web-based form that provides all the fields for configuring and launching your instance. It simplifies the process by providing default values for the instance configuration fields. **Before you start** Make sure you've completed the prerequisites listed in the preceding table, including signing into the AWS Management Console with your administrator user. **Follow these steps to quickly launch your instance** 1. **Open the Amazon EC2 console:** Go to [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. **Open the EC2 launch instance wizard:** From the EC2 dashboard, choose **Launch instance**. The **Launch an instance** web-based form opens. This is the EC2 launch instance wizard. 1. **Name your instance:** Under **Name and tags**, for **Name**, enter a descriptive name like **My first EC2 instance**. While naming your instance isn't required, it helps identify your instance later. 1. **Proceed without a key pair:** Under **Key pair (login)**, for **Key pair name**, choose **Proceed without a key pair (Not recommended)**. A key pair can be used for secure login. However, because we won't be logging into the instance in this tutorial, you don't need a key pair for now. 1. **Launch your instance:** In the **Summary** panel on the right, choose **Launch instance**. Amazon EC2 quickly launches your instance using the default settings. A **Success** banner confirms the launch. **Congratulations\$1 **You've successfully launched your very first EC2 instance\$1 ## Task 2: Find your instance In this task, you'll locate the instance that you just launched in the EC2 console. **Follow these steps to find your instance in the EC2 console** 1. **Open the **Instances** page:** If you're still on the success page, choose **Instances** in the breadcrumb at the top of the screen. You might need to choose the three ellipses first to access it. If you've navigated away, choose **Instances** from the navigation pane. 1. **Locate your instance:** In the **Name** column, find your instance by the name you gave it. ## Task 3: View your instance configuration In this task, you'll become familiar with viewing your instance's configuration details. **Follow these steps to view your instance's configuration** 1. **Locate the instance ID:** In the **Instance ID** column, take note of your instance's unique ID. It begins with **i–** followed by 17 alphanumeric characters, for example, **i-01aeed690c9fb5322**. The instance ID is automatically assigned to your instance when it's launched. 1. **Open the instance details page:** In the **Instance ID** column, choose the ID link to open the instance details page where you can review its configuration. 1. **Explore instance configuration details:** Take a few minutes to explore the configuration details of your instance. In the next tutorial, we'll dive deeper into the configuration. For now, use this time to familiarize yourself with the instance details page. **Tip:** To quickly find a field, press Ctrl\$1F or command\$1F on your keyboard. 1. **Instance type:** Can you find the instance type? It might be **t3.micro**, for example. 1. **Public IPv4 address:** Can you find the public IPv4 address that was allocated to your instance? It's in a format similar to the following example: **34.242.148.128**. 1. **Instance owner:** Can you identify the owner of this instance? It's you\$1 Your AWS account number is listed under the **Owner** field. 1. **Instance tags:** The name you gave your instance is actually a tag. Can you find your instance tags? Choose the **Tags** tab. The key is **Name**, and the value is the name you provided. 1. **Launch time:** Can you find when you launched your instance? Choose the **Details** tab and find the **Launch time** field. 1. **Instance state:** Can you verify the state of your instance? It should be **Running**. Take a few more minutes to explore the other instance configuration fields. When you're ready, proceed to the next task. ## Task 4: Terminate your instance **Warning** **Terminating an instance is permanent and irreversible.** After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see [How instance termination works](how-ec2-instance-termination-works.md). Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage. In this task, you'll delete your instance to preserve your Free Tier benefits. In EC2, *terminate* is the term used for deleting an instance. **Follow these steps to terminate your instance** 1. **Initiate termination:** If you're still on the instance details page, choose the **Instance state** menu (top right), and then choose **Terminate (delete) instance**. If you've navigated away, choose **Instances** from the navigation pane. Then, on the **Instances** page, select the checkbox next to the name of your instance, and then choose the **Instance state** menu (top right), and choose **Terminate (delete) instance**. 1. **Confirm termination:** In the **Terminate (delete) instance** window that opens, choose the **Terminate (delete)** button to confirm that you want to terminate your instance. 1. **Monitor instance state:** On the **Instances** page, check the **Instance state** column. The state of your instance changes to **Shutting-down**. If you don't see the full text, try widening the column. Once the instance has shut down, Amazon EC2 deletes the instance, and it disappears from the **Instances** page. ## Key takeaways In this tutorial, you covered the following key concepts: + *Instance* refers to an Amazon EC2 web server in the AWS Cloud. + *Launch* refers to creating an EC2 instance. + *Terminate* refers to deleting an EC2 instance. + The EC2 launch instance wizard contains default values for instance configuration, allowing for a quick and easy instance launch. + The instance ID is a unique identifier automatically assigned to your instance, while the instance name is an optional tag that you can assign for easier identification. ## Next steps To build confidence in launching and terminating instances, consider repeating the steps in this tutorial. Be sure to terminate any instances that you launch to preserve your Free Tier benefits. Once you're comfortable with these basics, move onto the next tutorial, which provides a deeper dive into key instance configuration fields. # Tutorial 2: Launch a test EC2 instance and connect to it Tutorial 2: Launch a test instance | | | | --- |--- | | Tutorial objective | Learn how to launch an Amazon EC2 instance that you can use for testing purposes. This instance will have no advanced configuration and won't store sensitive information. You will also learn about the essential instance configuration settings, how to connect to the instance, and how to stop it. | | EC2 experience | Beginner | | **Duration** | 30 minutes | | **Cost** | Free Tier eligible When you create your AWS account, you can get started with Amazon EC2 for free using the [AWS Free Tier](https://aws.amazon.com/free/). If you created your AWS account before July 15, 2025, it's less than 12 months old, and you haven't already exceeded the Free Tier benefits for Amazon EC2, it won't cost you anything to complete this tutorial, because we help you select options that are within the Free Tier benefits. Otherwise, you'll incur the standard Amazon EC2 usage fees from the time that you launch the instance (even if it remains idle) until you terminate it. If you created your AWS account on or after July 15, 2025, it's less than 6 months old, and you haven't used up all your credits, it won't cost you anything to complete this tutorial, because we help you select options that are within the Free Tier benefits. For information on how to determine whether you're eligible for the Free Tier, see [Track your Free Tier usage for Amazon EC2](ec2-free-tier-usage.md). | | Prerequisites | Complete [Tutorial 1: Launch my very first Amazon EC2 instance](tutorial-launch-my-first-ec2-instance.md). | ## Tutorial overview This tutorial is designed for beginners who want to launch an EC2 instance that they can use for testing purposes. We'll explain the key instance configuration fields, and then guide you through the steps for launching a test instance using the default values in the EC2 console. After launching your instance, we'll show you how to log into—we call it *connect to*—your instance. We'll also show you how to create a key pair, which is required for connecting to your instance in this tutorial. Finally, to help manage costs, we'll show you to stop your instance to avoid usage charges. You'll launch a Linux instance in this tutorial. While the steps in this tutorial can be used for launching instances with other operating systems, the instructions for *connecting* to an instance are specific to Linux instances. This tutorial is divided into the following short tasks. You must complete each task before moving to the next one. + [Task 1: Familiarize yourself with key components for launching an instance](#tut2-task-1-familiarize-with-the-tutorial-components) + [Task 2: Review a technical diagram](#tut2-task-2-technical-diagram) + [Task 3: Create a key pair](#tut2-task-3-create-key-pair) + [Task 4: Launch your test instance](#tut2-task-4-launch-test-instance) + [Task 5: Find your instance](#tut2-task-5-find-test-instance-in-the-console) + [Task 6: View your instance configuration](#tut2-task-6-view-test-instance-configuration) + [Task 7: Familiarize yourself with key components for connecting to an instance](#tut2-task-7-familiarize-with-connection-components) + [Task 8: Connect to your instance](#tut2-task-8-connect-to-test-ec2-instance) + [Task 9: Stop your instance](#tut2-task-9-stop-test-ec2-instance) ## Task 1: Familiarize yourself with key components for launching an instance In this task, you'll explore the key components required to launch an EC2 instance. These are the AMI, instance type, key pair, security group, network (VPC and subnet), and Amazon EBS volume. You'll also explore an optional component, the **Name** tag. To help visualize these components, think of an instance like a rental house. Just as renting a house gives you a place to live without your needing to own and maintain the property, EC2 instances provide computing power without your needing to own and maintain the underlying infrastructure. When deciding on the kind of instance to launch, you'll consider the configuration criteria for the instance, just as you would consider the criteria you want from a house. While this analogy simplifies things, it offers a helpful way to visualize the components until you're more familiar with them. + **AMI – House building materials and amenities:** The Amazon Machine Image (AMI) determines the operating system and applications your instance starts with. This is like choosing the building materials (like brick, steel, or wood) and amenities (like appliances and furnishings) of your house. A base AMI is like an unfurnished house with basic appliances, while a custom AMI with pre-installed software is like a fully furnished house. + **Instance type – House size and power:** The instance type defines the size and capabilities of your EC2 instance, much like choosing the size of a house, number of rooms, and energy capacity. Each instance type determines the amount of CPU, memory, storage, and networking capacity of your instance. The selected AMI might limit what instance types you can choose. + **Key pair – Front door key**: A key pair is like the lock and key to the front door of your house. The public key acts as the lock on your instance, while the private key is the key you must keep securely on your local computer. If someone else gets hold of your private key, they can access your instance, much like how someone with your front door key can enter your house. + **Network (VPC and subnet) – Property boundary, sectioned areas, and house number**: Your virtual private cloud (VPC) is like the entire property where your house is located, and the subnet is the sectioned-off area around the house. If you have multiple houses (instances) on your property, you might want to section them off into distinct areas (different subnets) depending on their purpose. Some houses allow visitors to roam freely through the gardens (public subnets with internet access), while others have fenced-off gardens to restrict entry (private subnets without internet access). Each subnet contains a range of IP addresses, much like house numbers, which can be assigned to instances within the subnet. + **Security group – The gatekeeper**: The security group acts like a gatekeeper, controlling who is allowed to visit your house. It enforces a set of rules that controls what traffic is allowed to reach your instance. For example, a rule that allows SSH traffic from a specific IP address is like the gatekeeper letting in only a specific person to deliver groceries. Similarly, allowing HTTPS traffic from anywhere is like letting the public come and take a look at the exterior of your house. + **Amazon EBS volume – Storage units**: EBS volumes are like storage units where you can store your belongings. Each instance has a root volume (where the AMI is stored), and you can add more volumes (storage) at any time as needed. + **Name tag – The house name:** The **Name** tag functions like a sign on a house, helping you easily identify who lives there. While the **Name** tag makes it easier to distinguish between instances, it's not required when launching an instance. ## Task 2: Review a technical diagram In this task, you'll become familiar with a typical technical diagram that we use in the AWS documentation. The following diagram represents the configuration for the test instance you'll launch in this tutorial. In the previous task, we introduced these components using the analogy of a rental house. Now, we'll focus on the actual EC2 components themselves. The numbered labels correspond to the descriptions that follow. ![\[A technical diagram of an EC2 instance with a security group, key pair, and EBS root volume, surrounded by a public subnet, a VPC, and the AWS Cloud.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/tutorial-test-instance.png) 1. **AMI** – The AMI is the image you choose when launching an instance. It's a template that contains the operating system and software to run on your instance. For example, if you want to launch a Linux instance, you can choose the Amazon Linux 2023 AMI. Or, if you want to launch a Windows instance, you can choose the Microsoft Windows Server 2022 Base AMI. The AMI catalog in the Amazon EC2 console contains 1000s of images to choose from. 1. **Instance type** – The instance type is the hardware that determines the CPU, memory, storage, and networking capacity of the host computer used for your instance. Amazon EC2 offers over 600 instance types to choose from, each varying in hardware configuration and size, allowing you to choose the best fit for your application's needs. 1. **Key pair** – A key pair is set of security credentials that you use to prove your identity when connecting to your instance. The public key is on your instance and the private key is on your local computer. In EC2, *connecting to your instance* refers to logging into your instance from your local computer. While there are other ways to securely connect to your instance, in this tutorial we use a key pair. 1. **Network** – The network is made up of a VPC and one or more subnets. A VPC is a virtual network within the AWS Cloud. Every AWS customer has their own VPC dedicated to their AWS account. You’ll launch your instance into a subnet in your VPC. A subnet is a range of IP addresses within a VPC. Your default subnet is a public subnet, which means it will assign a public IP address and provide internet access to your instance from outside the Amazon network. 1. **Security group** – A security group acts as a firewall to control the traffic to your instance. A security group contains rules that allow certain types of traffic to enter your instance. To connect through SSH from your local computer to your instance (using your key pair), you need a rule that allows SSH traffic from your local computer. 1. **EBS volume** – An Amazon EBS volume is a storage device that functions like a physical hard drive. Your instance comes with a root volume, which is a special EBS volume that stores the AMI with the operating system and software needed to boot your instance. You can optionally add data volumes. However, since your test instance won't store any sensitive data, you don't need additional encrypted data volumes. **Congratulations\$1** You've completed the conceptual tasks in this tutorial. In the following tasks, you'll use the Amazon EC2 console to create the components you've learned about. ## Task 3: Create a key pair In this task, you'll create a key pair. A key pair consists of two parts: a public key, which you'll add to your instance, and a matching private key, which you'll use to securely connect to your instance. In the next task, you'll select this key pair when launching your instance, which automatically adds the public key to the instance. It's crucial to store the private key securely on your local computer, because anyone with access to it can connect to your instance. If you prefer to use an existing key pair when you launch your test instance, feel free to skip this task. Otherwise, proceed to create a new key pair. **Before you start** Make sure you've completed the prerequisites listed in the preceding table, including signing into the AWS Management Console with your administrator user. **Follow these steps to create a key pair** 1. **Open the Amazon EC2 console:** Go to [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. **Navigate to the Key pairs console page:** In the navigation pane, under **Network & Security**, choose **Key Pairs**. + If you previously created key pairs, they appear in the table. + If no key pairs exist, the table is empty. 1. **Create a new key pair:** Choose the **Create key pair** button (top right) to open the **Create key pair** web-based form, and enter your key pair details, as follows: 1. **Name your key pair:** For **Name**, enter a name that will help you recognize the key pair, like **test-instance-key-pair**. The name can be up to 255 ASCII characters long. It can’t include leading or trailing spaces. 1. **Choose the key pair type:** For **Key pair type**, choose **ED25519**. Linux instances support both RSA and ED25519 key types, while Windows instances support only RSA. Since you'll be launching a Linux instance in this tutorial, you can use an ED25519 key. 1. **Choose the private key file format:** For **Private key file format**, choose **.pem**. This is the format in which your private key file will be saved. 1. **Save the public key to Amazon EC2 and download the private key:** Choose the **Create key pair** button (bottom right). Amazon EC2 saves the public key, while your browser downloads the private key file automatically to your local computer. The file is named according to the name that you specified for the key pair, and the extension is the file format that you chose. Move the private key file to a secure location on your computer. **Important** This is the only chance you'll have to save the private key file. 1. **Set the permissions on the key (for macOS and Linux users):** If you plan to connect to your instance using SSH on a macOS or Linux computer, you must set the correct permissions for your private key file. Open a terminal window and run the following command, replacing *test-instance-key-pair* with the name of your key pair: ``` chmod 400 test-instance-key-pair.pem ``` This command ensures that only you can read the private key file, which is necessary for establishing a secure connection to your instance. Without these permissions, you won’t be able to connect using this key pair. **Congratulations\$1** You've successfully created a key pair\$1 ## Task 4: Launch your test instance In this task, you'll quickly launch a test instance using the EC2 launch instance wizard. You'll configure the main instance configuration settings for a Linux instance and use the default values for the other fields. To help you manage costs, we recommend choosing **Free tier eligible** components. **Follow these steps to launch a test instance** 1. **Open the Amazon EC2 console:** Go to [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. **Open the EC2 launch instance wizard:** From the EC2 dashboard, choose **Launch instance**. The **Launch an instance** web-based form opens. This is the EC2 launch instance wizard. 1. **Name your instance:** Under **Name and tags**, for **Name**, enter a descriptive name like **Test instance**. The instance name is a tag, where the key is **Name**, and the value is the name that you specify. **Tip:** For test instances, a name tag is sufficient. However, for production instances, it’s best practice to establish a tagging policy to standardize tagging across all your resources. 1. **Choose your operating system and software—the Amazon Machine Image (AMI):** Under **Application and OS Images (Amazon Machine Image)**, for **Amazon Machine Image (AMI)**, the default selection is **Amazon Linux 2023 AMI**. This AMI is marked **Free tier eligible**. In this tutorial, you'll be launching a Linux instance, so leave the default setting to keep under the Free Tier limits. 1. **Choose your hardware—the instance type:** Under **Instance type**, for **Instance type**, keep the default selection for this tutorial. The default instance type can be used under the Free Tier and its hardware is suitable for your test instance. 1. **Prepare for secure login with a key pair:** Under **Key pair (login)**, for **Key pair name**, choose the key pair you created in the previous task. If you don't see your key pair in the list, choose the refresh icon (to the right of the list). When your instance launches, it will place the public key on the instance. To connect to your instance after it has launched, you'll use the corresponding private key that you downloaded in the previous task. 1. **Configure the network settings to enable internet access:** Under **Network settings**, the **Network** (your VPC) and **Subnet** fields are configured by default. Keep the default settings for this tutorial to help you get started quickly. If you haven’t modified your default subnet, your instance will have internet access. **Tip:** Your default subnet is a public subnet, which means it will assign a public IP address and provide internet access to your instance from outside the Amazon network. For test instances, it’s okay to use the default subnet settings that provide internet access. However, for production instances, it’s best practice to only assign a public IP address and use a subnet with internet access when absolutely necessary. 1. **Set up the instance firewall (security group):** Under **Network settings**, under **Firewall (security groups)**, keep the checkbox **Allow SSH traffic from Anywhere (0.0.0.0)** selected. This will create a new security group for your test instance that allows SSH traffic from any IP address. A security group acts as a firewall to control the traffic to your instance. To connect through SSH from your local computer to your instance, you need a rule that allows SSH traffic from your local computer. **Tip:** The IP address of your local computer might change over time if your internet service provider uses dynamic IP assignment. We're assuming that when you use an instance for testing purposes, you won't use the instance to store sensitive information, and therefore security measures can be less restrictive. For test instances, it's generally acceptable to allow traffic from any IP address (`0.0.0.0/0`) so that you can always connect even if your IP address changes. However, for production instances, especially those with sensitive data, it's best practice to allow traffic only from known IP addresses. 1. **Configure the instance storage:** Under **Configure storage**, the **Root volume (Encrypted)** fields are configured by default. Leave the settings as they are to keep under the Free Tier limits. Since our test instance won't store any sensitive data, we don't need additional encrypted data volumes. 1. **Review the instance configuration:** In the **Summary** panel on the right, you can review your high-level settings before launching your instance. 1. **Launch your instance:** When you're ready to launch your instance, in the **Summary** panel, choose **Launch instance**. Amazon EC2 quickly launches your instance using the settings that you specified. If you didn't specify a setting, the default is used. A **Success** banner confirms the launch. **Congratulations\$1 **You've successfully launched your test instance\$1 ## Task 5: Find your instance In this task, you'll locate the instance that you just launched in the EC2 console. **Follow these steps to find your instance in the EC2 console** 1. **Open the **Instances** page:** If you're still on the success page, choose the instance ID in the **Success** banner. If you've navigated away, choose **Instances** from the navigation pane. 1. **Locate your instance:** In the **Name** column, find your instance by the name you gave it. ## Task 6: View your instance configuration In this task, you'll become familiar with viewing your instance's configuration details. **Follow these steps to view your instance's configuration** 1. **Locate your instance:** In the **Name** column, find your instance by the name you gave it. 1. **Open the instance details page:** Select the checkbox next to the name of your instance, and then choose the **Actions** menu (top right), and choose **View details** to open the instance details page where you can review its configuration. In the previous tutorial, you chose the instance's ID link to open the instance details page. You'll discover that there's more than one way to accomplish a task in the EC2 console. 1. **Explore instance configuration details:** Take a few minutes to explore the configuration details of your instance. **Tip:** To quickly find a field, press Ctrl\$1F or command\$1F on your keyboard. 1. **AMI:** Can you find the AMI that you used to launch your instance? You can find the information in **AMI ID** and **AMI name** on the **Details** tab. 1. **Instance type:** Can you find the instance type? It's might be **t3.micro**, for example. 1. **Key pair:** Can you find the key pair that you selected when you launched your instance? It's specified for **Key pair assigned at launch**. Note that if you change the key pair in the future, the value here won't change. 1. **VPC:** Can you find the ID of your VPC? You'll find all networking-related configuration settings on the **Networking** tab. The VPC ID is in a format similar to the following example: **vpc-1a2b3c4d** 1. **Subnet:** Can you find the ID of the subnet in which you launched your instance? It's in a format similar to the following example: **subnet-1a2b3c4d** 1. **Public IPv4 address:** Can you find the public IPv4 address that was allocated to your instance? It's in a format similar to the following example: **34.242.148.128**. 1. **Security group:** Can you find the inbound rule that was created to allow SSH traffic from anywhere (0.0.0.0./0)? You'll find all security-related configuration settings on the **Security** tab. 1. **Storage:** Can you find the volume that was created for this instance? You'll find all storage-related configuration settings on the **Storage** tab. 1. **Instance tags:** The name you gave your instance is actually a tag. Can you find your instance tags? Choose the **Tags** tab. The key is **Name**, and the value is the name you provided. 1. **Instance state:** Can you verify the state of your instance? It should be **Running**. Take a few more minutes to explore the other instance configuration fields. When you're ready, proceed to the next task. ## Task 7: Familiarize yourself with key components for connecting to an instance In this task, you'll explore the key components required to connect to an EC2 instance. These are the connection protocol, public DNS, security group, key pair, and instance username. To help visualize these components, think of connecting to an instance like going to your house: + **Connection protocol – Your mode of transport:** Just like choosing how to get home, you choose the connection protocol that will take you to your instance. In this tutorial, we'll use SSH (Secure Shell), which creates a secure tunnel for connecting your computer to your instance over the internet. + **Public DNS – The house address:** Just like your house has a unique address, your EC2 instance has its own public DNS name (for example, `ec2-18-201-118-201.eu-west-1.compute.amazonaws.com`). This public DNS name enables SSH to connect directly to your instance. + **Security group – The gatekeeper:** Imagine your house has a gatekeeper who controls who may enter or leave. Similarly, the EC2 instance has a security group that acts like a gatekeeper, controlling which types of network traffic are allowed in or out of your instance. Only the traffic you explicitly permit (for example, SSH traffic from your computer's IP address) is allowed in. + **Private key – Your front door key:** When you launched the instance, you specified a key pair. The public key was placed on the instance, and you kept the private key on your computer. The private key acts as your front door key—without it, you can’t get into your instance. + **Instance username – The resident:** When you arrive at your house, you need to identify yourself to prove you're a resident. Similarly, when connecting to an instance, you provide a username. Different instances have different default usernames, depending on their operating system. For example, Amazon Linux instances use `ec2-user` as the default username. **The connection command** To connect to your EC2 instance, use the following command in a terminal window: ``` ssh -i "test-instance-key-pair.pem" ec2-user@ec2-18-201-118-201.eu-west-1.compute.amazonaws.com ``` Here's a breakdown of what the command does: + `ssh` – This command specifies the connection protocol, initiating an SSH (Secure Shell) connection to your instance. + `-i "test-instance-key-pair.pem"` – The `-i` flag indicates the private key file needed to authenticate the connection. This private key file must match the key pair you specified when launching the instance. If your private key file is saved in a specific folder, specify the full path to the file. + `ec2-user` – This is the username for logging into the instance. For Amazon Linux instances, the default username is `ec2-user`. Other AMIs might use different default usernames, such as `ubuntu` for Ubuntu instances. + `@` – This symbol separates the username from the instance's address. + `ec2-18-201-118-201.eu-west-1.compute.amazonaws.com` – This is the public address of your instance (the public DNS), which includes the public IPv4 address and the AWS Region. It uniquely identifies the instance. **What happens when you run the command** After you run the command, SSH establishes a secure tunnel and authenticates with your private key. If the instance's security group permits the traffic, you gain access to your EC2 instance. You can now control the instance from your computer as if you were sitting right in front of it. You can run commands, install software, and manage files—just like you would on your local machine. ## Task 8: Connect to your instance In this task, you'll connect to your instance using an SSH client on your computer. In the previous task, we introduced the components for connecting to an instance using the analogy of going to your house. Now, we'll focus on connecting to the actual EC2 instance. There are different ways to connect to an instance. The method you use to connect depends on the instance's operating system. Since you've launched a Linux instance, you'll use an SSH client on your local computer. **First, check if your computer has an SSH client installed** Most computers come with an SSH client pre-installed. To check, open a terminal window on your computer and run the following command: ``` ssh ``` If the command is recognized, you're ready to connect. If the command isn't recognized, you must install an SSH client. Instructions for installing an SSH client are beyond the scope of this tutorial. If you need help, see [SSH connection prerequisites](connect-linux-inst-ssh.md#ssh-prereqs-linux-from-linux-macos) in this user guide or search online for instructions on how to install an SSH client on your operating system. **Follow these steps to connect to your instance** 1. **Initiate connecting:** If you're on the instance details page in the Amazon EC2 console, choose the **Connect** button (top right). If you've navigated away, choose **Instances** from the navigation pane. Then, on the **Instances** page, select the checkbox next to the name of your instance and choose the **Connect** button (top right). This opens the **Connect to instance** page. 1. **Choose the connection method:** On the **Connect to instance** page, choose the **SSH client** tab. Take a moment to review the text on this page, as these are the steps that you'll follow next. 1. **Review the SSH command:** Under **Example**, you'll see a command that is automatically generated and customized with your instance's details. The private key name is derived from the name of the public key specified at launch. The command looks something like this: ``` ssh -i "test-instance-key-pair.pem" ec2-user@ec2-18-201-118-201.eu-west-1.compute.amazonaws.com ``` 1. **Copy the SSH command:** Choose the copy icon next to the example SSH command. 1. **Open a terminal window:** On your local computer, open a terminal window. 1. **Paste and run the SSH command:** Paste the SSH command into the terminal window. If you saved your private key file in a specific folder, edit the command to include the full file path. Press Enter on your keyboard. You'll see a response similar to the following: ``` The authenticity of host 'ec2-18-201-118-201.eu-west-1.compute.amazonaws.com (18-201-118-201)' can't be established. ED25519 key fingerprint is SHA256:examplehxj9aOr1MogvKOoMNskVVIRBQBoq0example.This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? ``` 1. **Complete the connection:** Enter **yes** and press Return on your keyboard. Verifying the fingerprint is beyond the scope of this tutorial. To learn more, see [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). Upon a successful connection, the terminal prompt changes to display your instance's public DNS. **Congratulations\$1** You've successfully connected to your instance\$1 ## Task 9: Stop your instance In this task, you'll stop your instance to preserve your Free Tier benefits. When your instance is stopped, you stop incurring costs for it. If you created your AWS account before July 15, 2025 and your qualify for the Free Tier, you will continue to incur costs for the EBS storage. **Follow these steps to stop your instance** 1. **Initiate stopping:** If you're still on the **Connect to instance** page, choose **Instances** from the breadcrumb. If you've navigated away, choose **Instances** from the navigation pane. Then, on the **Instances** page, select the checkbox next to the name of your instance, and then choose the **Instance state** menu (top right), and choose **Stop instance**. When prompted, choose **Stop**. 1. **Monitor instance state:** On the **Instances** page, check the **Instance state** column. The state of your instance changes to **Stopping** and then **Stopped**. If you don't see the full text, try widening the column. If you think the instance state has changed from **Stopping** to **Stopped**, but you don't see it yet, choose the refresh icon (above the table) to refresh the **Instances** table. ## Key takeaways In this tutorial, you covered the following key concepts: + *AMI* refers to an Amazon Machine Image, which is a template that contains the operating system and software required to launch an instance. + *Instance type* refers to the hardware of the host computer used for your instance. It determines the CPU, memory, storage, and networking capacity of your instance. + *Key pair* refers to the set of public and private keys that you can use for securely connecting to your instance. + *Network* refers to a *VPC* (a virtual private cloud dedicated to your account within the AWS Cloud) and a *subnet* (a range of IP addresses within your VPC). + *Security group* refers to a set of rules that controls what traffic can reach your instance. + *EBS volume* refers to the data storage for your instance. Every instance has a root volume for storing the AMI and one or more optional data volumes. + *Tags* are metadata that you can optionally assign to your instance. The instance name is a tag, whose **Key** is **Name**, and the **Value** is your choice. + *Connecting* refers to accessing your instance over the internet. + *SSH* refers to the Secure Shell connection protocol that you can use to connect to your instance. + *Public DNS* is your instance's unique public address. + *Instance username* is determined by the operating system of your instance and required for connecting. + *Stopping* your instance stops the charges for the instance, but EBS storage charges continue. ## Next steps To build confidence in launching, connecting to, and stopping instances, consider repeating the steps in this tutorial. Be sure to terminate any instances that you launch to preserve your Free Tier benefits. Once you're comfortable with these basics, you can explore more advanced tutorials. For more tutorials, see [Looking for other tutorials?](ec2-instance-launch-tutorials.md#looking-for-other-tutorials) If you created your AWS account before July 15, 2025, consider watching the following 6-minute video: [How can I avoid charges on my account when using AWS Free Tier services](https://youtu.be/pZLG8McSugQ) If you created your AWS account on or after July 15, 2025, consider reviewing the following information: [Explore AWS services with AWS Free Tier](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier.html) in the *AWS Billing User Guide* # Reference for Amazon EC2 instance configuration parameters Instance parameter reference The launch instance wizard and launch template in the Amazon EC2 console provide all the parameters for configuring an Amazon EC2 instance. Except for the key pair, the launch instance wizard provides a default value for each parameter. You can accept any or all of the defaults, or configure an instance with your own values. When creating a launch template, the parameters are optional. If you use a launch template to launch an instance, the parameters specified in the launch template override the default values in the launch instance wizard. Any parameter not specified in the launch template will default to the value provided by the launch instance wizard. The parameters are grouped in the launch instance wizard and launch template. The following descriptions are presented according to the parameter groupings in the console. **Topics** + [ ## Name and tags ](#liw-name-and-tags) + [ ## Application and OS Images (Amazon Machine Image) ](#liw-ami) + [ ## Instance type ](#liw-instance-type) + [ ## Key pair (login) ](#liw-key-pair) + [ ## Network settings ](#liw-network-settings) + [ ## Configure storage ](#liw-storage) + [ ## Advanced details ](#liw-advanced-details) + [ ## Summary ](#liw-summary) ## Name and tags The instance name is a tag, where the key is **Name**, and the value is the name that you specify. You can tag the instance, volumes, and network interfaces. For Spot Instances, you can tag the Spot Instance request only. For information about tags, see [Tag your Amazon EC2 resources](Using_Tags.md). Specifying an instance name and additional tags is optional. + For **Name**, enter a descriptive name for the instance. If you don't specify a name, the instance can be identified by its ID, which is automatically generated when you launch the instance. + To add additional tags, choose **Add additional tags**. Choose **Add tag**, and then enter a key and value, and select the resource type to tag. Choose **Add tag** again for each additional tag to add. You can only specify the instance name when launch an instance. You can't name the instance when you create a launch template, but you can add tags for the resources that are created when the instance is launched. ## Application and OS Images (Amazon Machine Image) An Amazon Machine Image (AMI) contains the information required to create an instance. For example, an AMI might contain the software that's required to act as a web server, such as Linux, Apache, and your website. You can find a suitable AMI as follows. With each option for finding an AMI, you can choose **Cancel** (at top right) to return to the launch instance wizard without choosing an AMI. **Search bar** To search through all available AMIs, enter a keyword in the AMI search bar and then press **Enter**. To select an AMI, choose **Select**. **Recents** The AMIs that you've recently used. Choose **Recently launched** or **Currently in use**, and then, from **Amazon Machine Image (AMI)**, select an AMI. **My AMIs** The private AMIs that you own, or private AMIs that have been shared with you. Choose **Owned by me** or **Shared with me**, and then, from **Amazon Machine Image (AMI)**, select an AMI. **Quick Start** AMIs are grouped by operating system (OS) to help you get started quickly. First select the OS that you need, and then, from **Amazon Machine Image (AMI)**, select an AMI. To select an AMI that can be used under the AWS Free Tier, make sure that the AMI is marked **Free tier eligible**. **Browse more AMIs** Choose **Browse more AMIs** to browse the full AMI catalog. + To search through all available AMIs, enter a keyword in the search bar and then press **Enter**. + To find an AMI by using a Systems Manager parameter, choose the arrow button to the right of the search bar, and then choose **Search by Systems Manager parameter**. For more information, see [Reference AMIs using Systems Manager parameters](using-systems-manager-parameter-to-find-AMI.md). + To search by category, choose **Quickstart AMIs**, **My AMIs**, **AWS Marketplace AMIs**, or **Community AMIs**. The AWS Marketplace is an online store where you can buy software that runs on AWS, including AMIs. For more information about launching an instance from the AWS Marketplace, see [Launch an Amazon EC2 instance from an AWS Marketplace AMI](launch-marketplace-console.md). In **Community AMIs**, you can find AMIs that AWS community members have made available for others to use. AMIs from Amazon or a verified partner are marked **Verified provider**. + To filter the list of AMIs, select one or more check boxes under **Refine results** on the left of the screen. The filter options are different depending on the selected search category. + Check the **Root device type** listed for each AMI. Notice which AMIs are the type that you need: either **ebs** (backed by Amazon EBS) or **instance-store** (backed by instance store). For more information, see [Root volume type](ComponentsAMIs.md#storage-for-the-root-device). + Check the **Virtualization** type listed for each AMI. Notice which AMIs are the type that you need: either **hvm** or **paravirtual**. For example, some instance types require HVM. For more information about Linux virtualization types, see [Virtualization types](ComponentsAMIs.md#virtualization_types). + Check the **Boot mode** listed for each AMI. Notice which AMIs use the boot mode that you need: either **legacy-bios**, **uefi**, or **uefi-preferred**. For more information, see [Instance launch behavior with Amazon EC2 boot modes](ami-boot.md). + Choose an AMI that meets your needs, and then choose **Select**. **Warning when changing the AMI** When you launch an instance, if you modify the configuration of any volumes or security groups associated with the selected AMI, and then you choose a different AMI, a window opens to warn you that some of your current settings will be changed or removed. You can review the changes to the security groups and volumes. Furthermore, you can either view which volumes will be added and deleted, or view only the volumes that will be added. This warning does not appear when creating a launch template. ## Instance type The instance type defines the hardware configuration and size of the instance. Larger instance types have more CPU and memory. For more information, see [Amazon EC2 instance types](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-types.html). + **Instance type**: Ensure that the instance type is compatible with the AMI that you've specified. For more information, see [Amazon EC2 instance types](instance-types.md). **Free Tier** – You can use instance types that are labeled **Free tier eligible** for free under the Free Tier. The specific instance types depend on when you created your AWS account. If your created your AWS account before July 15, 2025 and it's less than 12 months old, you can use Amazon EC2 under the Free Tier by selecting the **t2.micro** instance type, or the **t3.micro** instance type in Regions where **t2.micro** is unavailable. Be aware that when you launch a **t3.micro** instance, it defaults to [**Unlimited** mode](burstable-performance-instances-unlimited-mode.md), which might incur additional charges based on CPU usage. If you created your AWS account on or after July 15, 2025, you can use **t3.micro**, **t3.small**, **t4g.micro**, **t4g.small**, **c7i-flex.large**, and **m7i-flex.large** instance types for 6 months or until your credits are used up. For more information, see [Free Tier benefits before and after July 15, 2025](ec2-free-tier-usage.md#ec2-free-tier-comparison). + **Compare instance types**: You can compare different instance types by the following attributes: number of vCPUs, architecture, amount of memory (GiB), amount of storage (GB), storage type, and network performance. + **Get advice**: You can get guidance and suggestions for instance types from the EC2 instance type finder. For more information, see [Get recommendations from EC2 instance type finder](get-ec2-instance-type-recommendations.md). + (Launch templates only) **Advanced**: To specify instance attributes and let Amazon EC2 identify the instance types with those attributes, choose **Advanced**, and then choose **Specify instance type attributes**. + **Number of vCPUs**: Enter the minimum and maximum number of vCPUs for your compute requirements. To indicate no limits, enter a minimum of **0**, and leave the maximum blank. + **Amount of memory (MiB)**: Enter the minimum and maximum amount of memory, in MiB, for your compute requirements. To indicate no limits, enter a minimum of **0**, and leave the maximum blank. + Expand **Optional instance type attributes** and choose **Add attribute** to express your compute requirements in more detail. For information about each attribute, see [InstanceRequirementsRequest](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceRequirementsRequest.html) in the *Amazon EC2 API Reference*. + **Resulting instance types**: You can preview the instance types that match the specified attributes. To exclude instance types, choose **Add attribute**, and from the **Attribute** list, choose **Excluded instance types**. From the **Attribute value** list, select the instance types to exclude. ## Key pair (login) For **Key pair name**, choose an existing key pair, or choose **Create new key pair** to create a new one. For more information, see [Amazon EC2 key pairs and Amazon EC2 instances](ec2-key-pairs.md). **Important** If you choose the **Proceed without key pair (Not recommended)** option, you won't be able to connect to the instance unless you choose an AMI that is configured to allow users another way to log in. ## Network settings The network settings define the [IP addresses](using-instance-addressing.md), [security groups](ec2-security-groups.md), and [network interfaces](using-eni.md) for your instances. You can use the default network settings or configure them as needed. + (Launch instance wizard only) **VPC**: Choose an existing VPC for your instance. The default VPC for the Region is selected by default. Alternatively, you can choose a VPC that you created or that was shared with you. For more information, see [Virtual private clouds for your EC2 instances](using-vpc.md). + **Subnet**: Choose a subnet for your instance or choose **Create new subnet** to create a new subnet using the Amazon VPC console. + You can create a subnet in any Availability Zone, Local Zone, Wavelength Zone, or Outpost Zone for the selected VPC. + To launch the instance in an IPv6-only subnet, the instance must be a [Nitro-based instance](instance-types.md#instance-hypervisor-type). + (Launch instance wizard only) **Auto-assign Public IP**: Enable or disable auto-assignment of public IPv4 addresses. When launching instances into a default subnet, the default value is **Enable**. When launching instances into a nondefault subnet the default value is **Disable**. For more information, see [Public IPv4 addresses](using-instance-addressing.md#concepts-public-addresses). You can't enable this option for nondefault subnets if you add a secondary network interface. For more information, see [Assign a public IPv4 address at launch](working-with-ip-addresses.md#public-ip-addresses). + (Launch instance wizard only) **Auto-assign IPv6 IP**: Enable or disable auto-assignment of IPv6 addresses. For more information, see [IPv6 addresses](using-instance-addressing.md#ipv6-addressing). + **Firewall (security groups)**: Choose an existing security group or create a new one. Ensure that your security group has rules that allow traffic to and from your instances. All other traffic is ignored. If you create a new security group, we automatically create an inbound rule that allows you to connect to your instance from all IP addresses over SSH (Linux instances) or RDP (Windows instances. You can remove or modify this rule as needed. You can add rules as needed. For more information, see [Configure security group rules](changing-security-group.md#add-remove-security-group-rules). **Warning** Rules that enable all IP addresses to access your instance over SSH or RDP are acceptable if you are briefly launching a test instance and will stop or terminate it after a short time. They are unsafe for production environments. You should authorize only a specific IP address range to access your instances. This security group is added to the primary network interface and any secondary network interfaces. You can select additional security groups for your network interfaces, but you can't remove the one that you select here. + **Advanced network configuration** – You can configure the primary network interface as needed. To add a secondary network interface, choose **Add network interface**. The number of network interfaces that you can add depends on the instance type that you selected. Note that this section is available only if you choose a subnet. + **Device index**: The device index. The primary network interface must be assigned to index 0. + **Network interface**: The network interface. Select **New interface** to let Amazon EC2 create a new interface, or select an existing, available network interface. If you select an existing network interface as the primary network interface, you can't enable **Auto-assign Public IP** for nondefault subnets. + **Description**: A description for the new network interface. + **Subnet**: The subnet in which to create the new network interface. The instance is launched in the same subnet as the primary network interface. You must choose a subnet for a secondary network interface from the same Availability Zone as the subnet for the primary network interface. If you select a subnet from another VPC, the label **Multi-VPC** appears next to the network interface. This enables you to create multi-homed instances across VPCs with different networking and security configurations. To launch an EC2 instance into an IPv6-only subnet, you must use a [Nitro-based instance](instance-types.md#instance-hypervisor-type). When launching an IPv6-only instance, it is possible that DHCPv6 might not immediately provide the instance with the IPv6 DNS name server. During this initial delay, the instance might not resolve public domains. You can change the configuration file and re-image your AMI so that the file has the IPv6 DNS name server address immediately on booting. + **Security groups**: The security groups to associate with the network interface. You must choose a security group from the same VPC as the subnet for the network interface. + (Launch templates only) **Auto-assign public IP**: Specify whether your instance receives a public IPv4 address. By default, instances in a default subnet receive a public IPv4 address and instances in a nondefault subnet do not. You can select **Enable** or **Disable** to override the subnet's default setting. For more information, see [Public IPv4 addresses](using-instance-addressing.md#concepts-public-addresses). + **Primary IP**: A private IPv4 address from the range of your subnet. Leave blank to let Amazon EC2 choose a private IPv4 address for you. + **Secondary IP**: Additional private IPv4 addresses from the range of your subnet. Choose **Manually assign** and enter an IPv4 address. Choose **Add IP** to add another IPv4 address. Alternatively, choose **Automatically assign** and enter a value to indicate the number of IPv4 addresses that Amazon EC2 chooses for you. + (IPv6-only) **IPv6 IPs**: IPv6 addresses from the range of the subnet. Choose **Manually assign** and enter an IPv6 address. Choose **Add IP** to add another IPv6 address. Alternatively, choose **Automatically assign** and enter a value to indicate the number of IPv6 addresses that Amazon EC2 chooses for you. + **IPv4 Prefixes**: The IPv4 prefixes for the network interface. Choose **Manually assign** and enter an IPv4 prefix. Alternatively, choose **Automatically assign** and enter a value to indicate the number of IPv4 prefixes that Amazon EC2 chooses for you. + **IPv6 Prefixes**: The IPv6 prefixes for the network interface. Choose **Manually assign** and enter an IPv6 prefix. Alternatively, choose **Automatically assign** and enter a value to indicate the number of IPv6 prefixes that Amazon EC2 chooses for you. + (Dual-stack and IPv6-only) **Assign Primary IPv6 IP**: If you select a dual-stack or IPv6-only subnet, assign a primary IPv6 address. This helps prevent disruptions to traffic to the instance or network interface. Enable this option if you rely on the IPv6 address not changing. You can't remove the primary IPv6 address later on. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA becomes the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with a network interface and you let Amazon EC2 assign a primary IPv6 address, the first IPv6 GUA address associated with the network interface is the primary IPv6 address. + **Delete on termination**: Indicates whether the network interface is deleted when the instance is deleted. + **Interface type**: The network interface type: + **ENA**: A high-performance network interface designed to handle high throughput and packet-per-second rates for TCP/IP protocols while minimizing CPU usage. This is the default value. For more information about ENA, see [Elastic Network Adapter](enhanced-networking-ena.md). + **EFA with ENA**: A network interface that supports both ENA and EFA devices for traditional TCP/IP based transport along with SRD based transport. For more information about EFA, see [Elastic Fabric Adapter](efa.md). + **EFA-only**: A high-performance network interface designed to handle high throughput, low latency inter-node communication for SRD based transport while bypassing the operating system stack. EFA-only network interfaces do not support IP addresses. For more information about EFA, see [Elastic Fabric Adapter](efa.md). + **Elastic Fabric Adapter**: Indicates whether the network interface is an Elastic Fabric Adapter. For more information, see [Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2](efa.md). + **Network card index**: The index of the network card. The primary network interface must be assigned to network card index 0. Some instance types support [multiple network cards](using-eni.md#network-cards). + **ENA Express**: ENA Express is powered by AWS Scalable Reliable Datagram (SRD) technology. SRD technology uses a packet spraying mechanism to distribute load and avoid network congestion. Enabling ENA Express allows supported instances to communicate using SRD on top of regular TCP traffic when possible. The launch instance wizard or launch template does not include ENA Express configuration for the instance unless you select **Enable** or **Disable** from the list. + **ENA Express UDP**: If you've enabled ENA Express, you can optionally use it for UDP traffic. The launch instance wizard or launch template does not include ENA Express configuration for the instance unless you select **Enable** or **Disable**. ## Configure storage The AMI you selected includes one or more volumes of storage, including the root volume. You can specify additional volumes to attach to the instance. (Launch instance wizard only) You can use the **Simple** or **Advanced** view. With the **Simple** view, you specify the size and type of the volume. To specify all volume parameters, choose the **Advanced** view (at top right of the card). By using the **Advanced** view, you can configure each volume as follows: + **Storage type**: Select Amazon EBS or instance store volumes to associate with your instance. The volume types available in the list depend on the instance type that you've chosen. For more information, see [Instance store temporary block storage for EC2 instances](InstanceStorage.md) and [Amazon EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volumes.html). + **Device name**: Select from the list of available device names for the volume. + **Snapshot**: Select the snapshot from which to restore the volume. You can search for available shared and public snapshots by entering text into the **Snapshot** field. + **Size (GiB)**: For EBS volumes, you can specify a storage size. + **Volume type**: For EBS volumes, select a volume type. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide*. + **IOPS**: If you have selected the io1, io2 , or or gp3 volume type, then you can enter the number of I/O operations per second (IOPS) that the volume can support. Required for io1, io2, and gp3 volumes. Not supported for gp2, st1, sc1, or standard volumes. If you omit this paramater for the launch template, you must specify a value for it when you launch an instance from the launch template. + **Delete on termination**: For Amazon EBS volumes, choose **Yes** to delete the volume when the instance is terminated, or choose **No** to keep the volume. For more information, see [Preserve data when an instance is terminated](preserving-volumes-on-termination.md). + **Encrypted**: If the instance type supports EBS encryption, you can choose **Yes** to enable encryption for the volume. If you have enabled encryption by default in this Region, encryption is enabled for you. For more information, see [Amazon EBS encryption](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html) in the *Amazon EBS User Guide*. + **KMS key**: If you selected **Yes** for **Encrypted**, then you must select a customer managed key to use to encrypt the volume. If you have enabled encryption by default in this Region, the default customer managed key is selected for you. You can select a different key or specify the ARN of any customer managed key that you created. + **Throughput**: If you have selected the `gp3` volume type, then you can enter the throughput, in MiB/s, that the volume can support. + **Volume initialization rate**: If you have selected a snapshot, you can optionally specify the volume initialization rate, in MiB/s, at which the snapshot blocks are to be downloaded from Amazon S3 to the volume. For more information, see [ Use an Amazon EBS Provisioned Rate for Volume Initialization](https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html#volume-initialization-rate). To use the default initialization rate or fast snapshot restore (if it is enabled for the selected snapshot), don't specify a rate. + **File systems**: Mount an Amazon EFS or Amazon FSx file system to the instance. For more information about mounting an Amazon EFS file system, see [Use Amazon EFS with Amazon EC2 Linux instances](AmazonEFS.md). For more information about mounting an Amazon FSx file system, see [Use Amazon FSx with Amazon EC2 instances](storage_fsx.md) ## Advanced details For **Advanced details**, expand the section to view the fields and specify any additional parameters for the instance. + (Launch instance wizard only) **Domain join directory**: Select the Directory Service directory (domain) to which your instance is joined to after launch. If you select a domain, you must select an IAM role with the required permissions. For more information about domain joining, see [Seamlessly join an Amazon EC2 Linux instance to your AWS Managed Microsoft AD directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/seamlessly_join_linux_instance.html) (Linux instances) and [Seamlessly join an Amazon EC2 Windows instance to your AWS Managed Microsoft AD directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html) (Windows instances). + **IAM instance profile**: Select an IAM instance profile to associate with the instance. This is a container for an IAM role. For more information, see [IAM roles for Amazon EC2](iam-roles-for-amazon-ec2.md). + **Hostname type**: Select whether the guest OS hostname of the instance will include the resource name or the IP name. For more information, see [EC2 instance hostnames and domains](ec2-instance-naming.md). + **DNS Hostname**: Determines if the DNS queries to the resource name or the IP name (depending on what you selected for **Hostname type**) will respond with the IPv4 address (A record), IPv6 address (AAAA record), or both. For more information, see [EC2 instance hostnames and domains](ec2-instance-naming.md). + **Instance auto-recovery**: When enabled, recovers your instance if system status checks fail. This setting is enabled by default at launch for supported instance types. For more information, see [Configure simplified automatic recovery on an Amazon EC2 instance](instance-configuration-recovery.md). + **Shutdown behavior**: Select whether the instance should stop or terminate when shut down. For more information, see [Change instance initiated shutdown behavior](Using_ChangingInstanceInitiatedShutdownBehavior.md). + **Stop - Hibernate behavior**: To enable hibernation, choose **Enable**. This field is available only if your instance meets the hibernation prerequisites. For more information, see [Hibernate your Amazon EC2 instance](Hibernate.md). + **Termination protection**: To prevent accidental termination, choose **Enable**. For more information, see [Change instance termination protection](Using_ChangingDisableAPITermination.md). + **Stop protection**: To prevent accidental stopping, choose **Enable**. For more information, see [Enable stop protection](ec2-stop-protection.md). + **Detailed CloudWatch monitoring**: Choose **Enable** to turn on detailed monitoring of your instance using Amazon CloudWatch. Additional charges apply. For more information, see [Monitor your instances using CloudWatch](using-cloudwatch.md). + **Credit specification**: Choose **Unlimited** to enable applications to burst beyond the baseline for as long as needed. This field is only valid for **T** instances. Additional charges may apply. For more information, see [Burstable performance instances](burstable-performance-instances.md). + **Placement group**: Specify a placement group in which to launch the instance. You can select an existing placement group, or create a new one. Not all instance types support launching an instance in a placement group. For more information, see [Placement groups for your Amazon EC2 instances](placement-groups.md). + **EBS-optimized instance**: An instance that's optimized for Amazon EBS uses an optimized configuration stack and provides additional, dedicated capacity for Amazon EBS I/O. If the instance type supports this feature, choose **Enable** to enable it. Additional charges apply. For more information, see [Amazon EBS-optimized instance types](ebs-optimized.md). + **Instance bandwidth configuration**: You can boost either your networking bandwidth or your EBS bandwidth. For supported instance types only. For more information, see [EC2 instance bandwidth weighting configuration](configure-bandwidth-weighting.md). + **Purchasing option**: Choose **Spot Instances** to request Spot Instances at the Spot price, capped at the On-Demand price, and choose **Customize Spot Instance options** to change the default Spot Instance settings. You can set your maximum price (not recommended), and change the request type, request duration, and interruption behavior. If you do not request a Spot Instance, Amazon EC2 launches an On-Demand Instance by default. For more information, see [Manage your Spot Instances](using-spot-instances-request.md). + **Capacity Reservation**: Specify whether to launch the instance into any open Capacity Reservation (**Open**), a specific Capacity Reservation (**Target by ID**), or a Capacity Reservation group (**Target by group**). To specify that a Capacity Reservation should not be used, choose **None**. For more information, see [Launch instances into an existing Capacity Reservation](capacity-reservations-launch.md). + **Tenancy**: Choose whether to run your instance on shared hardware (**Shared**), isolated, dedicated hardware (**Dedicated**), or on a Dedicated Host (**Dedicated host**). If you choose to launch the instance onto a Dedicated Host, you can specify whether to launch the instance into a host resource group or you can target a specific Dedicated Host. Additional charges may apply. For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md) and [Amazon EC2 Dedicated Hosts](dedicated-hosts-overview.md). + **RAM disk ID**: (Only valid for paravirtual (PV) AMIs) Select a RAM disk for the instance. If you have selected a kernel, you might need to select a specific RAM disk with the drivers to support it. + **Kernel ID**: (Only valid for paravirtual (PV) AMIs) Select a kernel for the instance. + **Nitro Enclave**: Allows you to create isolated execution environments, called enclaves, from Amazon EC2 instances. Select **Enable** to enable the instance for AWS Nitro Enclaves. For more information, see [What is AWS Nitro Enclaves?](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) in the *AWS Nitro Enclaves User Guide*. + **License configurations**: You can launch instances against the specified license configuration to track your license usage. For more information, see [Create a license configuration](https://docs.aws.amazon.com/license-manager/latest/userguide/create-license-configuration.html) in the *AWS License Manager User Guide*. + **Specify CPU options**: In the launch instance wizard, this field is only visible if the selected instance type supports specifying CPU options. Choose **Specify CPU options** to specify a custom number of vCPUs during launch. Set the number of CPU cores and threads per core. For more information, see [CPU options for Amazon EC2 instances](instance-optimize-cpu.md). + **Metadata accessible**: You can enable or disable access to the Instance Metadata Service (IMDS). For more information, see [Configure instance metadata options for new instances](configuring-IMDS-new-instances.md). + **Metadata IPv6 endpoint**: You can enable the instance to use the IMDS IPv6 address `[fd00:ec2::254]` to retrieve instance metadata. This option is only available if you are launching [Nitro-based instances](instance-types.md#instance-hypervisor-type) into an [IPv6-supported subnet](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-ip-address-range) (dual stack or IPv6 only). For more information about retrieving instance metadata, see [Access instance metadata for an EC2 instance](instancedata-data-retrieval.md). + **Metadata version**: If you enable access to the IMDS, you can choose to require the use of Instance Metadata Service Version 2 when requesting instance metadata. For more information, see [Configure instance metadata options for new instances](configuring-IMDS-new-instances.md). + **Metadata response hop limit**: If you enable the IMDS, you can set the allowable number of network hops for the metadata token. For more information, see [Configure instance metadata options for new instances](configuring-IMDS-new-instances.md). + **Allow tags in metadata**: If you select **Enable**, the instance will allow access to all of its tags from its metadata. If no value is specified, then by default, access to the tags in instance metadata is not allowed. For more information, see [Enable access to tags in instance metadata](work-with-tags-in-IMDS.md#allow-access-to-tags-in-IMDS). + **User data**: You can specify user data to configure an instance during launch, or to run a configuration script. For more information about user data for Linux instances, see [Run commands when you launch an EC2 instance with user data input](user-data.md). For more information about user data for Windows instances, see [How Amazon EC2 handles user data for Windows instances](user-data.md#ec2-windows-user-data). ## Summary Use the **Summary** panel to specify the number of instances to launch, to review your instance configuration, and to launch your instances. + **Number of instances**: Enter the number of instances to launch. All of the instances will launch with the same configuration. **Tip** To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances. + (Optional) If you specify more than one instance, to help ensure that you maintain the correct number of instances to handle demand on your application, you can choose **consider EC2 Auto Scaling** to create a launch template and an Auto Scaling group. Auto Scaling scales the number of instances in the group according to your specifications. For more information, see the [Amazon EC2 Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/). **Note** If Amazon EC2 Auto Scaling marks an instance that is in an Auto Scaling group as unhealthy, the instance is automatically scheduled for replacement where it is terminated and another is launched, and you lose your data on the original instance. An instance is marked as unhealthy if you stop or reboot the instance, or if another event marks the instance as unhealthy. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + Review the details of your instance, and make any necessary changes. You can navigate directly to a section by choosing its link in the **Summary** panel. + When you're ready to launch your instance, choose **Launch instance**. # Launch an EC2 instance using the launch instance wizard in the console Launch using the launch instance wizard You can launch an Amazon EC2 instance using the launch instance wizard in the Amazon EC2 console. The wizard provides default values for the launch parameters, which you can either accept or modify to suit your requirements. The only parameter that is not specified is the key pair. If you choose to accept the default values, you can quickly launch an instance by selecting only a key pair. **Important** You incur charges for the instance while the instance is in the `running` state, even if it remains idle. However, if you qualify for the Free Tier, you might not incur charges. For more information, see [Track your Free Tier usage for Amazon EC2](ec2-free-tier-usage.md). For a description of each parameter in the launch instance wizard, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). **Topics** + [ ## Quickly launch an instance ](#liw-quickly-launch-instance) + [ ## Launch an instance using defined parameters ](#liw-launch-instance-with-defined-parameters) ## Quickly launch an instance To set up an instance quickly for testing purposes, follow these steps. You'll select the operating system and your key pair, and accept the default values. Except for the key pair, the launch instance wizard provides default values for all of the parameters. You can accept any or all of the defaults, or configure an instance by specifying your own values for each parameter. For a description of each parameter in the launch instance wizard, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). **To quickly launch an instance using the launch instance wizard** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, the current AWS Region is displayed (for example, US East (Ohio)). If needed, select a different Region in which to launch the instance. 1. From the Amazon EC2 console dashboard, choose **Launch instance**. 1. (Optional) Under **Name and tags**, for **Name**, enter a descriptive name for your instance. 1. Under **Application and OS Images (Amazon Machine Image)**, choose **Quick Start**, and then choose the operating system (OS) for your instance. 1. Under **Key pair (login)**, for **Key pair name**, choose an existing key pair or create a new one. 1. In the **Summary** panel, choose **Launch instance**. ## Launch an instance using defined parameters If you're launching an instance that you'll use in production, you'll need to configure the instance to suit your requirements. For a description of each parameter in the launch instance wizard, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). **To launch an instance by defining all the launch parameters using the launch instance wizard** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, the current AWS Region is displayed (for example, US East (Ohio)). If needed, select a different Region in which to launch the instance. 1. From the Amazon EC2 console dashboard, choose **Launch instance**. 1. (Optional) Under **Name and tags**, for **Name**, enter a descriptive name for your instance so that you can easily keep track of it. The instance name is a tag, where the key is **Name**, and the value is the name that you specify. 1. Under **Application and OS Images (Amazon Machine Image)**, choose the operating system (OS) for your instance, and then choose an AMI. An AMI is a template that contains the operating system and software required to launch your instance. 1. Under **Instance type**, choose an instance type. The instance type determines the hardware configuration (CPU, memory, storage, and networking capacity) and size of the host computer used for your instance. If you're not sure which instance type to choose, you can do the following: + Choose **Compare instance types** to compare different instance types by the following attributes: number of vCPUs, architecture, amount of memory (GiB), amount of storage (GB), storage type, and network performance. + Choose **Get advice** to get guidance and suggestions for instance types from the EC2 instance type finder. For more information, see [Get recommendations from EC2 instance type finder](get-ec2-instance-type-recommendations.md). **Note** Depending on when you created your account, you might be able to use instance types for free under the Free Tier. These instance types are labeled **Free tier eligible**. If your created your AWS account before July 15, 2025 and it's less than 12 months old, you can use Amazon EC2 under the Free Tier by selecting the **t2.micro** instance type, or the **t3.micro** instance type in Regions where **t2.micro** is unavailable. Be aware that when you launch a **t3.micro** instance, it defaults to [**Unlimited** mode](burstable-performance-instances-unlimited-mode.md), which might incur additional charges based on CPU usage. If you created your AWS account on or after July 15, 2025, you can use **t3.micro**, **t3.small**, **t4g.micro**, **t4g.small**, **c7i-flex.large**, and **m7i-flex.large** instance types for 6 months or until your credits are used up. For more information, see [Free Tier benefits before and after July 15, 2025](ec2-free-tier-usage.md#ec2-free-tier-comparison). 1. Under **Key pair (login)**, for **Key pair name**, choose an existing key pair or create a new one. If you do not require a key pair to connect to your instance, you can choose **Proceed without a key pair (not recommended)**. 1. Under **Network settings**, you can keep the defaults if you're launching a test instance. If you're launching a production instance, it's best practice to control traffic into and out of your instance using network settings and security groups that you define. 1. Under **Configure storage**, you can keep the defaults or specify additional storage. The AMI you selected includes one or more volumes of storage, including the root volume. You can specify additional volumes to attach to the instance. You can use the **Simple** or **Advanced** view. With the **Simple** view, you specify the size and type of the volume. To specify all volume parameters, choose the **Advanced** view (at top right of the card). 1. For **Advanced details**, expand the section to view the fields and specify any additional parameters for your instance. 1. In the **Summary** panel, you can do the following: 1. Specify the number of instances to launch. 1. Review your instance configuration, and navigate directly to a section by choosing its link. 1. When you're ready to launch your instance, choose **Launch instance**. If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). 1. (Optional) You can create a billing alert for the instance. On the confirmation screen, under **Next Steps**, choose **Create billing alerts** and follow the directions. Billing alerts can also be created after you launch the instance. For more information, see [Creating a billing alarm to monitor your estimated AWS charges](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html) in the *Amazon CloudWatch User Guide*. # Launch EC2 instances using a launch template Launch using a launch template An Amazon EC2 launch template stores instance launch parameters so that you don't have to specify them every time you launch an instance. Several instance launch services can optionally use launch templates when launching instances, while for other services, like EC2 Fleet, instances can't be launched unless a launch template is used. This topic describes how to use a launch template when launching an instance using the EC2 launch instance wizard, Amazon EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. For more information about launch templates, including how to create a launch template, see [Store instance launch parameters in Amazon EC2 launch templates](ec2-launch-templates.md). **Topics** + [ ## Launch an Amazon EC2 instance using a launch template ](#launch-instance-from-launch-template) + [ ## Launch instances in an Amazon EC2 Auto Scaling group using a launch template ](#launch-templates-as) + [ ## Launch an EC2 Fleet using a launch template ](#launch-templates-ec2-fleet) + [ ## Launch a Spot Fleet using a launch template ](#launch-templates-spot-fleet) ## Launch an Amazon EC2 instance using a launch template You can use the parameters contained in a launch template to launch an Amazon EC2 instance. After selecting the launch template, but before launching the instance, you can modify the launch parameters. Instances that are launched using a launch template are automatically assigned two tags with the keys `aws:ec2launchtemplate:id` and `aws:ec2launchtemplate:version`. You can't remove or edit these tags. ------ #### [ Console ] **To launch an instance using a launch template** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Use one of the following options to select the launch template: + From the Amazon EC2 console dashboard, choose the down arrow next to **Launch instance**, choose **Launch instance from template**, and then for **Source template**, select a launch template. + In the navigation pane, choose **Launch Templates**, select the launch template, and choose **Actions**, **Launch instance from template**. 1. For **Source template version**, select the launch template version to use. 1. (Optional) You can modify the values for any of the launch parameters. If you don't modify a value, the value defined by the launch template is used. If no value was specified in the launch template, the default value for the parameter is used. 1. In the **Summary** panel, for **Number of instances**, specify the number of instances to launch. 1. Choose **Launch instance**. If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). ------ #### [ AWS CLI ] **To launch an instance from a launch template** + Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command and specify the `--launch-template` parameter. Optionally specify the launch template version to use. If you don't specify the version, the default version is used. ``` aws ec2 run-instances \ --launch-template LaunchTemplateId=lt-0abcd290751193123,Version=1 ``` + To override a launch template parameter, specify the parameter in the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command. The following example overrides the instance type that's specified in the launch template (if any). ``` aws ec2 run-instances \ --launch-template LaunchTemplateId=lt-0abcd290751193123 \ --instance-type t2.small ``` + If you specify a nested parameter that's part of a complex structure, the instance is launched using the complex structure as specified in the launch template plus any additional nested parameters that you specify. In the following example, the instance is launched with the tag `Owner=TeamA` as well as any other tags that are specified in the launch template. If the launch template has an existing tag with a key of `Owner`, the value is replaced with `TeamA`. ``` aws ec2 run-instances \ --launch-template LaunchTemplateId=lt-0abcd290751193123 \ --tag-specifications "ResourceType=instance,Tags=[{Key=Owner,Value=TeamA}]" ``` In the following example, the instance is launched with a volume with the device name *`/dev/xvdb`* as well as any other block device mappings that are specified in the launch template. If the launch template has an existing volume defined for *`/dev/xvdb`*, its values are replaced with the specified values. ``` aws ec2 run-instances \ --launch-template LaunchTemplateId=lt-0abcd290751193123 \ --block-device-mappings "DeviceName=/dev/xvdb,Ebs={VolumeSize=20,VolumeType=gp2}" ``` If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). ------ #### [ PowerShell ] **To launch an instance from a launch template using the AWS Tools for PowerShell** + Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/Index.html) command and specify the `-LaunchTemplate` parameter. Optionally specify the launch template version to use. If you don't specify the version, the default version is used. ``` Import-Module AWS.Tools.EC2 New-EC2Instance ` -LaunchTemplate ( New-Object -TypeName Amazon.EC2.Model.LaunchTemplateSpecification -Property @{ LaunchTemplateId = 'lt-0abcd290751193123'; Version = '4' } ) ``` + To override a launch template parameter, specify the parameter in the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/Index.html) command. The following example overrides the instance type that's specified in the launch template (if any). ``` Import-Module AWS.Tools.EC2 New-EC2Instance ` -InstanceType t4g.small ` -LaunchTemplate ( New-Object -TypeName Amazon.EC2.Model.LaunchTemplateSpecification -Property @{ LaunchTemplateId = 'lt-0abcd290751193123'; Version = '4' } ) ``` + If you specify a nested parameter that's part of a complex structure, the instance is launched using the complex structure as specified in the launch template plus any additional nested parameters that you specify. In the following example, the instance is launched with the tag `Owner=TeamA` as well as any other tags that are specified in the launch template. If the launch template has an existing tag with a key of `Owner`, the value is replaced with `TeamA`. ``` Import-Module AWS.Tools.EC2 New-EC2Instance ` -InstanceType t4g.small ` -LaunchTemplate ( New-Object -TypeName Amazon.EC2.Model.LaunchTemplateSpecification -Property @{ LaunchTemplateId = 'lt-0abcd290751193123'; Version = '4' } ) ` -TagSpecification ( New-Object -TypeName Amazon.EC2.Model.TagSpecification -Property @{ ResourceType = 'instance'; Tags = @( @{key = "Owner"; value = "TeamA" }, @{key = "Department"; value = "Operations" } ) } ) ``` In the following example, the instance is launched with a volume with the device name *`/dev/xvdb`* as well as any other block device mappings that are specified in the launch template. If the launch template has an existing volume defined for *`/dev/xvdb`*, its values are replaced with the specified values. ``` Import-Module AWS.Tools.EC2 New-EC2Instance ` -InstanceType t4g.small ` -LaunchTemplate ( New-Object -TypeName Amazon.EC2.Model.LaunchTemplateSpecification -Property @{ LaunchTemplateId = 'lt-0abcd290751193123'; Version = '4' } ) ` -BlockDeviceMapping ( New-Object -TypeName Amazon.EC2.Model.BlockDeviceMapping -Property @{ DeviceName = '/dev/xvdb'; EBS = ( New-Object -TypeName Amazon.EC2.Model.EbsBlockDevice -Property @{ VolumeSize = 25; VolumeType = 'gp3' } ) } ) ``` If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). ------ ## Launch instances in an Amazon EC2 Auto Scaling group using a launch template You can create an Auto Scaling group and specify a launch template to use for the group. When Amazon EC2 Auto Scaling launches instances in the Auto Scaling group, it uses the launch parameters defined in the associated launch template. Before you can create an Auto Scaling group using a launch template, you must first create a launch template that includes the parameters required to launch an instance in an Auto Scaling group. Some parameters are required, such as the ID of the AMI, and some parameters are not available to use with an Auto Scaling group. The console provides guidance to help you create a template that you can use with Amazon EC2 Auto Scaling. **To create an Auto Scaling group with a launch template using the console** + For the instructions, see [Create an Auto Scaling group using a launch template]() in the *Amazon EC2 Auto Scaling User Guide*. **To create or update an Auto Scaling group with a launch template using the AWS CLI** + Use the [create-auto-scaling-group](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/create-auto-scaling-group.html) or the [update-auto-scaling-group](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/update-auto-scaling-group.html) command and specify the `--launch-template` parameter. For more information, see the following topics in the *Amazon EC2 Auto Scaling User Guide*: + [Create a launch template for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) + [Create a launch template using advanced settings](https://docs.aws.amazon.com/autoscaling/ec2/userguide/advanced-settings-for-your-launch-template.html) + [Examples for creating and managing launch templates with the AWS Command Line Interface (AWS CLI)](https://docs.aws.amazon.com/autoscaling/ec2/userguide/examples-launch-templates-aws-cli.html) – Provides examples that show how to create launch templates with various parameter combinations. + [Create Auto Scaling groups using launch templates](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-auto-scaling-groups-launch-template.html) + [Update an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/update-auto-scaling-group.html) ## Launch an EC2 Fleet using a launch template A launch template is a requirement when creating an EC2 Fleet request. When Amazon EC2 fulfills the EC2 Fleet request, it uses the launch parameters defined in the associated launch template. You can override some of the parameters that are specified in the launch template. For more information, see [Create an EC2 Fleet](create-ec2-fleet.md). **To create an EC2 Fleet with a launch template using the AWS CLI** + Use the [create-fleet](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-fleet.html) command. Use the `--launch-template-configs` parameter to specify the launch template and any overrides for the launch template. ## Launch a Spot Fleet using a launch template A launch template is optional when creating a Spot Fleet request. If you don't use a launch template, you can manually specify the launch parameters. If you use a launch template, when Amazon EC2 fulfills the Spot Fleet request, it uses the launch parameters defined in the associated launch template. You can override some of the parameters that are specified in the launch template. For more information, see [Create a Spot Fleet](create-spot-fleet.md). **To create a Spot Fleet request using a launch template** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Spot Requests**. 1. Choose **Request Spot Instances**. 1. Under **Launch parameters**, choose **Use a launch template**. 1. For **Launch template**, choose a launch template, and then, from the field to the right, choose the launch template version. 1. Configure your Spot Fleet by selecting different options on this screen. For more information about the options, see [Create a Spot Fleet request using defined parameters](create-spot-fleet.md#create-spot-fleet-advanced). 1. When you're ready to create your Spot Fleet, choose **Launch**. **To create a Spot Fleet request using a launch template** + Use the [request-spot-fleet](https://docs.aws.amazon.com/cli/latest/reference/ec2/request-spot-fleet.html) command. Use the `LaunchTemplateConfigs` parameter to specify the launch template and any overrides for the launch template. # Launch an EC2 instance using details from an existing instance Launch from an existing instance The Amazon EC2 console provides a **Launch more like this** option that enables you to use a current instance as a base for launching other instances. This option automatically populates the Amazon EC2 launch instance wizard with certain configuration details from the selected instance. **Considerations** + We do not clone your instances; we only replicate some of the configuration details. To create a copy of your instance, first create an AMI from it, then launch more instances from the AMI. Create a [launch template](ec2-launch-templates.md) to ensure that you launch your instances using the same launch details. + The current instance must be in the `running` state. **Copied details** The following configuration details are copied from the selected instance into the launch instance wizard: + AMI ID + Instance type + Availability Zone, or the VPC and subnet in which the selected instance is located + Public IPv4 address. If the selected instance currently has a public IPv4 address, the new instance receives a public IPv4 address, regardless of the selected instance's default public IPv4 address setting. For more information about public IPv4 addresses, see [Public IPv4 addresses](using-instance-addressing.md#concepts-public-addresses). + Placement group, if applicable + IAM role associated with the instance, if applicable + Shutdown behavior setting (stop or terminate) + Termination protection setting (true or false) + CloudWatch monitoring (enabled or disabled) + Amazon EBS-optimization setting (true or false) + Tenancy setting, if launching into a VPC (shared or dedicated) + Kernel ID and RAM disk ID, if applicable + User data, if specified + Tags associated with the instance, if applicable + Security groups associated with the instance + [Windows instances] Association information. If the selected instance is associated with a configuration file, the same file is automatically associated with the new instance. If the configuration file includes a joined domain configuration, the new instance is joined to the same domain. For more information about joining a domain, see [Seamlessly join a Windows EC2 instance to your AWS Managed Microsoft AD Active Directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html) in the *AWS Directory Service Administration Guide*. **Details not copied** The following configuration details are not copied from your selected instance. Instead, the wizard applies their default settings or behavior: + Number of network interfaces – The default is one network interface, which is the primary network interface (eth0). + Storage – The default storage configuration is determined by the AMI and the instance type. **To launch more instances like an existing instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select an instance, and then choose **Actions**, **Images and templates**, **Launch more like this**. 1. The launch instance wizard opens. You can make any necessary changes to the instance configuration by selecting different options on this screen. When you are ready to launch your instance, choose **Launch instance**. 1. If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). # Launch an Amazon EC2 instance from an AWS Marketplace AMI Launch from an AWS Marketplace AMI You can subscribe to an AWS Marketplace AMI and launch an instance from it using the Amazon EC2 console or a command line tool. For more information about AWS Marketplace AMIs, see [Paid AMIs in the AWS Marketplace for Amazon EC2 instances](paid-amis.md). To cancel your subscription to the AMI after launch, you must first terminate all instances that were launched from the AMI. For more information, see [Manage your AWS Marketplace subscriptions](marketplace-manage-subscriptions.md). **To launch an instance from an AWS Marketplace AMI using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the Amazon EC2 console dashboard, choose **Launch instance**. 1. (Optional) Under **Name and tags**, for **Name**, enter a descriptive name for your instance. 1. Under **Application and OS Images (Amazon Machine Image)**, choose **Browse more AMIs**, and then choose the **AWS Marketplace AMIs** tab. Find a suitable AMI by browsing the categories or using the search functionality. To choose a product, choose **Select**. 1. A window opens with an overview of the product you've selected. You can view the pricing information, as well as any other information that the vendor has provided. When you're ready, choose **Subscribe and launch**. This will start your subscription immediately. While the subscription is underway, you can configure the instance by continuing with the steps in this procedure. If there are any problems with your credit card details, you will be asked to update your account details. **Note** You're not charged for using the product until you have launched an instance with the AMI. Take note of the pricing for each supported instance type when you select an instance type. Additional taxes might also apply to the product. 1. For **Instance type**, select an instance type for your instance. The instance type defines the hardware configuration and size of the instance to launch. 1. Under **Key pair (login)**, for **Key pair name**, choose an existing key pair or create a new one. 1. Under **Network settings**, for **Firewall (security groups)**, take note of the new security group that was created according to the vendor's specifications for the product. The security group might include rules that allow all IPv4 addresses (`0.0.0.0/0`) access on SSH (port 22) on Linux or RDP (port 3389) on Windows. We recommend that you adjust these rules to allow only a specific address or range of addresses to access your instance over those ports. 1. You can use the other fields on the screen to configure your instance, add storage, and add tags. For information about the different options that you can configure, see [Reference for Amazon EC2 instance configuration parameters](ec2-instance-launch-parameters.md). 1. In the **Summary** panel, under **Software Image (AMI)**, check the details of the AMI from which you're about to launch the instance. Also check the other configuration details that you specified. When you're ready to launch your instance, choose **Launch instance**. 1. Depending on the product you've subscribed to, the instance might take a few minutes or more to launch. If there are any problems with your credit card details, you will be asked to update your account details. When the launch confirmation page displays, choose **View all instances** to go to the **Instances** page. **Note** You are charged the subscription price as long as your instance is in the `running` state, even if it is idle. If your instance is stopped, you might still be charged for storage. 1. When your instance is in the `running` state, you can connect to it. To do this, select your instance in the list, choose **Connect**, and choose a connection option. For more information about connecting to your instance, see [Connect to your EC2 instance](connect.md). **Important** Check the vendor's usage instructions carefully, as you might need to use a specific username to connect to your instance. For information about accessing your subscription details, see [Manage your AWS Marketplace subscriptions](marketplace-manage-subscriptions.md). 1. If the instance fails to launch or the state immediately goes to `terminated` instead of `running`, see [Troubleshoot Amazon EC2 instance launch issues](troubleshooting-launch.md). **To launch an instance from an AWS Marketplace AMI using a command line tool** To launch instances from AWS Marketplace products using a command line tool, first ensure that you are subscribed to the product. You can then launch an instance with the product's AMI ID using the following methods: | Method | Documentation | | --- | --- | | AWS CLI | Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command, or see the following topic for more information: [Launch your instance](https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2-instances.html) in the *AWS Command Line Interface User Guide*. | | AWS Tools for Windows PowerShell | Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) command, or see the following topic for more information: [Launch an Amazon EC2 Instance Using Windows PowerShell](https://docs.aws.amazon.com/powershell/latest/userguide/pstools-ec2-launch.html) | | Query API | Use the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) request. | # Connect to your EC2 instance Connect to your instance Your Amazon EC2 instance is a virtual server in the AWS Cloud. To log on to your instance, you must establish a connection to the instance. How you connect to your instance depends on the operating system of the instance and the operating system on the computer that you use to connect to the instance. The following table details the requirements for each connection method. | Connection option | Instance operating system | Inbound traffic rule | IAM permissions | Instance profile role | Software on instance | Software on connecting system | Key pair | | --- | --- | --- | --- | --- | --- | --- | --- | | SSH client | Linux | Yes | No | No | No | Yes | Yes | | EC2 Instance Connect | Linux | Yes | Yes | No | Yes ¹ | No | No | | PuTTY | Linux | Yes | No | No | No | Yes | Yes | | RDP client | Windows | Yes | No | No | No | Yes | Yes ² | | Fleet Manager | Windows | No | Yes | Yes | Yes ¹ | No | Yes | | Session Manager | Linux, Windows | No | Yes | Yes | Yes ¹ | No | No | | EC2 Instance Connect Endpoint | Linux, Windows | Yes | Yes | No | No | No | No ³ | ¹ The required software is only pre-installed on certain AMIs. You can manually install the required software as needed on supported operating systems. ² The key pair is only required if you are using the randomly generated password for the local Administrator user account. ³ A key pair is required if you use the SSH connection method. For more information, see the documentation for the connection option that you intend to use. **Connection options** + [Connect to your Linux instance using an SSH client](connect-linux-inst-ssh.md) + [Connect to your Linux instance using PuTTY](connect-linux-inst-from-windows.md) + [Connect to your Windows instance using an RDP client](connect-rdp.md) + [Connect to your Windows instance using Fleet Manager](connect-rdp-fleet-manager.md) + [Connect using Session Manager](connect-with-systems-manager-session-manager.md) + [Connect using a public IP and EC2 Instance Connect](connect-linux-inst-eic.md) + [Connect using a private IP and EC2 Instance Connect Endpoint](connect-with-ec2-instance-connect-endpoint.md) # General connection prerequisites The following are general prerequisites to connect to an instance. Note that there might be additional prerequisites that are specific to the connection option that you choose. **General prerequisites** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](#connection-prereqs-fingerprint). ## Get the required instance details To prepare to connect to your instance, get the following information from the Amazon EC2 console or by using the command line. ![\[The Instances pane of the Amazon EC2 console.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/connection-prereqs-console2.png) + **Get the public DNS name of the instance.** You can get the public DNS for your instance from the Amazon EC2 console. Check the **Public IPv4 DNS** column of the **Instances** pane. If this column is hidden, choose the settings icon ( ![\[The gear icon.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/settings-icon.png) ) in the top-right corner of the screen, and select **Public IPv4 DNS**. You can also find the public DNS in the instance information section of the **Instances** pane. When you select the instance in the **Instances** pane of the Amazon EC2 console, information about that instance will appear on the lower half of the page. Under the **Details** tab, look for **Public IPv4 DNS**. If you prefer, you can use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) (AWS CLI) or [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) (AWS Tools for Windows PowerShell) commands. If no **Public IPv4 DNS** is displayed, verify that the **Instance state** is **Running**, and that you have not launched the instance in a private subnet. If you launched your instance using the [launch instance wizard](ec2-launch-instance-wizard.md), you may have edited the **Auto-assign public IP** field under **Network settings** and changed the value to **Disable**. If you disable the **Auto-assign public IP** option, the instance is not assigned a public IP address when it is launched. + **(IPv6 only instances) Get the IPv6 address of the instance.** If you assigned an IPv6 address to your instance, you can optionally connect to the instance using its IPv6 address instead of a public IPv4 address or public IPv4 DNS hostname. Your local computer must have an IPv6 address and must be configured to use IPv6. You can get the IPv6 address of your instance from the Amazon EC2 console. Check the **IPv6 IPs** column of the **Instances** pane. Or, you can find the IPv6 address in the instance information section. When you select the instance in the **Instances** pane of the Amazon EC2 console, information about that instance will appear on the lower half of the page. Under the **Details** tab, look for **IPv6 address**. If you prefer, you can use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) (AWS CLI) or [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) (AWS Tools for Windows PowerShell) commands. For more information about IPv6, see [IPv6 addresses](using-instance-addressing.md#ipv6-addressing). + **(Linux instances) Get the username for your instance.** You can connect to your instance using the username for your user account or the default username for the AMI that you used to launch your instance. + **Get the username for your user account.** For more information about how to create a user account, see [Manage system users on your Amazon EC2 Linux instance](managing-users.md). + **Get the default username for the AMI that you used to launch your instance.** + **Amazon Linux** – `ec2-user` + **CentOS** – `centos` or `ec2-user` + **Debian** – `admin` + **Fedora** – `fedora` or `ec2-user` + **FreeBSD** – `ec2-user` + **RHEL** – `ec2-user` or `root` + **SUSE** – `ec2-user` or `root` + **Ubuntu** – `ubuntu` + **Oracle** – `ec2-user` + **Bitnami** – `bitnami` + **Rocky Linux** – `rocky` + **Other** – Check with the AMI provider ## Locate the private key and set permissions You must know the location of your private key file to make the initial connection to a Linux instance using SSH or a Windows instances using RDP. For SSH connections, you must set file permissions so that only you can read the private key. For information about how key pairs work when using Amazon EC2, see [Amazon EC2 key pairs and Amazon EC2 instances](ec2-key-pairs.md). + **Locate the private key.** Get the fully-qualified path to the location on your computer of the `.pem` file for the key pair that you specified when you launched the instance. For more information, see [Identify the public key specified at launch](describe-keys.md#identify-key-pair-specified-at-launch). If you can't find your private key file, see [I've lost my private key. How can I connect to my instance?](TroubleshootingInstancesConnecting.md#replacing-lost-key-pair) (Linux instances) If you are connecting to your instance using PuTTY and need to convert the `.pem` file to `.ppk`, see [Convert your private key using PuTTYgen](connect-linux-inst-from-windows.md#putty-private-key). + **(Linux instances) Set the permissions of your private key so that only you can read it.** + **Connect from macOS or Linux** If you plan to use an SSH client on a macOS or Linux computer to connect to your Linux instance, use the following command to set the permissions of your private key file so that only you can read it. ``` chmod 400 key-pair-name.pem ``` If you do not set these permissions, then you cannot connect to your instance using this key pair. For more information, see [Error: Unprotected private key file](TroubleshootingInstancesConnecting.md#troubleshoot-unprotected-key). + **Connect from Windows** Open File Explorer and right-click on the `.pem` file. Select **Properties** > **Security tab** and choose **Advanced**. Choose **Disable inheritance**. Remove access to all users except for the current user. ## (Optional) Get the instance fingerprint To protect yourself from man-in-the-middle attacks, you can verify the authenticity of the instance you're about to connect to by verifying the fingerprint that is displayed. Verifying the fingerprint is useful if you launched your instance from a public AMI provided by a third party. **Task overview** First, get the instance fingerprint from the instance. Then, when you connect to the instance and are prompted to verify the fingerprint, compare the fingerprint you obtained in this procedure with the fingerprint that is displayed. If the fingerprints don't match, someone might be attempting a man-in-the-middle attack. If they match, you can confidently connect to your instance. **Prerequisites to get the instance fingerprint** + The instance must not be in the `pending` state. The fingerprint is available only after the first boot of the instance is complete. + You must be the instance owner to get the console output. + There are various ways to get the instance fingerprint. If you want to use the AWS CLI, it must be installed on your local computer. For information about installing the AWS CLI, see [Getting started with the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) in the *AWS Command Line Interface User Guide*. **To get the instance fingerprint** In Step 1, you get the console output, which includes the instance fingerprint. In Step 2, you find the instance fingerprint in the console output. 1. Get the console output using one of the following methods. ------ #### [ Console ] 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the left navigator, choose **Instances**. 1. Select your instance, and then choose **Actions**, **Monitor and troubleshoot**, **Get system log**. ------ #### [ AWS CLI ] On your local computer (not on the instance you're connecting to), use the [get-console-output](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-console-output.html) command. If the output is large, [you can pipe it to a text file](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output-format.html), where it might be easier to read. ``` aws ec2 get-console-output \ --instance-id i-1234567890abcdef0 \ --query Output \ --output text > temp.txt ``` ------ #### [ PowerShell ] On your local computer, use the following [Get-EC2ConsoleOutput](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2ConsoleOutput.html) cmdlet. ``` $encodedOutput = (Get-EC2ConsoleOutput -InstanceId i-1234567890abcdef0).Output [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encodedOutput)) ``` ------ 1. In the console output, find the instance (host) fingerprint, which is located under `BEGIN SSH HOST KEY FINGERPRINTS`. There might be several instance fingerprints. When you connect to your instance, it will display only one of the fingerprints. The exact output can vary by operating system, AMI version, and whether AWS created the key pairs. The following is example output. ``` ec2:############################################################# ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 256 SHA256:l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY no comment (ECDSA) ec2: 256 SHA256:kpEa+rw/Uq3zxaYZN8KT501iBtJOIdHG52dFi66EEfQ no comment (ED25519) ec2: 2048 SHA256:L8l6pepcA7iqW/jBecQjVZClUrKY+o2cHLI0iHerbVc no comment (RSA) ec2: -----END SSH HOST KEY FINGERPRINTS----- ec2: ############################################################# ``` **Note** You'll reference this fingerprint when you connect to the instance. # Connect to your Linux instance using SSH There are multiple ways to connect to your Linux instance using SSH. Some ways depend on the operating system of the local computer that you connect from. Other methods are browser-based, such as EC2 Instance Connect or AWS Systems Manager Session Manager, and can be used from any computer. You can use SSH to connect to your Linux instance and run commands, or use SSH to transfer files between your local computer and your instance. Before you connect to your Linux instance using SSH, complete the following prerequisites: + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). Then, choose from one of the following options to connect to your Linux instance using SSH. + [Connect using an SSH client](connect-linux-inst-ssh.md) + [Connect using PuTTY](connect-linux-inst-from-windows.md) + [Transfer files using SCP](linux-file-transfer-scp.md) If you can't connect to your instance and need help troubleshooting, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). # Connect to your Linux instance using an SSH client Connect using an SSH client You can use Secure Shell (SSH) to connect to your Linux instance from your local computer. For more information about other options, see [Connect to your EC2 instance](connect.md). **Note** If you receive an error while attempting to connect to your instance, make sure that your instance meets all of the [SSH connection prerequisites](#ssh-prereqs-linux-from-linux-macos). If it meets all of the prerequisites, and you're still not able to connect to your Linux instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **Topics** + [ ## SSH connection prerequisites ](#ssh-prereqs-linux-from-linux-macos) + [ ## Connect to your Linux instance using an SSH client ](#connect-linux-inst-sshClient) ## SSH connection prerequisites Before you can connect to your Linux instance using SSH, complete the following tasks. **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). **Allow inbound SSH traffic from your IP address.** Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). **Install an SSH client on your local computer (if needed).** Your local computer might have an SSH client installed by default. You can verify this by entering the following command in a terminal window. If your computer doesn't recognize the command, you must install an SSH client. ``` ssh ``` The following are some of the possible options for Windows. If your computer runs a different operating system, see the documentation for that operating system for SSH client options. ## Install OpenSSH on Windows After you install OpenSSH on Windows, you can connect to your Linux instance from your Windows computer using SSH. Before you begin, ensure that you meet the following requirements. **Windows version** The version of Windows on your computer must be Windows Server 2019 or later. For earlier versions of Windows, download and install [Win32-OpenSSH](https://github.com/PowerShell/Win32-OpenSSH/wiki) instead. **PowerShell requirements** To install OpenSSH on your Windows OS using PowerShell, you must be running PowerShell version 5.1 or later, and your account must be a member of the built-in Administrators group. Run `$PSVersionTable.PSVersion` from PowerShell to check your PowerShell version. To check whether you are a member of the built-in Administrators group, run the following PowerShell command: ``` (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) ``` If you are a member of the built-in Administrators group, the output is `True`. To install OpenSSH for Windows using PowerShell, run the following PowerShell command. ``` Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 ``` The following is example output. ``` Path : Online : True RestartNeeded : False ``` To uninstall OpenSSH from Windows using PowerShell, run the following PowerShell command. ``` Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 ``` The following is example output. ``` Path : Online : True RestartNeeded : True ``` ## Install Windows Subsystem for Linux (WSL) After you install WSL on Windows, you can connect to your Linux instance from your Windows computer using Linux command line tools, such as an SSH client. Follow the instructions in [Install Windows Subsystem for Linux on your EC2 Windows instance](install-wsl-on-ec2-windows-instance.md). If you follow the instructions in Microsoft's installation guide, they install the Ubuntu distribution of Linux. You can install a different Linux distribution if you prefer. In a WSL terminal window, copy the `.pem` file (for the key pair that you specified for your instance at launch) from Windows to WSL. Note the fully-qualified path to the `.pem` file on WSL to use when connecting to your instance. For information about how to specify the path to your Windows hard drive, see [How do I access my C drive?](https://learn.microsoft.com/en-us/windows/wsl/faq#how-do-i-access-my-c--drive-). ``` cp /mnt//path/my-key-pair.pem ~/WSL-path/my-key-pair.pem ``` For information about uninstalling Windows Subsystem for Linux, see [How do I uninstall a WSL Distribution?](https://learn.microsoft.com/en-us/windows/wsl/faq#how-do-i-uninstall-a-wsl-distribution-). ## Connect to your Linux instance using an SSH client Use the following procedure to connect to your Linux instance using an SSH client. **To connect to your instance using an SSH client** 1. Open a terminal window on your computer. 1. Use the **ssh** command to connect to the instance. You need the details about your instance that you gathered as part of the prerequisites. For example, you need the location of the private key (`.pem` file), the username, and the public DNS name or IPv6 address. The following are example commands. + (Public DNS) To use the public DNS name, enter the following command. ``` ssh -i /path/key-pair-name.pem instance-user-name@instance-public-dns-name ``` + (IPv6) Alternatively, if your instance has an IPv6 address, enter the following command to use the IPv6 address. ``` ssh -i /path/key-pair-name.pem instance-user-name@2001:db8::1234:5678:1.2.3.4 ``` The following is an example response. ``` The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (198-51-100-1)' can't be established. ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY. Are you sure you want to continue connecting (yes/no)? ``` 1. (Optional) Verify that the fingerprint in the security alert matches the fingerprint. If these fingerprints don't match, someone might be attempting a man-in-the-middle attack. If they match, continue to the next step. For more information, see [Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). 1. Enter **yes**. You see a response like the following: ``` Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (ECDSA) to the list of known hosts. ``` # Connect to your Linux instance using PuTTY Connect using PuTTY You can connect to your Linux instance using PuTTY, a free SSH client for Windows. If you're running Windows Server 2019 or later, we recommend that you use OpenSSH, an open source connectivity tool for remote login using the SSH protocol. **Note** If you receive an error while attempting to connect to your instance, make sure that your instance meets all of the [SSH connection prerequisites](connect-linux-inst-ssh.md#ssh-prereqs-linux-from-linux-macos). If it meets all of the prerequisites, and you're still not able to connect to your Linux instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **Topics** + [ ## Prerequisites ](#putty-prereqs) + [Convert your private key using PuTTYgen](#putty-private-key) + [ ## Connect to your Linux instance ](#putty-ssh) ## Prerequisites Before you connect to your Linux instance using PuTTY, complete the following tasks. **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). **Allow inbound SSH traffic from your IP address.** Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). **Install PuTTY on your local computer (if needed).** Download and install PuTTY from the [PuTTY download page](https://www.chiark.greenend.org.uk/~sgtatham/putty/). If you already have an earlier version of PuTTY installed, we recommend that you download the latest version. Be sure to install the entire suite. **Convert your private key to PPK format using PuTTYgen.** You must specify the private key for the key pair that you specified when you launched the instance. If you created the private key in .pem format, you must convert it to a PPK file for use with PuTTY. Locate the private key (.pem file), and then follow the steps in [Convert your private key using PuTTYgen](#putty-private-key). ## (Optional) Convert your private key using PuTTYgen Convert your private key using PuTTYgen PuTTY does not natively support the PEM format for SSH keys. PuTTY provides a tool named PuTTYgen, which converts PEM keys to the required PPK format for PuTTY. If you created the key using PEM format instead of PPK format, you must convert your private key (.pem file) into this format (.ppk file) for use with PuTTY. **To convert your private key from PEM to PPK format** 1. From the **Start** menu, choose **All Programs**, **PuTTY**, **PuTTYgen**. 1. Under **Type of key to generate**, choose **RSA**. If your version of PuTTYgen does not include this option, choose **SSH-2 RSA**. ![\[RSA key in PuTTYgen.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/puttygen-key-type.png) 1. Choose **Load**. By default, PuTTYgen displays only files with the extension `.ppk`. To locate your `.pem` file, choose the option to display files of all types. ![\[Select all file types.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/puttygen-load-key.png) 1. Select your `.pem` file for the key pair that you specified when you launched your instance and choose **Open**. PuTTYgen displays a notice that the `.pem` file was successfully imported. Choose **OK**. 1. To save the key in the format that PuTTY can use, choose **Save private key**. PuTTYgen displays a warning about saving the key without a passphrase. Choose **Yes**. **Note** A passphrase on a private key is an extra layer of protection. Even if your private key is discovered, it can't be used without the passphrase. The downside to using a passphrase is that it makes automation harder because human intervention is needed to log on to an instance, or to copy files to an instance. 1. Specify the same name for the key that you used for the key pair (for example, `key-pair-name`) and choose **Save**. PuTTY automatically adds the `.ppk` file extension. Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client. ## Connect to your Linux instance Use the following procedure to connect to your Linux instance using PuTTY. You need the `.ppk` file that you created for your private key. For more information, see [(Optional) Convert your private key using PuTTYgen](#putty-private-key) in the preceding section. If you receive an error while attempting to connect to your instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). **Last tested version** – PuTTY .78 **To connect to your instance using PuTTY** 1. Start PuTTY (from the **Start** menu, search for **PuTTY** and then choose **Open**). 1. In the **Category** pane, choose **Session** and complete the following fields: 1. In the **Host Name** box, do one of the following: + (Public DNS) To connect using your instance's public DNS name, enter *instance-user-name*@*instance-public-dns-name*. + (IPv6) Alternatively, if your instance has an IPv6 address, to connect using your instance's IPv6 address, enter *instance-user-name*@*2001:db8::1234:5678:1.2.3.4*. For information about how to get the username for your instance, and the public DNS name or IPv6 address of your instance, see [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). 1. Ensure that the **Port** value is 22. 1. Under **Connection type**, select **SSH**. ![\[PuTTY configuration - Session.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/putty-session-config.png) 1. (Optional) You can configure PuTTY to automatically send 'keepalive' data at regular intervals to keep the session active. This is useful to avoid disconnecting from your instance due to session inactivity. In the **Category** pane, choose **Connection**, and then enter the required interval in **Seconds between keepalives**. For example, if your session disconnects after 10 minutes of inactivity, enter 180 to configure PuTTY to send keepalive data every 3 minutes. 1. In the **Category** pane, expand **Connection**, **SSH**, and **Auth**. Choose **Credentials**. 1. Next to **Private key file for authentication**, choose **Browse**. In the **Select private key file** dialog box, select the `.ppk` file that you generated for your key pair. You can either double-click the file or choose **Open** in the **Select private key file** dialog box. 1. (Optional) If you plan to connect to this instance again after this session, you can save the session information for future use. In the **Category** pane, choose **Session**. Enter a name for the session in **Saved Sessions**, and then choose **Save**. 1. To connect to the instance, choose **Open**. 1. If this is the first time you have connected to this instance, PuTTY displays a security alert dialog box that asks whether you trust the host to which you are connecting. 1. (Optional) Verify that the fingerprint in the security alert dialog box matches the fingerprint that you previously obtained in [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). If these fingerprints don't match, someone might be attempting a "man-in-the-middle" attack. If they match, continue to the next step. 1. Choose **Accept**. A window opens and you are connected to your instance. **Note** If you specified a passphrase when you converted your private key to the PuTTY format, you must provide that passphrase when you log in to the instance. If you receive an error while attempting to connect to your instance, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). # Transfer files to a Linux instance using SCP Transfer files using SCP One way to transfer files between your local computer and a Linux instance is to use the secure copy protocol (SCP). SCP is a good option for simple operations, such as as one-time file copies. SCP secures files transfers using the same .pem file that you use to connect to an instance using SSH. If you need to keep files synchronized, or if the files are large, **rsync** is faster and more efficient than SCP. For security, use **rsync** over SSH, as **rsync** transfers data using plain text by default. Before you connect to your Linux instance using SCP, complete the following tasks: + **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). + **Allow inbound SSH traffic from your IP address.** Ensure that the security group associated with your instance allows incoming SSH traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). + **Install an SCP client.** Most Linux, Unix, and Apple computers include an SCP client by default. If yours doesn't, the OpenSSH project provides a free implementation of the full suite of SSH tools, including an SCP client. For more information, see [https://www.openssh.com](https://www.openssh.com). The following procedure steps you through using SCP to transfer a file using the instance's public DNS name, or the IPv6 address if your instance has one. **To use SCP to transfer files between your computer and your instance** 1. Determine the location of the source file on your computer and the destination path on the instance. In the following examples, the name of the private key file is `key-pair-name.pem`, the file to transfer is `my-file.txt`, the username for the instance is ec2-user, the public DNS name of the instance is `instance-public-dns-name`, and the IPv6 address of the instance is `2001:db8::1234:5678:1.2.3.4`. + (Public DNS) To transfer a file to the destination on the instance, enter the following command from your computer. ``` scp -i /path/key-pair-name.pem /path/my-file.txt ec2-user@instance-public-dns-name:path/ ``` + (IPv6) To transfer a file to the destination on the instance if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (`[ ]`), which must be escaped (`\`). ``` scp -i /path/key-pair-name.pem /path/my-file.txt ec2-user@\[2001:db8::1234:5678:1.2.3.4\]:path/ ``` 1. If you haven't already connected to the instance using SSH, you see a response like the following: ``` The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)' can't be established. RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f. Are you sure you want to continue connecting (yes/no)? ``` (Optional) You can optionally verify that the fingerprint in the security alert matches the instance fingerprint. For more information, see [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). Enter **yes**. 1. If the transfer is successful, the response is similar to the following: ``` Warning: Permanently added 'ec2-198-51-100-1.compute-1.amazonaws.com' (RSA) to the list of known hosts. my-file.txt 100% 480 24.4KB/s 00:00 ``` 1. To transfer a file in the other direction (from your Amazon EC2 instance to your computer), reverse the order of the host parameters. For example, you can transfer `my-file.txt` from your EC2 instance to the a destination on your local computer as `my-file2.txt`, as shown in the following examples. + (Public DNS) To transfer a file to a destination on your computer, enter the following command from your computer. ``` scp -i /path/key-pair-name.pem ec2-user@instance-public-dns-name:path/my-file.txt path/my-file2.txt ``` + (IPv6) To transfer a file to a destination on your computer if the instance has an IPv6 address, enter the following command from your computer. The IPv6 address must be enclosed in square brackets (`[ ]`), which must be escaped (`\`). ``` scp -i /path/key-pair-name.pem ec2-user@\[2001:db8::1234:5678:1.2.3.4\]:path/my-file.txt path/my-file2.txt ``` # Manage system users on your Amazon EC2 Linux instance Manage Linux system users Each Linux instance launches with a default Linux system user. You can add users to your instance and delete users. For the default user, the [default username](#ami-default-user-names) is determined by the AMI that was specified when you launched the instance. **Note** By default, password authentication and root login are disabled, and sudo is enabled. To log in to your instance, you must use a key pair. For more information about logging in, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). You can allow password authentication and root login for your instance. For more information, see the documentation for your operating system. **Note** Linux system users should not be confused with IAM users. For more information, see [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html#id_iam-users) in the *IAM User Guide*. **Topics** + [ ## Default usernames ](#ami-default-user-names) + [ ## Considerations ](#add-user-best-practice) + [ ## Create a user ](#create-user-account) + [ ## Remove a user ](#delete-user-account) ## Default usernames The default username for your EC2 instance is determined by the AMI that was specified when you launched the instance. The default usernames are: + For an Amazon Linux AMI, the username is `ec2-user`. + For a CentOS AMI, the username is `centos` or `ec2-user`. + For a Debian AMI, the username is `admin`. + For a Fedora AMI, the username is `fedora` or `ec2-user`. + For a FreeBSD AMI, the username is `ec2-user`. + For a RHEL AMI, the username is `ec2-user` or `root`. + For a SUSE AMI, the username is `ec2-user` or `root`. + For an Ubuntu AMI, the username is `ubuntu`. + For an Oracle AMI, the username is `ec2-user`. + For a Bitnami AMI, the username is `bitnami`. **Note** To find the default username for other Linux distributions, check with the AMI provider. ## Considerations Using the default user is adequate for many applications. However, you may choose to add users so that individuals can have their own files and workspaces. Furthermore, creating users for new users is much more secure than granting multiple (possibly inexperienced) users access to the default user, because the default user can cause a lot of damage to a system when used improperly. For more information, see [Tips for Securing Your EC2 Instance](https://aws.amazon.com/articles/tips-for-securing-your-ec2-instance/). To enable users SSH access to your EC2 instance using a Linux system user, you must share the SSH key with the user. Alternatively, you can use EC2 Instance Connect to provide access to users without the need to share and manage SSH keys. For more information, see [Connect to your Linux instance using a public IP address and EC2 Instance Connect](connect-linux-inst-eic.md). ## Create a user First create the user, and then add the SSH public key that allows the user to connect to and log into the instance. **Important** In Step 1 of this procedure, you create a new key pair. Because a key pair functions like a password, it's crucial to handle it securely. If you create a key pair for a user, you must ensure that the private key is sent to them securely. Alternatively, the user can complete Steps 1 and 2 by creating their own key pair, keeping the private key secure on their machine, and then sending you the public key to complete the procedure from Step 3. **To create a user** 1. [Create a new key pair](create-key-pairs.md#having-ec2-create-your-key-pair). You must provide the `.pem` file to the user for whom you are creating the user. They must use this file to connect to the instance. 1. Retrieve the public key from the key pair that you created in the previous step. ``` $ ssh-keygen -y -f /path_to_key_pair/key-pair-name.pem ``` The command returns the public key, as shown in the following example. ``` ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6Vhz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXrlsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZqaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3RbBQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE ``` 1. Connect to the instance. 1. Use the **adduser** command to create the user and add it to the system (with an entry in the `/etc/passwd` file). The command also creates a group and a home directory for the user. In this example, the user is named `newuser`. + AL2023 and Amazon Linux 2 With AL2023 and Amazon Linux 2, the user is created with password authentication disabled by default. ``` [ec2-user ~]$ sudo adduser newuser ``` + Ubuntu Include the `--disabled-password` parameter to create the user with password authentication disabled. ``` [ubuntu ~]$ sudo adduser newuser --disabled-password ``` 1. Switch to the new user so that the directory and file that you create will have the proper ownership. ``` [ec2-user ~]$ sudo su - newuser ``` The prompt changes from `ec2-user` to `newuser` to indicate that you have switched the shell session to the new user. 1. Add the SSH public key to the user. First create a directory in the user's home directory for the SSH key file, then create the key file, and finally paste the public key into the key file, as described in the following sub-steps. 1. Create a `.ssh` directory in the `newuser` home directory and change its file permissions to `700` (only the owner can read, write, or open the directory). ``` [newuser ~]$ mkdir .ssh ``` ``` [newuser ~]$ chmod 700 .ssh ``` **Important** Without these exact file permissions, the user will not be able to log in. 1. Create a file named `authorized_keys` in the `.ssh` directory and change its file permissions to `600` (only the owner can read or write to the file). ``` [newuser ~]$ touch .ssh/authorized_keys ``` ``` [newuser ~]$ chmod 600 .ssh/authorized_keys ``` **Important** Without these exact file permissions, the user will not be able to log in. 1. Open the `authorized_keys` file using your favorite text editor (such as **vim** or **nano**). ``` [newuser ~]$ nano .ssh/authorized_keys ``` Paste the public key that you retrieved in **Step 2** into the file and save the changes. **Important** Ensure that you paste the public key in one continuous line. The public key must not be split over multiple lines. The user should now be able to log into the `newuser` user on your instance, using the private key that corresponds to the public key that you added to the `authorized_keys` file. For more information about the different methods of connecting to a Linux instance, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). ## Remove a user If a user is no longer needed, you can remove that user so that it can no longer be used. Use the **userdel** command to remove the user from the system. When you specify the `-r` parameter, the user's home directory and mail spool are deleted. To keep the user's home directory and mail spool, omit the `-r` parameter. ``` [ec2-user ~]$ sudo userdel -r olduser ``` # Connect to your Windows instance using RDP You can connect to Amazon EC2 instances created from most Windows Amazon Machine Images (AMIs) using Remote Desktop. Remote Desktop uses the Remote Desktop Protocol (RDP) to connect to and use your instance in the same way you use a computer sitting in front of you (local computer). It is available on most editions of Windows and is also available for Mac OS. The license for the Windows Server operating system allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your Windows instance. If you require more than two simultaneous remote connections, you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error occurs. **Tip** If you need to connect to your instance in order to troubleshoot boot, network configuration, and other issues for instances built on the [AWS Nitro System](https://aws.amazon.com/ec2/nitro/), you can use the [EC2 Serial Console for instances](ec2-serial-console.md). **Topics** + [ # Connect to your Windows instance using an RDP client ](connect-rdp.md) + [ # Connect to your Windows instance using Fleet Manager ](connect-rdp-fleet-manager.md) + [ # Transfer files to a Windows instance using RDP ](connect-to-linux-instanceWindowsFileTransfer.md) # Connect to your Windows instance using an RDP client Connect using an RDP client You can connect to your Windows instance using an RDP client as follows. **Tip** Alternatively, you can connect to your Windows instance using [Systems Manager Fleet Manager](connect-rdp-fleet-manager.md) or [EC2 Instance Connect Endpoint](connect-with-ec2-instance-connect-endpoint.md). ## Prerequisites You must meet the following prerequisites to connect to your Windows instance using an RDP client. + **Complete the general prerequisites.** + Check that your instance has passed its status checks. It can take a few minutes for an instance to be ready to accept connection requests. For more information, see [View status checks](viewing_status.md). + [Get the required instance details](connection-prereqs-general.md#connection-prereqs-get-info-about-instance). + [Locate the private key and set permissions](connection-prereqs-general.md#connection-prereqs-private-key). + [(Optional) Get the instance fingerprint](connection-prereqs-general.md#connection-prereqs-fingerprint). + **Install an RDP client.** + (Windows) Windows includes an RDP client by default. To verify, type **mstsc** at a Command Prompt window. If your computer doesn't recognize this command, download the [Microsoft Remote Desktop app](https://apps.microsoft.com/detail/9wzdncrfj3ps) from the Microsoft Store. + (macOS X) Download the [Windows App for Mac (previously named Microsoft Remote Desktop](https://apps.apple.com/us/app/windows-app/id1295203466?mt=12) from the Mac App Store. + (Linux) Use [Remmina](https://remmina.org/). + **Allow inbound RDP traffic from your IP address.** Ensure that the security group associated with your instance allows incoming RDP traffic from your IP address. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). ## Retrieve the administrator password If you joined your instance to a domain, you can connect to your instance using the domain credentials from Directory Service. On the Remote Desktop login screen, instead of using the local computer name and the generated password, use the fully-qualified username for the administrator (for example, **corp.example.com\$1Admin**), and the password for this account. To connect to a Windows instance using RDP, you must retrieve the initial administrator password and then enter this password when you connect to your instance. It takes a few minutes after instance launch before this password is available. Your account must have permission to call the [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) action. For more information, see [Example policies to control access the Amazon EC2 API](ExamplePolicies_EC2.md). The default username for the Administrator account depends on the language of the operating system (OS) contained in the AMI. To determine the correct username, identify the language of the OS, and then choose the corresponding username. For example, for an English OS, the username is `Administrator`, for a French OS it's `Administrateur`, and for a Portuguese OS it's `Administrador`. If a language version of the OS does not have a username in the same language, choose the username `Administrator (Other)`. For more information, see [Localized Names for Administrator Account in Windows](https://learn.microsoft.com/en-us/archive/technet-wiki/13813.localized-names-for-administrator-account-in-windows) in the Microsoft website. **To retrieve the initial administrator password** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and then choose **Connect**. 1. On the **Connect to instance** page, choose the **RDP client** tab. 1. For **Username**, choose the default username for the Administrator account. The username you choose must match the language of the operating system (OS) contained in the AMI that you used to launch your instance. If there is no username in the same language as your OS, choose **Administrator (Other)**. 1. Choose **Get password**. 1. On the **Get Windows password** page, do the following: 1. Choose **Upload private key file** and navigate to the private key (`.pem`) file that you specified when you launched the instance. Select the file and choose **Open** to copy the entire contents of the file to this window. 1. Choose **Decrypt password**. The **Get Windows password** page closes, and the default administrator password for the instance appears under **Password**, replacing the **Get password** link shown previously. 1. Copy the password and save it in a safe place. This password is required to connect to the instance. ## Connect to your Windows instance The following procedure uses the Remote Desktop Connection client for Windows (MSTSC). If you're using a different RDP client, download the RDP file and then see the documentation for the RDP client for the steps to establish the RDP connection. **To connect to a Windows instance using an RDP client** 1. On the **Connect to instance** page, choose **Download remote desktop file**. When the file download is finished, choose **Cancel** to return to the **Instances** page. The RDP file is downloaded to your `Downloads` folder. 1. Run `mstsc.exe` to open the RDP client. 1. Expand **Show options**, choose **Open**, and select the .rdp file from your `Downloads` folder. 1. By default, **Computer** is the public IPv4 DNS name of the instance and **User name** is the administrator account. To connect to the instance using IPv6 instead, replace the public IPv4 DNS name of the instance with its IPv6 address. Review the default settings and change them as needed. 1. Choose **Connect**. If you receive a warning that the publisher of the remote connection is unknown, choose **Connect** to continue. 1. Enter the password that you saved previously, and then choose **OK**. 1. Due to the nature of self-signed certificates, you might get a warning that the security certificate could not be authenticated. Do one of the following: + If you trust the certificate, choose **Yes** to connect to your instance. + [Windows] Before you proceed, compare the thumbprint of the certificate with the value in the system log to confirm the identity of the remote computer. Choose **View certificate** and then choose **Thumbprint** from the **Details** tab. Compare this value to the value of `RDPCERTIFICATE-THUMBPRINT` in **Actions**, **Monitor and troubleshoot**, **Get system log**. + [Mac OS X] Before you proceed, compare the fingerprint of the certificate with the value in the system log to confirm the identity of the remote computer. Choose **Show Certificate**, expand **Details**, and choose **SHA1 Fingerprints**. Compare this value to the value of `RDPCERTIFICATE-THUMBPRINT` in **Actions**, **Monitor and troubleshoot**, **Get system log**. 1. If the RDP connection is successful, the RDP client displays the Windows login screen and then the Windows desktop. If you receive an error message instead, see [Remote Desktop can't connect to the remote computer](troubleshoot-connect-windows-instance.md#rdp-issues). When you are finished with the RDP connection, you can close the RDP client. ## Configure user accounts After you connect to your instance over RDP, we recommend that you perform the following tasks: + Change the administrator password from the default value. You [can change the password while you are logged on to the instance itself](https://support.microsoft.com/en-us/windows/change-or-reset-your-windows-password-8271d17c-9f9e-443f-835a-8318c8f68b9c), just as you would on any computer running Windows Server. + Create another user with administrator privileges on the instance. This is a safeguard in case you forget the administrator password or have a problem with the administrator account. The new user must have permission to access the instance remotely. Open **System Properties** by right-clicking on the **This PC** icon on your Windows desktop or File Explorer and selecting **Properties**. Choose **Remote settings**, and choose **Select Users** to add the user to the **Remote Desktop Users** group. ![\[System Properties window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/windows-connect-properties-rdp.png) # Connect to your Windows instance using Fleet Manager Connect using Fleet Manager You can use Fleet Manager, a capability of AWS Systems Manager, to connect to Windows instances using the Remote Desktop Protocol (RDP) and display up to four Windows instances on the same page in the AWS Management Console. You can connect to the first instance in the Fleet Manager Remote Desktop directly from the **Instances** page in the Amazon EC2 console. For more information about Fleet Manager, see [Connect to a managed instance using Remote Desktop](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html) in the *AWS Systems Manager User Guide*. You do not need to specifically allow incoming RDP traffic from your IP address if you use Fleet Manager to connect. Fleet Manager handles that for you. **Prerequisites** Before attempting to connect to an instance using Fleet Manager, you must set up your environment. For more information, see [Setting up your environment](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html#rdp-prerequisites) in the *AWS Systems Manager User Guide*. **To connect to a Windows instance using Fleet Manager** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. From the navigation pane, choose **Instances**. 1. Select the instance and then choose **Connect**. 1. On the **RDP client** tab, for **Connection Type**, choose **Connect using Fleet Manager**. 1. Choose **Fleet Manager Remote Desktop**. This opens the **Fleet Manager Remote Desktop** page in the AWS Systems Manager console. 1. Enter your credentials and then choose **Connect**. 1. If the RDP connection is successful, Fleet Manager displays the Windows desktop. When you are finished with the session, choose **Actions**, **End session**. For more information, see [Connecting to a Windows Server managed instance using Remote Desktop](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html) in the *AWS Systems Manager User Guide*. # Transfer files to a Windows instance using RDP Transfer files using RDP You can work with your Windows instance in the same way that you would work with any Windows server. For example, you can transfer files between a Windows instance and your local computer using the local file sharing feature of the Microsoft Remote Desktop Connection (RDP) software. You can access local files on hard disk drives, DVD drives, portable media drives, and mapped network drives. To access your local files from your Windows instances, you must enable the local file sharing feature by mapping the remote session drive to your local drive. The steps are slightly different depending on whether your local computer operating system is Windows or macOS X. For more information about the prerequisites to connect using RDP, see [Prerequisites](connect-rdp.md#rdp-prereqs). ------ #### [ Windows ] **To map the remote session drive to your local drive on your local Windows computer** 1. Open the Remote Desktop Connection client. 1. Choose **Show Options**. 1. Add the instance host name to the **Computer** field and username to the **User name** field, as follows: 1. Under **Connection settings**, choose **Open...**, and browse to the RDP shortcut file that you downloaded from the Amazon EC2 console. The file contains the Public IPv4 DNS host name, which identifies the instance, and the Administrator user name. 1. Select the file and choose **Open**. The **Computer** and **User name** fields are populated with the values from the RDP shortcut file. 1. Choose **Save**. 1. Choose the **Local Resources** tab. 1. Under **Local devices and resources**, choose **More...** ![\[RDP Local Resources window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/windows-connect-rdp-local-resources.png) 1. Open **Drives** and select the local drive to map to your Windows instance. 1. Choose **OK**. ![\[RDP Local devices and resources window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/windows-connect-rdp-drives.png) 1. Choose **Connect** to connect to your Windows instance. ------ #### [ macOS X ] **To map the remote session drive to your local folder on your local macOS X computer** 1. Open the Remote Desktop Connection client. 1. Browse to the RDP file that you downloaded from the Amazon EC2 console (when you initially connected to the instance), and drag it onto the Remote Desktop Connection client. 1. Right-click the RDP file, and choose **Edit**. 1. Choose the **Folders** tab, and select the **Redirect folders** checkbox. ![\[Microsoft Remote Desktop Edit PC window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/mac-map-folder-1.png) 1. Choose the **\$1** icon at bottom left, browse to the folder to map, and choose **Open**. Repeat this step for every folder to map. 1. Choose **Save**. 1. Choose **Connect** to connect to your Windows instance. You'll be prompted for the password. 1. On the instance, in File Explorer, expand **This PC**, and find the shared folder from which you can access your local files. In the following screenshot, the **Desktop** folder on the local computer was mapped to the remote session drive on the instance. ![\[Microsoft Remote Desktop Edit PC window.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/mac-map-folder-2.png) For more information on making local devices available to a remote session on a Mac computer, see [Get started with the macOS client](https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-mac). ------ # Connect to your Amazon EC2 instance using Session Manager Connect using Session Manager Session Manager is a fully-managed AWS Systems Manager capability for managing your Amazon EC2 instances through an interactive, one-click, browser-based shell, or through the AWS CLI. You can use Session Manager to start a session with an instance in your account. After the session is started, you can run interactive commands on the instance as you would for any other connection type. For more information about Session Manager, see [AWS Systems Manager Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) in the *AWS Systems Manager User Guide*. **Prerequisites** Before you attempt to connect to an instance using Session Manager, you must complete the required setup steps. For example, the instance must be managed by SSM and must have an attached IAM role with the **AmazonSSMManagedInstanceCore** policy. For more information, see [Setting up Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html). **To connect to an Amazon EC2 instance using Session Manager on the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Connect**. 1. For the connection method, choose **Session Manager**. 1. Choose **Connect** to start the session. ![\[The Connect button on the Session Manager tab.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/connect-method-session-manager.png) **Troubleshooting** If you receive an error that you're not authorized to perform one or more Systems Manager actions (`ssm:command-name`), you must update your policies to allow you to start sessions from the Amazon EC2 console. For more information and instructions, see [Quickstart default IAM policies for Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-quickstart.html) in the *AWS Systems Manager User Guide*. # Connect to your Linux instance using a public IP address and EC2 Instance Connect Connect using a public IP and EC2 Instance Connect Amazon EC2 Instance Connect provides a secure way to connect to your Linux instances over Secure Shell (SSH). With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) [policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [principals](https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html#intro-structure-principal) to control SSH access to your instances, removing the need to share and manage SSH keys. All connection requests using EC2 Instance Connect are [logged to AWS CloudTrail](monitor-with-cloudtrail.md#ec2-instance-connect-cloudtrail) so that you can audit connection requests. You can use EC2 Instance Connect to connect to your instances using the Amazon EC2 console or the SSH client of your choice. When you connect to an instance using EC2 Instance Connect, the EC2 Instance Connect API pushes an SSH public key to the [instance metadata](ec2-instance-metadata.md) where it remains for 60 seconds. An IAM policy attached to your user authorizes your user to push the public key to the instance metadata. The SSH daemon uses `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, which are configured when EC2 Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance. **Tip** EC2 Instance Connect is one of the options to connect to your Linux instance. For other options, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). To connect to a Windows instance, see [Connect to your Windows instance using RDP](connecting_to_windows_instance.md). **Pricing** EC2 Instance Connect is available at no additional cost. **Region availability** EC2 Instance Connect is available in all AWS Regions. It is not supported in Local Zones. **Topics** + [Tutorial](ec2-instance-connect-tutorial.md) + [Prerequisites](ec2-instance-connect-prerequisites.md) + [Permissions](ec2-instance-connect-configure-IAM-role.md) + [Install EC2 Instance Connect](ec2-instance-connect-set-up.md) + [Connect to an instance](ec2-instance-connect-methods.md) + [ # Uninstall EC2 Instance Connect ](ec2-instance-connect-uninstall.md) For a blog post that discusses how to improve the security of your bastion hosts using EC2 Instance Connect, see [Securing your bastion hosts with Amazon EC2 Instance Connect](https://aws.amazon.com/blogs/infrastructure-and-automation/securing-your-bastion-hosts-with-amazon-ec2-instance-connect/). # Tutorial: Complete the configuration required to connect to your instance using EC2 Instance Connect Tutorial To connect to your instance using EC2 Instance Connect in the Amazon EC2 console, you first need to complete the prerequisite configuration that will allow you to successfully connect to your instance. The purpose of this tutorial is to guide you through the tasks to complete the prerequisite configuration. **Tutorial overview** In this tutorial, you'll complete the following four tasks: + [Task 1: Grant permissions required to use EC2 Instance Connect](#eic-tut1-task1) First you'll create an IAM policy that contains the IAM permissions that allow you to push a public key to the instance metadata. You'll attach this policy to your IAM identity (user, user group, or role) so that your IAM identity gets these permissions. + [Task 2: Allow inbound traffic from the EC2 Instance Connect service to your instance](#eic-tut1-task2) Then you'll create a security group that allows traffic from the EC2 Instance Connect service to your instance. This is required when you use EC2 Instance Connect in the Amazon EC2 console to connect to your instance. + [Task 3: Launch your instance](#eic-tut1-task3) You'll then launch an EC2 instance using an AMI that is pre-installed with EC2 Instance Connect and you'll add the security group that you created in the previous step. + [Task 4: Connect to your instance](#eic-tut1-task4) Finally, you'll use EC2 Instance Connect in the Amazon EC2 console to connect to your instance. If you can connect, then you can be sure that the prerequisite configuration you completed in Tasks 1, 2, and 3 were successful. ## Task 1: Grant permissions required to use EC2 Instance Connect When you connect to an instance using EC2 Instance Connect, the EC2 Instance Connect API pushes an SSH public key to the [instance metadata](ec2-instance-metadata.md) where it remains for 60 seconds. You need an IAM policy attached to your IAM identity (user, user group, or role) to grant you the required permission to push the public key to the instance metadata. **Task objective** You'll create the IAM policy that grants the permission to push the public key to the instance. The specific action to allow is `ec2-instance-connect:SendSSHPublicKey`. You must also allow the `ec2:DescribeInstances` action so that you can view and select your instance in the Amazon EC2 console. After you've created the policy, you'll attach the policy to your IAM identity (user, user group, or role) so that your IAM identity gets the permissions. You'll create a policy that is configured as follows: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "ec2-instance-connect:SendSSHPublicKey", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*" } ] } ``` ------ **Important** The IAM policy created in this tutorial is a highly permissive policy; it allows you to connect to any instance using any AMI username. We're using this highly permissive policy to keep the tutorial simple and focused on the specific configurations that this tutorial is teaching. However, in a production environment, we recommend that your IAM policy is configured to provide [least-privilege permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege). For example IAM policies, see [Grant IAM permissions for EC2 Instance Connect](ec2-instance-connect-configure-IAM-role.md). **To create and attach an IAM policy that allows you to use EC2 Instance Connect to connect to your instances** 1. **First create the IAM policy** 1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the navigation pane, choose **Policies**. 1. Choose **Create policy**. 1. On the **Specify permission** page, do the following: 1. For **Service**, choose **EC2 Instance Connect**. 1. Under **Actions allowed**, in the search field start typing **send** to show the relevant actions, and then select **SendSSHPublicKey**. 1. Under **Resources**, choose **All**. For a production environment, we recommend specifying the instance by its ARN, but for this tutorial, you're allowing all instances. 1. Choose **Add more permissions**. 1. For **Service**, choose **EC2**. 1. Under **Actions allowed**, in the search field start typing **describein** to show the relevant actions, and then select **DescribeInstances**. 1. Choose **Next**. 1. On the **Review and create** page, do the following: 1. For **Policy name**, enter a name for the policy. 1. Choose **Create policy**. 1. **Then attach the policy to your identity** 1. In the IAM console, in the navigation pane, choose **Policies**. 1. In the list of policies, select the option button next to the name of the policy you created. You can use the search box to filter the list of policies. 1. Choose **Actions**, **Attach**. 1. Under **IAM entities**, select the checkbox next to your identity (user, user group, or role). You can use the search box to filter the list of entities. 1. Choose **Attach policy**. ### View an animation: Create an IAM policy ![\[This animation shows how to create an IAM policy. For the text version of this animation, see the steps in the preceding procedure.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/eic-tut1-task1-create-iam-policy.gif) ### View an animation: Attach an IAM policy ![\[This animation shows how to attach an IAM policy to an IAM identity. For the text version of this animation, see the steps in the preceding procedure.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/eic-tut1-task1-attach-iam-policy.gif) ## Task 2: Allow inbound traffic from the EC2 Instance Connect service to your instance When you use EC2 Instance Connect in the Amazon EC2 console to connect to an instance, the traffic that must be allowed to reach the instance is traffic from the EC2 Instance Connect service. This is different to connecting from your local computer to an instance; in that case, you must allow traffic from your local computer to your instance. To allow traffic from the EC2 Instance Connect service, you must create a security group that allows inbound SSH traffic from the IP address range for the EC2 Instance Connect service. AWS uses prefix lists to manage IP address ranges. The names of the EC2 Instance Connect prefix lists are as follows, with *region* replaced by the Region code: + IPv4 prefix list name: `com.amazonaws.region.ec2-instance-connect` + IPv6 prefix list name: `com.amazonaws.region.ipv6.ec2-instance-connect` **Task objective** You'll create a security group that allows inbound SSH traffic on port 22 from the IPv4 prefix list in the Region in which your instance is located. **To create a security group that allows inbound traffic from the EC2 Instance Connect service to your instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Security Groups**. 1. Choose **Create security group**. 1. Under **Basic details**, do the following: 1. For **Security group name**, enter a meaningful name for your security group. 1. For **Description**, enter a meaningful description for your security group. 1. Under **Inbound rules**, do the following: 1. Choose **Add rule**. 1. For **Type**, choose **SSH**. 1. For **Source**, leave **Custom**. 1. In the field next to **Source**, select the prefix list for EC2 Instance Connect. For example, if your instance is located in the US East (N. Virginia) (`us-east-1`) Region and your users will connect to its public IPv4 address, choose the following prefix list: **com.amazonaws.us-east-1.ec2-instance-connect** 1. Choose **Create security group**. ### View an animation: Create the security group ![\[This animation shows how to configure a security group. For the text version of this animation, see the steps in the preceding procedure.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/tut1-task2-eic-security-group.gif) ## Task 3: Launch your instance When you launch an instance, you must specify an AMI that contains the information required to launch the instance. You can choose to launch an instance with or without EC2 Instance Connect pre-installed. In this task, we specify an AMI that comes pre-installed with EC2 Instance Connect. If you launch your instance without EC2 Instance Connect pre-installed, and you want to use EC2 Instance Connect to connect to your instance, you'll need to perform additional configuration steps. These steps are outside the scope of this tutorial. **Task objective** You'll launch an instance with the Amazon Linux 2023 AMI, which comes pre-installed with EC2 Instance Connect. You'll also specify the security group that you created earlier so that you can use EC2 Instance Connect in the Amazon EC2 console to connect to your instance. Because you'll use EC2 Instance Connect to connect to your instance, which pushes a public key to your instance's metadata, you won't need to specify an SSH key when you launch your instance. **To launch an instance that can use EC2 Instance Connect in the Amazon EC2 console for connection** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, the current AWS Region is displayed (for example, **Ireland**). Select a Region in which to launch your instance. This choice is important because you created a security group that allows traffic for a specific Region, so you must select the same Region in which to launch your instance. 1. From the Amazon EC2 console dashboard, choose **Launch instance**. 1. (Optional) Under **Name and tags**, for **Name**, enter a descriptive name for your instance. 1. Under **Application and OS Images (Amazon Machine Image)**, choose **Quick Start**. **Amazon Linux** is selected by default. Under **Amazon Machine Image (AMI)**, **Amazon Linux 2023 AMI** is selected by default. Keep the default selection for this task. 1. Under **Instance type**, for **Instance type**, keep the default selection, or choose a different instance type. 1. Under **Key pair (login)**, for **Key pair name**, choose **Proceed without a key pair (Not recommended)**. When you use EC2 Instance Connect to connect to an instance, EC2 Instance Connect pushes a key pair to the instance's metadata, and it is this key pair that is used for the connection. 1. Under **Network settings**, do the following: 1. For **Auto-assign public IP**, leave **Enable**. **Note** To use EC2 Instance Connect in the Amazon EC2 console to connect to an instance, the instance must have a public IPv4 or IPv6 address. 1. For **Firewall (security groups)**, choose **Select existing security group**. 1. Under **Common security groups**, choose the security group that you created earlier. 1. In the **Summary** panel, choose **Launch instance**. ### View an animation: Launch your instance ![\[This animation shows how to launch an instance. For the text version of this animation, see the steps in the preceding procedure.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/tut1-task3-launch-an-instance.gif) ## Task 4: Connect to your instance When you connect to an instance using EC2 Instance Connect, the EC2 Instance Connect API pushes an SSH public key to the [instance metadata](ec2-instance-metadata.md) where it remains for 60 seconds. The SSH daemon uses `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` to look up the public key from the instance metadata for authentication, and connects you to the instance. **Task objective** In this task, you'll connect to your instance using EC2 Instance Connect in the Amazon EC2 console. If you completed the prerequisite Tasks 1, 2, and 3, the connection should be successful. **Steps to connect to your instance** Use the following steps to connect to your instance. To view an animation of the steps, see [View an animation: Connect to your instance](#eic-tut1-task4-animation). **To connect an instance using EC2 Instance Connect in the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation bar at the top of the screen, the current AWS Region is displayed (for example, **Ireland**). Select the Region in which your instance is located. 1. In the navigation pane, choose **Instances**. 1. Select your instance and choose **Connect**. 1. Choose the **EC2 Instance Connect** tab. 1. Choose **Connect using a Public IP**. 1. Choose **Connect**. A terminal window opens in the browser, and you are connected to your instance. ### View an animation: Connect to your instance ![\[This animation shows how to connect an instance using EC2 Instance Connect. For the text version of this animation, see the steps in the preceding procedure.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/eic-tut1-task4-connect.gif) # Prerequisites for EC2 Instance Connect Prerequisites **Topics** + [ ## Install EC2 Instance Connect ](#eic-prereqs-install-eic-on-instance) + [ ## Ensure network connectivity ](#eic-prereqs-network-access) + [ ## Allow inbound SSH traffic ](#ec2-instance-connect-setup-security-group) + [ ## Grant permissions ](#eic-prereqs-grant-permissions) + [ ## Install an SSH client on your local computer ](#eic-prereqs-install-ssh-client) + [ ## Meet username requirements ](#eic-prereqs-username) ## Install EC2 Instance Connect To use EC2 Instance Connect to connect to an instance, the instance must have EC2 Instance Connect installed. You can either launch the instance using an AMI that comes pre-installed with EC2 Instance Connect, or you can install EC2 Instance Connect on instances that are launched with supported AMIs. For more information, see [Install EC2 Instance Connect on your EC2 instances](ec2-instance-connect-set-up.md). ## Ensure network connectivity Instances can be configured to allow users to connect to your instance over the internet or through the instance's private IP address. Depending on how your users will connect to your instance using EC2 Instance Connect, you must configure the following network access: + If your users will connect to your instance over the internet, then your instance must have a public IPv4 or IPv6 address and be in a public subnet with a route to the internet. If you haven't modified your default public subnet, then it contains a route to the internet for IPv4 only, and not for IPv6. For more information, see [Enable VPC internet access using internet gateways](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html#vpc-igw-internet-access) in the *Amazon VPC User Guide*. + If your users will connect to your instance through the instance's private IPv4 address, then you must establish private network connectivity to your VPC, such as by using AWS Direct Connect, AWS Site-to-Site VPN, or VPC peering, so that your users can reach the instance's private IP address. If your instance does not have a public IPv4 or IPv6 address and you prefer not to configure the network access as described above, you can consider EC2 Instance Connect Endpoint as an alternative to EC2 Instance Connect. With EC2 Instance Connect Endpoint, you can connect to an instance using SSH or RDP even if the instance does not have a public IPv4 or IPv6 address. For more information, see [Connect to your Linux instance using the Amazon EC2 console](connect-using-eice.md#connect-using-the-ec2-console). ## Allow inbound SSH traffic **When using the Amazon EC2 console to connect to an instance** When users connect to an instance using the Amazon EC2 console, the traffic that must be allowed to reach the instance is traffic from the EC2 Instance Connect service. The service is identified by specific IP address ranges, which AWS manages through prefix lists. You must create a security group that allows inbound SSH traffic from the EC2 Instance Connect service. To configure this, for the inbound rule, in the field next to **Source**, select the EC2 Instance Connect prefix list. AWS provides different managed prefix lists for IPv4 and IPv6 addresses for each Region. The names of the EC2 Instance Connect prefix lists are as follows, with *region* replaced by the Region code: + IPv4 prefix list name: `com.amazonaws.region.ec2-instance-connect` + IPv6 prefix list name: `com.amazonaws.region.ipv6.ec2-instance-connect` For the instructions for creating the security group, see [Task 2: Allow inbound traffic from the EC2 Instance Connect service to your instance](ec2-instance-connect-tutorial.md#eic-tut1-task2). For more information, see [Available AWS-managed prefix lists](https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html#available-aws-managed-prefix-lists) in the *Amazon VPC User Guide*. **When using the CLI or SSH to connect to an instance** Ensure that the security group associated with your instance [allows inbound SSH traffic](security-group-rules-reference.md#sg-rules-local-access) on port 22 from your IP address or from your network. The default security group for the VPC does not allow incoming SSH traffic by default. The security group created by the launch instance wizard allows incoming SSH traffic by default. For more information, see [Rules to connect to instances from your computer](security-group-rules-reference.md#sg-rules-local-access). ## Grant permissions You must grant the required permissions to every IAM user who will use EC2 Instance Connect to connect to an instance. For more information, see [Grant IAM permissions for EC2 Instance Connect](ec2-instance-connect-configure-IAM-role.md). ## Install an SSH client on your local computer If your users will connect using SSH, they must ensure that their local computer has an SSH client. A user's local computer most likely has an SSH client installed by default. They can check for an SSH client by typing **ssh** at the command line. If their local computer doesn't recognize the command, they can install an SSH client. For information about installing an SSH client on Linux or macOS X, see [http://www.openssh.com](http://www.openssh.com/). For information about installing an SSH client on Windows 10, see [OpenSSH in Windows](https://learn.microsoft.com/en-us/windows-server/administration/OpenSSH/openssh-overview). There is no need to install an SSH client on a local computer if your users use only the Amazon EC2 console to connect to an instance. ## Meet username requirements When using EC2 Instance Connect to connect to an instance, the username must meet the following requirements: + First character: Must be a letter (`A-Z`, `a-z`), a digit (`0-9`), or an underscore (`_`) + Subsequent characters: Can be letters (`A-Z`, `a-z`), digits (`0-9`), or the following characters: `@ . _ -` + Minimum length: 1 character + Maximum length: 31 characters # Grant IAM permissions for EC2 Instance Connect Permissions To connect to an instance using EC2 Instance Connect, you must create an IAM policy that grants your users permissions for the following actions and condition: + `ec2-instance-connect:SendSSHPublicKey` action – Grants permission to push the public key to an instance. + `ec2:osuser` condition – Specifies the name of the OS user that can push the public key to an instance. Use the default username for the AMI that you used to launch the instance. The default username for AL2023 and Amazon Linux 2 is `ec2-user`, and for Ubuntu it's `ubuntu`. + `ec2:DescribeInstances` action – Required when using the EC2 console because the wrapper calls this action. Users might already have permission to call this action from another policy. + `ec2:DescribeVpcs` action – Required when connecting to an IPv6 address. Consider restricting access to specific EC2 instances. Otherwise, all IAM principals with permission for the `ec2-instance-connect:SendSSHPublicKey` action can connect to all EC2 instances. You can restrict access by specifying resource ARNs or by using resource tags as [condition keys](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2instanceconnect.html#amazonec2instanceconnect-policy-keys). For more information, see [Actions, resources, and condition keys for Amazon EC2 Instance Connect](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2instanceconnect.html). For information about creating IAM policies, see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide*. ## Allow users to connect to specific instances The following IAM policy grants permission to connect to specific instances, identified by their resource ARNs. In the following example IAM policy, the following actions and condition are specified: + The `ec2-instance-connect:SendSSHPublicKey` action grants users permission to connect to two instances, specified by the resource ARNs. To grant users permission to connect to *all* EC2 instances, replace the resource ARNs with the `*` wildcard. + The `ec2:osuser` condition grants permission to connect to the instances only if the *ami-username* is specified when connecting. + The `ec2:DescribeInstances` action is specified to grant permission to users who will use the console to connect to your instances. If your users will only use an SSH client to connect to your instances, you can omit `ec2:DescribeInstances`. Note that the `ec2:Describe*` API actions do not support resource-level permissions. Therefore, the `*` wildcard is necessary in the `Resource` element. + The `ec2:DescribeVpcs` action is specified to grant permission to users who will use the console to connect to your instances using an IPv6 address. If your users will only use a public IPv4 address, you can omit `ec2:DescribeVpcs`. Note that the `ec2:Describe*` API actions do not support resource-level permissions. Therefore, the `*` wildcard is necessary in the `Resource` element. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "ec2-instance-connect:SendSSHPublicKey", "Resource": [ "arn:aws:ec2:us-east-1:111122223333:instance/i-1234567890abcdef0", "arn:aws:ec2:us-east-1:111122223333:instance/i-0598c7d356eba48d7" ], "Condition": { "StringEquals": { "ec2:osuser": "ami-username" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeVpcs" ], "Resource": "*" } ] } ``` ------ ## Allow users to connect to instances with specific tags Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on tags that can be attached to users and AWS resources. You can use resource tags to control access to an instance. For more information about using tags to control access to your AWS resources, see [Controlling access to AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html#access_tags_control-resources) in the *IAM User Guide*. In the following example IAM policy, the `ec2-instance-connect:SendSSHPublicKey` action grants users permission to connect to any instance (indicated by the `*` wildcard in the resource ARN) on condition that the instance has a resource tag with key=`tag-key` and value=`tag-value`. The `ec2:DescribeInstances` action is specified to grant permission to users who will use the console to connect to your instances. If your users will use only an SSH client to connect to your instances, you can omit `ec2:DescribeInstances`. Note that the `ec2:Describe*` API actions do not support resource-level permissions. Therefore, the `*` wildcard is necessary in the `Resource` element. The `ec2:DescribeVpcs` action is specified to grant permission to users who will use the console to connect to your instances using an IPv6 address. If your users will only use a public IPv4 address, you can omit `ec2:DescribeVpcs`. Note that the `ec2:Describe*` API actions do not support resource-level permissions. Therefore, the `*` wildcard is necessary in the `Resource` element. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "ec2-instance-connect:SendSSHPublicKey", "Resource": "arn:aws:ec2:us-east-1:111122223333:instance/*", "Condition": { "StringEquals": { "aws:ResourceTag/tag-key": "tag-value" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeVpcs" ], "Resource": "*" } ] } ``` ------ # Install EC2 Instance Connect on your EC2 instances Install EC2 Instance Connect To connect to a Linux instance using EC2 Instance Connect, the instance must have EC2 Instance Connect installed. Installing EC2 Instance Connect configures the SSH daemon on the instance. For more information about the EC2 Instance Connect package, see [aws/aws-ec2-instance-connect-config ](https://github.com/aws/aws-ec2-instance-connect-config) on the GitHub website. **Note** If you configured the `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` settings for SSH authentication, the EC2 Instance Connect installation will not update them. As a result, you can't use EC2 Instance Connect. ## Install prerequisites Before you install EC2 Instance Connect, ensure that you meet the following prerequisites. + **Verify that the instance uses one of the following:** + Amazon Linux 2 prior to version 2.0.20190618 \$1 + AL2023 minimal AMI or Amazon ECS-optimized AMI + CentOS Stream 8 and 9 + macOS Sonoma prior to 14.2.1, Ventura prior to 13.6.3, and Monterey prior to 12.7.2 \$1 + Red Hat Enterprise Linux (RHEL) 8 and 9 + Ubuntu 16.04 and 18.04 \$1 **Tip** \$1 For Amazon Linux 2, macOS, and Ubuntu: If you launched your instance using a later version than those listed above, EC2 Instance Connect comes preinstalled and no manual installation is required. + **Verify the general prerequisites for EC2 Instance Connect.** For more information, see [Prerequisites for EC2 Instance Connect](ec2-instance-connect-prerequisites.md). + **Verify the prerequisites for connecting to your instance using an SSH client on your local machine.** For more information, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). + **Get the ID of the instance.** You can get the ID of your instance using the Amazon EC2 console (from the **Instance ID** column). If you prefer, you can use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) (AWS CLI) or [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) (AWS Tools for Windows PowerShell) command. ## Manually install EC2 Instance Connect **Note** If you launched your instance using one of the following AMIs, EC2 Instance Connect is pre-installed and you can skip this procedure: AL2023 standard AMI Amazon Linux 2 2.0.20190618 or later macOS Sonoma 14.2.1 or later macOS Ventura 13.6.3 or later macOS Monterey 12.7.2 or later Ubuntu 20.04 or later Use one of the following procedures for installing EC2 Instance Connect, depending on the operating system of your instance. ------ #### [ Amazon Linux 2 ] **To install EC2 Instance Connect on an instance launched with Amazon Linux 2** 1. Connect to your instance using SSH. Replace the example values in the following command with your values. Use the SSH key pair that was assigned to your instance when you launched it and the default username of the AMI that you used to launch your instance. For Amazon Linux 2, the default username is `ec2-user`. ``` $ ssh -i my_ec2_private_key.pem ec2-user@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` For more information about connecting to your instance, see [Connect to your Linux instance using an SSH client](connect-linux-inst-ssh.md). 1. Install the EC2 Instance Connect package on your instance. ``` [ec2-user ~]$ sudo yum install ec2-instance-connect ``` You should see three new scripts in the `/opt/aws/bin/` folder: ``` eic_curl_authorized_keys eic_parse_authorized_keys eic_run_authorized_keys ``` 1. (Optional) Verify that EC2 Instance Connect was successfully installed on your instance. ``` [ec2-user ~]$ sudo less /etc/ssh/sshd_config ``` EC2 Instance Connect was successfully installed if the `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` lines contain the following values: ``` AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f AuthorizedKeysCommandUser ec2-instance-connect ``` + `AuthorizedKeysCommand` sets the `eic_run_authorized_keys` script to look up the keys from the instance metadata + `AuthorizedKeysCommandUser` sets the system user as `ec2-instance-connect` **Note** If you previously configured `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, the EC2 Instance Connect installation will not change the values and you will not be able to use EC2 Instance Connect. ------ #### [ CentOS ] **To install EC2 Instance Connect on an instance launched with CentOS** 1. Connect to your instance using SSH. Replace the example values in the following command with your values. Use the SSH key pair that was assigned to your instance when you launched it and the default username of the AMI that you used to launch your instance. For CentOS, the default username is `centos` or `ec2-user`. ``` $ ssh -i my_ec2_private_key.pem centos@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` For more information about connecting to your instance, see [Connect to your Linux instance using an SSH client](connect-linux-inst-ssh.md). 1. If you use an HTTP or HTTPS proxy, you must set the `http_proxy` or `https_proxy` environment variables in the current shell session. If you're not using a proxy, you can skip this step. + For an HTTP proxy server, run the following commands: ``` $ export http_proxy=http://hostname:port $ export https_proxy=http://hostname:port ``` + For an HTTPS proxy server, run the following commands: ``` $ export http_proxy=https://hostname:port $ export https_proxy=https://hostname:port ``` 1. Install the EC2 Instance Connect package on your instance by running the following commands. The EC2 Instance Connect configuration files for CentOS are provided in a Red Hat Package Manager (RPM) package, with different RPM packages for CentOS 8 and CentOS 9 and for instance types that run on Intel/AMD (x86\$164) or ARM (AArch64). Use the command block for your operating system and CPU architecture. + CentOS 8 Intel/AMD (x86\$164) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-2.0.0-5.rhel8.x86_64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` ARM (AArch64) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-2.0.0-5.rhel8.aarch64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` + CentOS 9 Intel/AMD (x86\$164) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-2.0.0-5.rhel9.x86_64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` ARM (AArch64) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-2.0.0-5.rhel9.aarch64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` You should see the following new script in the `/opt/aws/bin/` folder: ``` eic_run_authorized_keys ``` 1. (Optional) Verify that EC2 Instance Connect was successfully installed on your instance. + For CentOS 8: ``` [ec2-user ~]$ sudo less /lib/systemd/system/sshd.service.d/ec2-instance-connect.conf ``` + For CentOS 9: ``` [ec2-user ~]$ sudo less /etc/ssh/sshd_config.d/60-ec2-instance-connect.conf ``` EC2 Instance Connect was successfully installed if the `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` lines contain the following values: ``` AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f AuthorizedKeysCommandUser ec2-instance-connect ``` + `AuthorizedKeysCommand` sets the `eic_run_authorized_keys` script to look up the keys from the instance metadata + `AuthorizedKeysCommandUser` sets the system user as `ec2-instance-connect` **Note** If you previously configured `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, the EC2 Instance Connect installation will not change the values and you will not be able to use EC2 Instance Connect. ------ #### [ macOS ] **To install EC2 Instance Connect on an instance launched with macOS** 1. Connect to your instance using SSH. Replace the example values in the following command with your values. Use the SSH key pair that was assigned to your instance when you launched it and the default username of the AMI that you used to launch your instance. For macOS instances, the default username is `ec2-user`. ``` $ ssh -i my_ec2_private_key.pem ec2-user@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` For more information about connecting to your instance, see [Connect to your Linux instance using an SSH client](connect-linux-inst-ssh.md). 1. Update Homebrew using the following command. The update will list the software that Homebrew knows about. The EC2 Instance Connect package is provided via Homebrew on macOS instances. For more information, see [Update the operating system and software on Amazon EC2 Mac instances](mac-instance-updates.md). ``` [ec2-user ~]$ brew update ``` 1. Install the EC2 Instance Connect package on your instance. This will install the software and configure sshd to use it. ``` [ec2-user ~]$ brew install ec2-instance-connect ``` You should see the following new script in the `/opt/aws/bin/` folder: ``` eic_run_authorized_keys ``` 1. (Optional) Verify that EC2 Instance Connect was successfully installed on your instance. ``` [ec2-user ~]$ sudo less /etc/ssh/sshd_config.d/60-ec2-instance-connect.conf ``` EC2 Instance Connect was successfully installed if the `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` lines contain the following values: ``` AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f AuthorizedKeysCommandUser ec2-instance-connect ``` + `AuthorizedKeysCommand` sets the `eic_run_authorized_keys` script to look up the keys from the instance metadata + `AuthorizedKeysCommandUser` sets the system user as `ec2-instance-connect` **Note** If you previously configured `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, the EC2 Instance Connect installation will not change the values and you will not be able to use EC2 Instance Connect. ------ #### [ RHEL ] **To install EC2 Instance Connect on an instance launched with Red Hat Enterprise Linux (RHEL)** 1. Connect to your instance using SSH. Replace the example values in the following command with your values. Use the SSH key pair that was assigned to your instance when you launched it and the default username of the AMI that you used to launch your instance. For RHEL, the default username is `ec2-user` or `root`. ``` $ ssh -i my_ec2_private_key.pem ec2-user@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` For more information about connecting to your instance, see [Connect to your Linux instance using an SSH client](connect-linux-inst-ssh.md). 1. If you use an HTTP or HTTPS proxy, you must set the `http_proxy` or `https_proxy` environment variables in the current shell session. If you're not using a proxy, you can skip this step. + For an HTTP proxy server, run the following commands: ``` $ export http_proxy=http://hostname:port $ export https_proxy=http://hostname:port ``` + For an HTTPS proxy server, run the following commands: ``` $ export http_proxy=https://hostname:port $ export https_proxy=https://hostname:port ``` 1. Install the EC2 Instance Connect package on your instance by running the following commands. The EC2 Instance Connect configuration files for RHEL are provided in a Red Hat Package Manager (RPM) package, with different RPM packages for RHEL 8 and RHEL 9 and for instance types that run on Intel/AMD (x86\$164) or ARM (AArch64). Use the command block for your operating system and CPU architecture. + RHEL 8 Intel/AMD (x86\$164) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-2.0.0-5.rhel8.x86_64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` ARM (AArch64) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-2.0.0-5.rhel8.aarch64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` + RHEL 9 Intel/AMD (x86\$164) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-2.0.0-5.rhel9.x86_64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` ARM (AArch64) ``` [ec2-user ~]$ mkdir /tmp/ec2-instance-connect [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-2.0.0-5.rhel9.aarch64.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect.rpm [ec2-user ~]$ curl https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_arm64/ec2-instance-connect-selinux-2.0.0-5.noarch.rpm -o /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm [ec2-user ~]$ sudo yum install -y /tmp/ec2-instance-connect/ec2-instance-connect.rpm /tmp/ec2-instance-connect/ec2-instance-connect-selinux.rpm ``` You should see the following new script in the `/opt/aws/bin/` folder: ``` eic_run_authorized_keys ``` 1. (Optional) Verify that EC2 Instance Connect was successfully installed on your instance. + For RHEL 8: ``` [ec2-user ~]$ sudo less /lib/systemd/system/sshd.service.d/ec2-instance-connect.conf ``` + For RHEL 9: ``` [ec2-user ~]$ sudo less /etc/ssh/sshd_config.d/60-ec2-instance-connect.conf ``` EC2 Instance Connect was successfully installed if the `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` lines contain the following values: ``` AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f AuthorizedKeysCommandUser ec2-instance-connect ``` + `AuthorizedKeysCommand` sets the `eic_run_authorized_keys` script to look up the keys from the instance metadata + `AuthorizedKeysCommandUser` sets the system user as `ec2-instance-connect` **Note** If you previously configured `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, the EC2 Instance Connect installation will not change the values and you will not be able to use EC2 Instance Connect. ------ #### [ Ubuntu ] **To install EC2 Instance Connect on an instance launched with Ubuntu 16.04 or later** 1. Connect to your instance using SSH. Replace the example values in the following command with your values. Use the SSH key pair that was assigned to your instance when you launched it and use the default username of the AMI that you used to launch your instance. For an Ubuntu AMI, the username is `ubuntu`. ``` $ ssh -i my_ec2_private_key.pem ubuntu@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` For more information about connecting to your instance, see [Connect to your Linux instance using an SSH client](connect-linux-inst-ssh.md). 1. (Optional) Ensure your instance has the latest Ubuntu AMI. Run the following commands to update all the packages on your instance. ``` ubuntu:~$ sudo apt-get update ``` ``` ubuntu:~$ sudo apt-get upgrade ``` 1. Install the EC2 Instance Connect package on your instance. ``` ubuntu:~$ sudo apt-get install ec2-instance-connect ``` You should see three new scripts in the `/usr/share/ec2-instance-connect/` folder: ``` eic_curl_authorized_keys eic_parse_authorized_keys eic_run_authorized_keys ``` 1. (Optional) Verify that EC2 Instance Connect was successfully installed on your instance. ``` ubuntu:~$ sudo less /lib/systemd/system/ssh.service.d/ec2-instance-connect.conf ``` EC2 Instance Connect was successfully installed if the `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser` lines contain the following values: ``` AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys %%u %%f AuthorizedKeysCommandUser ec2-instance-connect ``` + `AuthorizedKeysCommand` sets the `eic_run_authorized_keys` script to look up the keys from the instance metadata + `AuthorizedKeysCommandUser` sets the system user as `ec2-instance-connect` **Note** If you previously configured `AuthorizedKeysCommand` and `AuthorizedKeysCommandUser`, the EC2 Instance Connect installation will not change the values and you will not be able to use EC2 Instance Connect. ------ # Connect to a Linux instance using EC2 Instance Connect Connect to an instance The following instructions explain how to connect to your Linux instance using EC2 Instance Connect through the Amazon EC2 console, the AWS CLI, or an SSH client. When you connect to an instance using EC2 Instance Connect through the console or AWS CLI, the EC2 Instance Connect API automatically pushes an SSH public key to the [instance metadata](ec2-instance-metadata.md) where it remains for 60 seconds. An IAM policy attached to your user authorizes this action. If you prefer using your own SSH key, you can use an SSH client and explicitly push your SSH key to the instance using EC2 Instance Connect. **Considerations** After connecting to an instance using EC2 Instance Connect, the connection persists until the SSH session is terminated. The duration of the connection is not determined by the duration of your IAM credentials. If your IAM credentials expire, the connection continues to persist. When using the EC2 Instance Connect console experience, if your IAM credentials expire, terminate the connection by closing the browser page. When using your own SSH client and EC2 Instance Connect to push your key, you can set a SSH timeout value to terminate the SSH session automatically. **Requirements** Before you begin, be sure to review the [prerequisites](ec2-instance-connect-prerequisites.md). **Topics** + [ ## Connect using the Amazon EC2 console ](#ec2-instance-connect-connecting-console) + [ ## Connect using the AWS CLI ](#connect-linux-inst-eic-cli-ssh) + [ ## Connect using your own key and SSH client ](#ec2-instance-connect-connecting-aws-cli) + [ ## Troubleshoot ](#ic-troubleshoot) ## Connect using the Amazon EC2 console You can connect to an instance using EC2 Instance Connect through the Amazon EC2 console. **Requirements** To connect using the Amazon EC2 console, the instance must have either a public IPv4 or IPv6 address. If the instance only has a private IPv4 address, you can use the [ec2-instance-connect AWS CLI](#connect-linux-inst-eic-cli-ssh) to connect. **To connect to your instance using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Connect**. 1. Choose the **EC2 Instance Connect** tab. 1. Choose **Connect using a Public IP**. 1. If there is a choice, select the IP address to connect to. Otherwise, the IP address is selected automatically. 1. For **Username**, verify the username. 1. Choose **Connect** to establish a connection. An in-browser terminal window opens. ## Connect using the AWS CLI You can use the [ec2-instance-connect](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/index.html) AWS CLI to connect to your instance with an SSH client. EC2 Instance Connect attempts to establish a connection using an available IP address in a predefined order, based on the specified connection type. If an IP address isn't available, it automatically tries the next one in the order.Connection types `auto` (default) EC2 Instance Connect tries to connect using the instance's IP addresses in the following order and with the corresponding connection type: 1. Public IPv4: `direct` 1. Private IPv4: `eice` 1. IPv6: `direct` `direct` EC2 Instance Connect tries to connect using the instance's IP addresses in the following order: 1. Public IPv4 1. IPv6 1. Private IPv4 (it does not connect over an EC2 Instance Connect Endpoint) `eice` EC2 Instance Connect tries to connect using the instance's private IPv4 address and an [EC2 Instance Connect Endpoint](connect-with-ec2-instance-connect-endpoint.md). **Note** In the future, we might change the behavior of the `auto` connection type. To ensure that your desired connection type is used, we recommend that you explicitly set the `--connection-type` to either `direct` or `eice`. **Requirements** You must use AWS CLI version 2. For more information, see [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). **To connect to an instance using the instance ID** If you only know the instance ID, and want to let EC2 Instance Connect determine the connection type to use when connecting to your instance, use the [ec2-instance-connect ssh](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/ssh.html) CLI command with the instance ID. ``` aws ec2-instance-connect ssh --instance-id i-1234567890example ``` **To connect to an instance using the instance ID and an EC2 Instance Connect Endpoint** If you want to connect to your instance over an [EC2 Instance Connect Endpoint](connect-with-ec2-instance-connect-endpoint.md), use the preceding command and also specify the `--connection-type` parameter with the `eice` value. ``` aws ec2-instance-connect ssh --instance-id i-1234567890example --connection-type eice ``` **To connect to an instance using the instance ID and your own private key file** If you want to connect to your instance over an EC2 Instance Connect Endpoint using your own private key, specify the instance ID and the path to the private key file. Do not include *file://* in the path; the following example will fail: *file:///path/to/key*. ``` aws ec2-instance-connect ssh --instance-id i-1234567890example --private-key-file /path/to/key.pem ``` **Tip** If you get an error when using these commands, make sure that you're using AWS CLI version 2, because the `ssh` command is only available in this major version. We also recommend regularly updating to the latest minor version of AWS CLI version 2 to access the latest features. For more information, see [About AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html#welcome-versions-v2) in the *AWS Command Line Interface User Guide*. ## Connect using your own key and SSH client You can use your own SSH key and connect to your instance from the SSH client of your choice while using the EC2 Instance Connect API. This enables you to benefit from the EC2 Instance Connect capability to push a public key to the instance. This connection method works for instances with public and private IP addresses. **Requirements** + Requirements for key pairs + Supported types: RSA (OpenSSH and SSH2) and ED25519 + Supported lengths: 2048 and 4096 + For more information, see [Create a key pair using a third-party tool and import the public key to Amazon EC2](create-key-pairs.md#how-to-generate-your-own-key-and-import-it-to-aws). + When connecting to an instance that has only private IP addresses, the local computer from which you are initiating the SSH session must have connectivity to the EC2 Instance Connect service endpoint (to push your SSH public key to the instance) as well as network connectivity to the instance's private IP address to establish the SSH session. The EC2 Instance Connect service endpoint is reachable over the internet or over an Direct Connect public virtual interface. To connect to the instance's private IP address, you can leverage services such as [Direct Connect](https://aws.amazon.com/directconnect/), [AWS Site-to-Site VPN](https://aws.amazon.com/vpn/), or [VPC peering](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html). **To connect to your instance using your own key and any SSH client** 1. **(Optional) Generate new SSH private and public keys** You can generate new SSH private and public keys, `my_key` and `my_key.pub`, using the following command: ``` ssh-keygen -t rsa -f my_key ``` 1. **Push your SSH public key to the instance** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/send-ssh-public-key.html](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/send-ssh-public-key.html) command to push your SSH public key to the instance. If you launched your instance using AL2023 or Amazon Linux 2, the default username for the AMI is `ec2-user`. If you launched your instance using Ubuntu, the default username for the AMI is `ubuntu`. The following example pushes the public key to the specified instance in the specified Availability Zone, to authenticate `ec2-user`. ``` aws ec2-instance-connect send-ssh-public-key \ --region us-west-2 \ --availability-zone us-west-2b \ --instance-id i-001234a4bf70dec41EXAMPLE \ --instance-os-user ec2-user \ --ssh-public-key file://my_key.pub ``` 1. **Connect to the instance using your private key** Use the **ssh** command to connect to the instance using the private key before the public key is removed from the instance metadata (you have 60 seconds before it is removed). Specify the private key that corresponds to the public key, the default username for the AMI that you used to launch your instance, and the instance's public DNS name (if connecting over a private network, specify the private DNS name or IP address). Add the `IdentitiesOnly=yes` option to ensure that only the files in the ssh config and the specified key are used for the connection. ``` ssh -o "IdentitiesOnly=yes" -i my_key ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com ``` The following example uses `timeout 3600` to set your SSH session to terminate after 1 hour. Processes started during the session may continue running on your instance after the session terminates. ``` timeout 3600 ssh -o “IdentitiesOnly=yes” -i my_key ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com ``` ## Troubleshoot If you receive an error while attempting to connect to your instance, see the following: + [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md) + [How do I troubleshoot issues connecting to my EC2 instance using EC2 Instance Connect?](https://repost.aws/knowledge-center/ec2-instance-connect-troubleshooting) # Uninstall EC2 Instance Connect To disable EC2 Instance Connect, connect to your Linux instance and uninstall the `ec2-instance-connect` package that is installed on the OS. If the `sshd` configuration matches what it was set to when you installed EC2 Instance Connect, uninstalling `ec2-instance-connect` also removes the `sshd` configuration. If you modified the `sshd` configuration after installing EC2 Instance Connect, you must update it manually. ------ #### [ Amazon Linux ] You can uninstall EC2 Instance Connect on AL2023 and Amazon Linux 2 2.0.20190618 or later, where EC2 Instance Connect is preconfigured. **To uninstall EC2 Instance Connect on an instance launched using Amazon Linux** 1. Connect to your instance using SSH. Specify the SSH key pair you used for your instance when you launched it and the default username for the AL2023 or Amazon Linux 2 AMI, which is `ec2-user`. For example, the following **ssh** command connects to the instance with the public DNS name `ec2-a-b-c-d.us-west-2.compute.amazonaws.com`, using the key pair `my_ec2_private_key.pem`. ``` $ ssh -i my_ec2_private_key.pem ec2-user@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` 1. Uninstall the `ec2-instance-connect` package using the **yum** command. ``` [ec2-user ~]$ sudo yum remove ec2-instance-connect ``` ------ #### [ Ubuntu ] **To uninstall EC2 Instance Connect on an instance launched using an Ubuntu AMI** 1. Connect to your instance using SSH. Specify the SSH key pair you used for your instance when you launched it and the default username for the Ubuntu AMI, which is `ubuntu`. For example, the following **ssh** command connects to the instance with the public DNS name `ec2-a-b-c-d.us-west-2.compute.amazonaws.com`, using the key pair `my_ec2_private_key.pem`. ``` $ ssh -i my_ec2_private_key.pem ubuntu@ec2-a-b-c-d.us-west-2.compute.amazonaws.com ``` 1. Uninstall the `ec2-instance-connect` package using the **apt-get** command. ``` ubuntu:~$ sudo apt-get remove ec2-instance-connect ``` ------ # Connect to your instances using a private IP address and EC2 Instance Connect Endpoint Connect using a private IP and EC2 Instance Connect Endpoint EC2 Instance Connect Endpoint allows you to connect securely to an instance from the internet, without using a bastion host, or requiring that your virtual private cloud (VPC) has direct internet connectivity. **Benefits** + You can connect to your instances without requiring the instances to have a public IPv4 or IPv6 address. AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the **Public IPv4 Address** tab on the [Amazon VPC pricing page](https://aws.amazon.com/vpc/pricing/). + You can connect to your instances from the internet without requiring that your VPC has direct internet connectivity through an [internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html). + You can control access to the creation and use of the EC2 Instance Connect Endpoints to connect to instances using [ IAM policies and permissions](permissions-for-ec2-instance-connect-endpoint.md). + All attempts to connect to your instances, both successful and unsuccessful, are logged to [CloudTrail](log-ec2-instance-connect-endpoint-using-cloudtrail.md). **Pricing** There is no additional cost for using EC2 Instance Connect Endpoints. If you use an EC2 Instance Connect Endpoint to connect to an instance in a different Availability Zone, there is an [additional charge for data transfer](https://aws.amazon.com/ec2/pricing/on-demand/#Data_Transfer_within_the_same_AWS_Region) across Availability Zones. **Topics** + [ ## How it works ](#how-eice-works) + [ ## Considerations ](#ec2-instance-connect-endpoint-prerequisites) + [Permissions](permissions-for-ec2-instance-connect-endpoint.md) + [Security groups](eice-security-groups.md) + [ # Create an EC2 Instance Connect Endpoint ](create-ec2-instance-connect-endpoints.md) + [ # Modify an EC2 Instance Connect Endpoint ](modify-ec2-instance-connect-endpoint.md) + [ # Delete an EC2 Instance Connect Endpoint ](delete-ec2-instance-connect-endpoint.md) + [Connect to an instance](connect-using-eice.md) + [Log connections](log-ec2-instance-connect-endpoint-using-cloudtrail.md) + [Service-linked role](eice-slr.md) + [Quotas](eice-quotas.md) ## How it works EC2 Instance Connect Endpoint is an identity-aware TCP proxy. The EC2 Instance Connect Endpoint Service establishes a private tunnel from your computer to the endpoint using the credentials for your IAM entity. Traffic is authenticated and authorized before it reaches your VPC. You can [configure additional security group rules](eice-security-groups.md) to restrict inbound traffic to your instances. For example, you can use inbound rules to allow traffic on management ports only from the EC2 Instance Connect Endpoint. You can configure route table rules to allow the endpoint to connect to any instance in any subnet of the VPC. The following diagram shows how a user can connect to their instances from the internet using an EC2 Instance Connect Endpoint. First, create an **EC2 Instance Connect Endpoint** in subnet A. We create a network interface for the endpoint in the subnet, which serves as the entry point for traffic destined to your instances in the VPC. If the route table for subnet B allows traffic from subnet A, then you can use the endpoint to reach instances in subnet B. ![\[Overview of the EC2 Instance Connect Endpoint flow.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ec2-instance-connect-endpoint.png) ## Considerations Before you begin, consider the following. + EC2 Instance Connect Endpoint is intended specifically for management traffic use cases, not for high volume data transfers. High volume data
 transfers are throttled. + You can create an EC2 Instance Connect Endpoint to support traffic to an instance that has a private IPv4 address or IPv6 address. The IP address type of the endpoint must match the IP address of the instance. You can create an endpoint that supports all IP address types. + (Linux instances) If you use your own key pair, you can use any Linux AMI. Otherwise, your instance must have EC2 Instance Connect installed. For information about which AMIs include EC2 Instance Connect and how to install it on other supported AMIs, see [Install EC2 Instance Connect](ec2-instance-connect-set-up.md). + You can assign a security group to an EC2 Instance Connect Endpoint. Otherwise, we use the default security group for the VPC. The security group for an EC2 Instance Connect Endpoint must allow outbound traffic to the destination instances. For more information, see [Security groups for EC2 Instance Connect Endpoint](eice-security-groups.md). + You can configure an EC2 Instance Connect Endpoint to preserve the source IP addresses of clients when routing requests to the instances. Otherwise, the IP address of the network interface becomes the client IP address for all incoming traffic. + If you turn on client IP preservation, the security groups for the instances must allow traffic from the clients. Also, the instances must be in the same VPC as the EC2 Instance Connect Endpoint. + If you turn off client IP preservation, the security groups for the instances must allow traffic from the VPC. This is the default. + Client IP preservation is only supported on IPv4 EC2 Instance Connect Endpoints. To use client IP preservation, the IP address type of the EC2 Instance Connect Endpoint must be IPv4. Client IP preservation is not supported when the IP address type is dual-stack or IPv6. + The following instance types do not support client IP preservation: C1, CG1, CG2, G1, HI1, M1, M2, M3, and T1. If you turn on client IP preservation and attempt to connect to an instance with one of these instance types by using EC2 Instance Connect Endpoint, the connection fails. + Client IP preservation is not supported when traffic is routed through a transit gateway. + When you create an EC2 Instance Connect Endpoint, a service-linked role is automatically created for the Amazon EC2 service in AWS Identity and Access Management (IAM). Amazon EC2 uses the service-linked role to provision network interfaces in your account, which are required when creating EC2 Instance Connect Endpoints. For more information, see [Service-linked role for EC2 Instance Connect Endpoint](eice-slr.md). + You can create only 1 EC2 Instance Connect Endpoint per VPC and per subnet. For more information, see [Quotas for EC2 Instance Connect Endpoint](eice-quotas.md). If you need to create another EC2 Instance Connect Endpoint in a different Availability Zone within the same VPC, you must first delete the existing EC2 Instance Connect Endpoint. Otherwise, you'll receive a quota error. + Each EC2 Instance Connect Endpoint can support up to 20 concurrent connections. + The maximum duration for an established TCP connection is 1 hour (3,600 seconds). You can specify the maximum allowed duration in an IAM policy, which can be up to 3,600 seconds. For more information, see [Permissions to use EC2 Instance Connect Endpoint to connect to instances](permissions-for-ec2-instance-connect-endpoint.md#iam-OpenTunnel). The duration of the connection is not determined by the duration of your IAM credentials. If your IAM credentials expire, the connection continues to persist until the specified maximum duration is reached. When you connect to an instance using the EC2 Instance Connect Endpoint console experience, set **Max tunnel duration (seconds)** to a value that is less than the duration of your IAM credentials. If your IAM credentials expire early, terminate the connection to your instance by closing the browser page. # Grant permissions to use EC2 Instance Connect Endpoint Permissions By default, IAM entities don't have permission to create, describe, or modify EC2 Instance Connect Endpoints. An IAM administrator can create IAM policies that grant the permissions required to perform specific actions on the resources that they need. For information about creating IAM policies, see [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide*. The following example policies show how you can control the permissions that users have to EC2 Instance Connect Endpoints. **Topics** + [ ## Permissions to create, describe, modify, and delete EC2 Instance Connect Endpoints ](#iam-CreateInstanceConnectEndpoint) + [ ## Permissions to use EC2 Instance Connect Endpoint to connect to instances ](#iam-OpenTunnel) + [ ## Permissions to connect only from a specific IP address range ](#iam-sourceip) ## Permissions to create, describe, modify, and delete EC2 Instance Connect Endpoints Permissions to manage endpoints To create and modify an EC2 Instance Connect Endpoint, users require permissions for the following actions: + `ec2:CreateInstanceConnectEndpoint` + `ec2:CreateNetworkInterface` + `ec2:CreateTags` + `ec2:ModifyInstanceConnectEndpoint` + `iam:CreateServiceLinkedRole` To describe and delete EC2 Instance Connect Endpoints, users require permissions for the following actions: + `ec2:DescribeInstanceConnectEndpoints` + `ec2:DeleteInstanceConnectEndpoint` You can create a policy that grants permission to create, describe, modify, and delete EC2 Instance Connect Endpoints in all subnets. Alternatively, you can restrict actions for specified subnets only by specifying the subnet ARNs as the allowed `Resource` or by using the `ec2:SubnetID` condition key. You can also use the `aws:ResourceTag` condition key to explicitly allow or deny endpoint creation with certain tags. For more information, see [Policies and permissions in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the *IAM User Guide*. **Example IAM policy** In the following example IAM policy, the `Resource` section grants permission to create, modify, and delete endpoints in all subnets, specified by the asterisk (`*`). The `ec2:Describe*` API actions do not support resource-level permissions. Therefore, the `*` wildcard is necessary in the `Resource` element. ## Permissions to use EC2 Instance Connect Endpoint to connect to instances Permissions to use an endpoint to connect The `ec2-instance-connect:OpenTunnel` action grants permission to establish a TCP connection to an instance to connect over the EC2 Instance Connect Endpoint. You can specify the EC2 Instance Connect Endpoint to use. Alternatively, a `Resource` with an asterisk (`*`) allows users to use any available EC2 Instance Connect Endpoint. You can also restrict access to instances based on the presence or absence of resource tags as condition keys. **Conditions** + `ec2-instance-connect:remotePort` – The port on the instance that can be used to establish a TCP connection. When this condition key is used, attempting to connect to an instance on any other port other than the port specified in the policy results in a failure. + `ec2-instance-connect:privateIpAddress` – The destination private IP address associated with the instance that you want to establish a TCP connection with. You can specify a single IP address, such as `10.0.0.1/32`, or a range of IPs through CIDRs, such as `10.0.1.0/28`. When this condition key is used, attempting to connect to an instance with a different private IP address or outside the CIDR range results in a failure. + `ec2-instance-connect:maxTunnelDuration` – The maximum duration for an established TCP connection. The unit is seconds and the duration ranges from a minimum of 1 second to a maximum of 3,600 seconds (1 hour). If the condition is not specified, the default duration is set to 3,600 seconds (1 hour). Attempting to connect to an instance for longer than the specified duration in the IAM policy or for longer than the default maximum results in a failure. The connection is disconnected after the specified duration. If `maxTunnelDuration` is specified in the IAM policy and the value specified is less than 3,600 seconds (the default), then you must specify `--max-tunnel-duration` in the command when connecting to an instance. For information about how to connect to an instance, see [Connect to an Amazon EC2 instance using EC2 Instance Connect Endpoint](connect-using-eice.md). You can also grant a user access to establish connections to instances based on the presence of resource tags on the EC2 Instance Connect Endpoint. For more information, see [Policies and permissions in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the *IAM User Guide*. For Linux instances, the `ec2-instance-connect:SendSSHPublicKey` action grants permission to push the public key to an instance. The `ec2:osuser` condition specifies the name of the OS (operating system) user that can push the public key to an instance. Use the [default username for the AMI](connection-prereqs-general.md#connection-prereqs-get-info-about-instance) that you used to launch the instance. For more information, see [Grant IAM permissions for EC2 Instance Connect](ec2-instance-connect-configure-IAM-role.md). **Example IAM policy** The following example IAM policies allow an IAM principal to connect to an instance using only the specified EC2 Instance Connect Endpoint, identified by the specified endpoint ID `eice-123456789abcdef`. The connection is successfully established only if all the conditions are satisfied. **Note** The `ec2:Describe*` API actions do not support resource-level permissions. Therefore, the `*` wildcard is necessary in the `Resource` element. ------ #### [ Linux ] This example evaluates if the connection to the instance is established on —port 22 (SSH), if the private IP address of the instance lies within the range of `10.0.1.0/31` (between `10.0.1.0` and `10.0.1.1`), and the `maxTunnelDuration` is less than or equal to `3600` seconds. The connection is disconnected after `3600` seconds (1 hour). ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [{ "Sid": "EC2InstanceConnect", "Action": "ec2-instance-connect:OpenTunnel", "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1:111122223333:instance-connect-endpoint/eice-123456789abcdef", "Condition": { "NumericEquals": { "ec2-instance-connect:remotePort": "22" }, "IpAddress": { "ec2-instance-connect:privateIpAddress": "10.0.1.0/31" }, "NumericLessThanEquals": { "ec2-instance-connect:maxTunnelDuration": "3600" } } }, { "Sid": "SSHPublicKey", "Effect": "Allow", "Action": "ec2-instance-connect:SendSSHPublicKey", "Resource": "*", "Condition": { "StringEquals": { "ec2:osuser": "ami-username" } } }, { "Sid": "Describe", "Action": [ "ec2:DescribeInstances", "ec2:DescribeInstanceConnectEndpoints" ], "Effect": "Allow", "Resource": "*" } ] } ``` ------ ------ #### [ Windows ] This example evaluates if the connection to the instance is established on port 3389 (RDP), if the private IP address of the instance lies within the range of `10.0.1.0/31` (between `10.0.1.0` and `10.0.1.1`), and the `maxTunnelDuration` is less than or equal to `3600` seconds. The connection is disconnected after `3600` seconds (1 hour). ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [{ "Sid": "EC2InstanceConnect", "Action": "ec2-instance-connect:OpenTunnel", "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1:111122223333:instance-connect-endpoint/eice-123456789abcdef", "Condition": { "NumericEquals": { "ec2-instance-connect:remotePort": "3389" }, "IpAddress": { "ec2-instance-connect:privateIpAddress": "10.0.1.0/31" }, "NumericLessThanEquals": { "ec2-instance-connect:maxTunnelDuration": "3600" } } }, { "Sid": "Describe", "Action": [ "ec2:DescribeInstances", "ec2:DescribeInstanceConnectEndpoints" ], "Effect": "Allow", "Resource": "*" } ] } ``` ------ ------ ## Permissions to connect only from a specific IP address range The following example IAM policy allows an IAM principal to connect to an instance on condition they are connecting from an IP address within the IP address range specified in the policy. If the IAM principal calls `OpenTunnel` from an IP address not within `192.0.2.0/24` (the example IP address range in this policy), the response is `Access Denied`. For more information, see [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceip](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceip) in the *IAM User Guide*. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "ec2-instance-connect:OpenTunnel", "Resource": "arn:aws:ec2:us-east-1:111122223333:instance-connect-endpoint/eice-123456789abcdef", "Condition": { "IpAddress": { "aws:SourceIp": "192.0.2.0/24" }, "NumericEquals": { "ec2-instance-connect:remotePort": "22" } } }, { "Sid": "SSHPublicKey", "Effect": "Allow", "Action": "ec2-instance-connect:SendSSHPublicKey", "Resource": "*", "Condition": { "StringEquals": { "ec2:osuser": "ami-username" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeInstanceConnectEndpoints" ], "Resource": "*" } ] } ``` ------ # Security groups for EC2 Instance Connect Endpoint Security groups A security group controls the traffic that is allowed to reach and leave the resources that it is associated with. For example, we deny traffic to and from an Amazon EC2 instance unless it is specifically allowed by the security groups associated with the instance. The following examples show you how to configure the security group rules for the EC2 Instance Connect Endpoint and the target instances. **Topics** + [ ## EC2 Instance Connect Endpoint security group rules ](#eice-security-group-rules) + [ ## Target instance security group rules ](#resource-security-group-rules) ## EC2 Instance Connect Endpoint security group rules The security group rules for an EC2 Instance Connect Endpoint must allow outbound traffic destined for the target instances to leave the endpoint. You can specify either the instance security group or the IPv4 or IPv6 address range of the VPC as the destination. Traffic to the endpoint originates from the EC2 Instance Connect Endpoint Service, and it is allowed regardless of the inbound rules for the endpoint security group. To control who can use EC2 Instance Connect Endpoint to connect to an instance, use an IAM policy. For more information, see [Permissions to use EC2 Instance Connect Endpoint to connect to instances](permissions-for-ec2-instance-connect-endpoint.md#iam-OpenTunnel). **Example outbound rule: Security group referencing** The following example uses security group referencing, which means that the destination is a security group associated with the target instances. This rule allows outbound traffic from the endpoint to all instances that use this security group. | Protocol | Destination | Port range | Comment | | --- | --- | --- | --- | | TCP | ID of instance security group | 22 | Allows outbound SSH traffic to all instances associated with the instance security group | **Example outbound rule: IPv4 address range** The following example allows outbound traffic to the specified IPv4 address range. The IPv4 addresses of an instance is assigned from its subnet, so you can use the IPv4 address range of the VPC. | Protocol | Destination | Port range | Comment | | --- | --- | --- | --- | | TCP | VPC IPv4 CIDR | 22 | Allows outbound SSH traffic to the VPC | **Example outbound rule: IPv6 address range** The following example allows outbound traffic to the specified IPv6 address range. The IPv6 addresses of an instance is assigned from its subnet, so you can use the IPv6 address range of the VPC. | Protocol | Destination | Port range | Comment | | --- | --- | --- | --- | | TCP | VPC IPv6 CIDR | 22 | Allows outbound SSH traffic to the VPC | ## Target instance security group rules The security group rules for target instances must allow inbound traffic from the EC2 Instance Connect Endpoint. You can specify either the endpoint security group or an IPv4 or IPv6 address range as the source. If you specify an IPv4 address range, the source depends on whether client IP preservation is off or on. For more information, see [Considerations](connect-with-ec2-instance-connect-endpoint.md#ec2-instance-connect-endpoint-prerequisites). Because security groups are stateful, the response traffic is allowed to leave the VPC regardless of the outbound rules for the instance security group. **Example inbound rule: Security group referencing** The following example uses security group referencing, which means that the source is the security group associated with the endpoint. This rule allows inbound SSH traffic from the endpoint to all instances that use this security group, whether client IP preservation is on or off. If there are no other inbound security group rules for SSH, then the instances accept SSH traffic only from the endpoint. | Protocol | Source | Port range | Comment | | --- | --- | --- | --- | | TCP | ID of endpoint security group | 22 | Allows inbound SSH traffic from the resources associated with the endpoint security group | **Example inbound rule: Client IP preservation off** The following example allows inbound SSH traffic from the specified IPv4 address range. Because client IP preservation is off, the source IPv4 address is the address of the endpoint network interface. The address of the endpoint network interface is assigned from its subnet, so you can use the IPv4 address range of the VPC to allow connections to all instances in the VPC. | Protocol | Source | Port range | Comment | | --- | --- | --- | --- | | TCP | VPC IPv4 CIDR | 22 | Allows inbound SSH traffic from the VPC | **Example inbound rule: Client IP preservation on** The following example allows inbound SSH traffic from the specified IPv4 address range. Because client IP preservation is on, the source IPv4 address is the address of the client. | Protocol | Source | Port range | Comment | | --- | --- | --- | --- | | TCP | Public IPv4 address range | 22 | Allows inbound traffic from the specified client IPv4 address range | # Create an EC2 Instance Connect Endpoint You can create an EC2 Instance Connect Endpoint to allow secure connection to your instances. **Considerations** + **Shared subnets** – You can create an EC2 Instance Connect Endpoint in a subnet shared with you. However, you can't use EC2 Instance Connect Endpoints that the VPC owner created in a subnet shared with you. + **IP address types** – EC2 Instance Connect Endpoints support the following address types, which must be compatible with your subnet: + `ipv4` – Connect only to EC2 instances with private IPv4 addresses. + `dualstack` – Connect to EC2 instances with either private IPv4 addresses or IPv6 addresses. + `ipv6` – Connect only to EC2 instances with IPv6 addresses. **Prerequisites** You must have the required IAM permissions to create an EC2 Instance Connect Endpoint. For more information, see [Permissions to create, describe, modify, and delete EC2 Instance Connect Endpoints](permissions-for-ec2-instance-connect-endpoint.md#iam-CreateInstanceConnectEndpoint). ------ #### [ Console ] **To create an EC2 Instance Connect Endpoint** 1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/). 1. In the left navigation pane, choose **Endpoints**. 1. Choose **Create endpoint**, and then specify the endpoint settings as follows: 1. (Optional) For **Name tag**, enter a name for the endpoint. 1. For **Type**, choose **EC2 Instance Connect Endpoint**. 1. Under **Network settings**, for **VPC**, select the VPC that has the target instances. 1. (Optional) To preserve client IP addresses, expand **Additional settings** and select the **Preserve Client IP** check box. Otherwise, the default is to use the endpoint network interface as the client IP address. **Note** This option is only available when the endpoint's IP address type is configured as IPv4. 1. (Optional) For **Security groups**, select the security group to associate with the endpoint. Otherwise, the default is to use the default security group for the VPC. For more information, see [Security groups for EC2 Instance Connect Endpoint](eice-security-groups.md). 1. For **Subnet**, select the subnet in which to create the endpoint. 1. For **IP address type**, choose the IP address type for the endpoint. Choose **Dualstack** if you need to support both IPv4 and IPv6 connections to your instances. Choose **IPv4** if you need to support client IP preservation. 1. (Optional) To add a tag, choose **Add new tag** and enter the tag key and the tag value. 1. Review your settings and then choose **Create endpoint**. The initial status of the endpoint is **Pending**. Before you can connect to an instance using this endpoint, you must wait until the endpoint status is **Available**. This can take a few minutes. 1. To connect to an instance using your endpoint, see [Connect to an instance](connect-using-eice.md). ------ #### [ AWS CLI ] **To create an EC2 Instance Connect Endpoint** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/create-instance-connect-endpoint.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-instance-connect-endpoint.html) command. ``` aws ec2 create-instance-connect-endpoint \ --subnet-id subnet-0123456789example ``` To specify the type of traffic that the endpoint supports, include the `--ip-address-type` parameter. Valid values are `ipv4`, `dualstack`, or `ipv6`. The subnet must support the IP address type that you specify. When the `--ip-address-type` parameter is omitted, the default value is determined by the IP address type supported by the subnet. ``` aws ec2 create-instance-connect-endpoint \ --subnet-id subnet-0123456789example \ --ip-address-type ipv4 ``` The following is example output. ``` { "OwnerId": "111111111111", "InstanceConnectEndpointId": "eice-0123456789example", "InstanceConnectEndpointArn": "arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example", "State": "create-complete", "StateMessage": "", "DnsName": "eice-0123456789example.0123abcd.ec2-instance-connect-endpoint.us-east-1.amazonaws.com", "FipsDnsName": "eice-0123456789example.0123abcd.fips.ec2-instance-connect-endpoint.us-east-1.amazonaws.com", "NetworkInterfaceIds": [ "eni-0123abcd" ], "VpcId": "vpc-0123abcd", "AvailabilityZone": "us-east-1a", "AvailabilityZoneId": "use1-az4", "CreatedAt": "2023-04-07T15:43:53.000Z", "SubnetId": "subnet-0123abcd", "PreserveClientIp": false, "SecurityGroupIds": [ "sg-0123abcd" ], "Tags": [], "IpAddressType": "ipv4" } ``` **To monitor the creation status** The initial value for the `State` field is `create-in-progress`. Before you can connect to an instance using this endpoint, wait until the state is `create-complete`. Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-connect-endpoints.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-connect-endpoints.html) command to monitor the status of the EC2 Instance Connect Endpoint. The `--query` parameter filters the results to the `State` field. ``` aws ec2 describe-instance-connect-endpoints --instance-connect-endpoint-ids eice-0123456789example --query InstanceConnectEndpoints[*].State --output text ``` The following is example output. ``` create-complete ``` ------ #### [ PowerShell ] **To create the EC2 Instance Connect Endpoint** Use the [https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2InstanceConnectEndpoint.html](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2InstanceConnectEndpoint.html) cmdlet. ``` New-EC2InstanceConnectEndpoint -SubnetId subnet-0123456789example ``` To specify the type of traffic that the endpoint supports, include the `-IpAddressType` parameter. Valid values are `ipv4`, `dualstack`, or `ipv6`. The subnet must support the IP address type that you specify. When the `-IpAddressType` parameter is omitted, the default value is determined by the IP address type supported by the subnet. ``` New-EC2InstanceConnectEndpoint -SubnetId subnet-0123456789example -IpAddressType ipv4 ``` The following is example output. ``` OwnerId : 111111111111 InstanceConnectEndpointId : eice-0123456789example InstanceConnectEndpointArn : arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example State : create-complete StateMessage : DnsName : eice-0123456789example.0123abcd.ec2-instance-connect-endpoint.us-east-1.amazonaws.com FipsDnsName : eice-0123456789example.0123abcd.fips.ec2-instance-connect-endpoint.us-east-1.amazonaws.com NetworkInterfaceIds : {eni-0123abcd} VpcId : vpc-0123abcd AvailabilityZone : us-east-1a AvailabilityZoneId : use1-az4 CreatedAt : 4/7/2023 3:43:53 PM SubnetId : subnet-0123abcd PreserveClientIp : False SecurityGroupIds : {sg-0123abcd} Tags : {} IpAddressType : ipv4 ``` **To monitor the creation status** The initial value for the `State` field is `create-in-progress`. Before you can connect to an instance using this endpoint, wait until the state is `create-complete`. Use the [https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceConnectEndpoint.html](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceConnectEndpoint.html) cmdlet to monitor the status of the EC2 Instance Connect Endpoint. `.State.Value` filters the results to the `State` field. ``` (Get-EC2InstanceConnectEndpoint -InstanceConnectEndpointId "eice-0123456789example").State.Value ``` The following is example output. ``` create-complete ``` ------ # Modify an EC2 Instance Connect Endpoint You can modify existing EC2 Instance Connect Endpoints using the AWS CLI or an SDK. The Amazon EC2 console doesn't support endpoint modification. Before you begin, you must have the required IAM permissions. For more information, see [Permissions to create, describe, modify, and delete EC2 Instance Connect Endpoints](permissions-for-ec2-instance-connect-endpoint.md#iam-CreateInstanceConnectEndpoint). ## Parameters you can modify You can modify the following EC2 Instance Connect Endpoint parameters: **Security groups** You can specify new security groups for the EC2 Instance Connect Endpoint. The new security groups replace the current security groups. When modifying the security groups, you must specify: + At least one security group, even if it's just the default security group in the VPC. + The IDs of the security groups, not the names. **IP address type** You can specify a new IP address type for the EC2 Instance Connect Endpoint. Valid values: `ipv4` \$1 `dualstack` \$1 `ipv6` **Preserve client IP setting** You can specify whether to preserve the client IP address as the source. Preserving the client IP is only supported on IPv4 EC2 Instance Connect Endpoints. When enabling `PreserveClientIp`, either the endpoint's existing IP address type must be `ipv4`, or if modifying the IP address type in the same request, the new value must be `ipv4`. ------ #### [ AWS CLI ] **To modify an EC2 Instance Connect Endpoint** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-connect-endpoint.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-connect-endpoint.html) command and specify the EC2 Instance Connect Endpoint and the parameters to modify. The following example modifies all the parameters in a single request. ``` aws ec2 modify-instance-connect-endpoint \ --instance-connect-endpoint-id eice-0123456789example \ --security-group-ids sg-0123456789example \ --ip-address-type dualstack \ --no-preserve-client-ip ``` The following is example output. ``` { "Return": true } ``` **To monitor the update status** During modification, the EC2 Instance Connect Endpoint status changes to `update-in-progress`. The update process runs asynchronously and completes with either an `update-complete` or `update-failed` status. The endpoint uses its old configuration until the status changes to `update-complete`. Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-connect-endpoints.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-connect-endpoints.html) command to monitor the update status. The `--query` parameter filters the results to the `State` field. ``` aws ec2 describe-instance-connect-endpoints \ --instance-connect-endpoint-ids eice-0123456789example \ --query InstanceConnectEndpoints[*].State --output text ``` The following is example output. ``` update-complete ``` ------ #### [ PowerShell ] **To modify an EC2 Instance Connect Endpoint** Use the [https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceConnectEndpoint.html](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceConnectEndpoint.html) cmdlet and specify the EC2 Instance Connect Endpoint and the parameters to modify. The following example modifies all the parameters in a single request. ``` Edit-EC2InstanceConnectEndpoint ` -InstanceConnectEndpointId eice-0123456789example ` -SecurityGroupIds sg-0123456789example ` -IpAddressType dualstack ` -PreserveClientIp $false ``` The following is example output. ``` True ``` **To monitor the update status** During modification, the EC2 Instance Connect Endpoint status changes to `update-in-progress`. The update process runs asynchronously and completes with either an `update-complete` or `update-failed` status. The endpoint uses its old configuration until the status changes to `update-complete`. Use the [https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceConnectEndpoint.html](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceConnectEndpoint.html) command to monitor the update status. `.State.Value` filters the results to the `State` field. ``` (Get-EC2InstanceConnectEndpoint -InstanceConnectEndpointId "eice-0123456789example").State.Value ``` The following is example output. ``` update-complete ``` ------ # Delete an EC2 Instance Connect Endpoint When you are finished with an EC2 Instance Connect Endpoint, you can delete it. You must have the required IAM permissions to create an EC2 Instance Connect Endpoint. For more information, see [Permissions to create, describe, modify, and delete EC2 Instance Connect Endpoints](permissions-for-ec2-instance-connect-endpoint.md#iam-CreateInstanceConnectEndpoint). When you delete an EC2 Instance Connect Endpoint using the console, it enters the **Deleting** state. If deletion is successful, the deleted endpoint no longer appears. If deletion fails, the state is **delete-failed** and **Status message** provides the failure reason. When you delete an EC2 Instance Connect Endpoint using the AWS CLI, it enters the `delete-in-progress` state. If deletion is successful, it enters the `delete-complete` state. If deletion fails, the state is `delete-failed` and `StateMessage` provides the failure reason. ------ #### [ Console ] **To delete an EC2 Instance Connect Endpoint** 1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/). 1. In the left navigation pane, choose **Endpoints**. 1. Select the endpoint. 1. Choose **Actions**, **Delete VPC endpoints**. 1. When prompted for confirmation, enter **delete**. 1. Choose **Delete**. ------ #### [ AWS CLI ] **To delete an EC2 Instance Connect Endpoint** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-instance-connect-endpoint.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-instance-connect-endpoint.html) command and specify the ID of the EC2 Instance Connect Endpoint to delete. ``` aws ec2 delete-instance-connect-endpoint --instance-connect-endpoint-id eice-03f5e49b83924bbc7 ``` The following is example output. ``` { "InstanceConnectEndpoint": { "OwnerId": "111111111111", "InstanceConnectEndpointId": "eice-0123456789example", "InstanceConnectEndpointArn": "arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example", "State": "delete-in-progress", "StateMessage": "", "NetworkInterfaceIds": [], "VpcId": "vpc-0123abcd", "AvailabilityZone": "us-east-1d", "AvailabilityZoneId": "use1-az2", "CreatedAt": "2023-02-07T12:05:37+00:00", "SubnetId": "subnet-0123abcd" } } ``` ------ #### [ PowerShell ] **To delete an EC2 Instance Connect Endpoint** Use the [https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-instance-connect-endpoint.html](https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-instance-connect-endpoint.html) cmdlet and specify the ID of the EC2 Instance Connect Endpoint to delete. ``` Remove-EC2InstanceConnectEndpoint -InstanceConnectEndpointId eice-03f5e49b83924bbc7 ``` The following is example output. ``` @{ InstanceConnectEndpoint = @{ OwnerId = "111111111111" InstanceConnectEndpointId = "eice-0123456789example" InstanceConnectEndpointArn = "arn:aws:ec2:us-east-1:111111111111:instance-connect-endpoint/eice-0123456789example" State = "delete-in-progress" StateMessage = "" NetworkInterfaceIds = @() VpcId = "vpc-0123abcd" AvailabilityZone = "us-east-1d" AvailabilityZoneId = "use1-az2" CreatedAt = "2023-02-07T12:05:37+00:00" SubnetId = "subnet-0123abcd" } } ``` ------ # Connect to an Amazon EC2 instance using EC2 Instance Connect Endpoint Connect to an instance You can use EC2 Instance Connect Endpoint to connect to an Amazon EC2 instance that supports SSH or RDP. **Prerequisites** + You must have the required IAM permission to connect to an EC2 Instance Connect Endpoint. For more information, see [Permissions to use EC2 Instance Connect Endpoint to connect to instances](permissions-for-ec2-instance-connect-endpoint.md#iam-OpenTunnel). + The EC2 Instance Connect Endpoint must be in one of the following states: + **create-complete** for a new endpoint + **update-in-progress**, **update-complete**, or **update-failed** for an existing endpoint being modified. When modifying an endpoint, it continues using its original configuration until the status changes to **update-complete**. If your VPC doesn't have an EC2 Instance Connect Endpoint, you can create one. For more information, see [Create an EC2 Instance Connect Endpoint](create-ec2-instance-connect-endpoints.md). + The EC2 Instance Connect Endpoint IP address type must be compatible with the IP address type of the instance. If your endpoint IP address type is dual-stack, then it can work for both IPv4 and IPv6 addresses. + (Linux instances) To use the Amazon EC2 console to connect to your instance, or to use the CLI to connect and have EC2 Instance Connect handle the ephemeral key, your instance must have EC2 Instance Connect installed. For more information, see [Install EC2 Instance Connect](ec2-instance-connect-set-up.md). + Ensure that the security group of the instance allows inbound SSH traffic from the EC2 Instance Connect Endpoint. For more information, see [Target instance security group rules](eice-security-groups.md#resource-security-group-rules). **Topics** + [ ## Connect to your Linux instance using the Amazon EC2 console ](#connect-using-the-ec2-console) + [ ## Connect to your Linux instance using SSH ](#eic-connect-using-ssh) + [ ## Connect to your Linux instance with its instance ID using the AWS CLI ](#eic-connect-using-cli) + [ ## Connect to your Windows instance using RDP ](#eic-connect-using-rdp) + [ ## Troubleshoot ](#troubleshoot-eice) ## Connect to your Linux instance using the Amazon EC2 console (Linux) Connect using the console You can connect to an instance using the Amazon EC2 console (a browser-based client) as follows. **To connect to your instance using the Amazon EC2 console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance, and then choose **Connect**. 1. Choose the **EC2 Instance Connect** tab. 1. For **Connection type**, choose **Connect using a Private IP**. 1. Choose either **Private IPv4 address** or **IPv6 address**. The options are available based on the IP addresses assigned to your instance. If an option is greyed out, your instance does not have an IP address of that type assigned to it. 1. For **EC2 Instance Connect Endpoint**, choose the ID of the EC2 Instance Connect Endpoint. **Note** The EC2 Instance Connect Endpoint must be compatible with the IP address you chose in the previous step. If your endpoint IP address type is dual-stack, then it can work for both IPv4 and IPv6 addresses. For more information, see [Create an EC2 Instance Connect Endpoint](create-ec2-instance-connect-endpoints.md). 1. For **Username**, if the AMI that you used to launch the instance uses a username other than `ec2-user`, enter the correct username. 1. For **Max tunnel duration (seconds)**, enter the maximum allowed duration for the SSH connection. The duration must comply with any `maxTunnelDuration` condition specified in the IAM policy. If you don't have access to the IAM policy, contact your administrator. 1. Choose **Connect**. This opens a terminal window for your instance. ## Connect to your Linux instance using SSH (Linux) Connect using SSH You can use SSH to connect to your Linux instance, and use the `open-tunnel` command to establish a private tunnel. You can use `open-tunnel` in single connection or multi-connection mode. You can specify your instance ID, a private IPv4 address, or an IPv6 address. For information about using the AWS CLI to connect to your instance using SSH, see [Connect using the AWS CLI](ec2-instance-connect-methods.md#connect-linux-inst-eic-cli-ssh). The following examples use [OpenSSH](https://www.openssh.com/). You can use any other SSH client that supports a proxy mode. ### Single connection **To allow only a single connection to an instance using SSH and the `open-tunnel` command** Use `ssh` and the [https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/open-tunnel.html](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/open-tunnel.html) AWS CLI command as follows. The `-o` proxy command encloses the `open-tunnel` command that creates the private tunnel to the instance. ``` ssh -i my-key-pair.pem ec2-user@i-1234567890abcdef0 \ -o ProxyCommand='aws ec2-instance-connect open-tunnel --instance-id i-1234567890abcdef0' ``` For: + `-i` – Specify the key pair that was used to launch the instance. + `ec2-user@i-1234567890abcdef0` – Specify the username of the AMI that was used to launch the instance, and the instance ID. For instances with an IPv6 address, you must specify the IPv6 address instead of the instance ID. + `--instance-id` – Specify the ID of the instance to connect to. Alternatively, specify `%h`, which extracts the instance ID from the user. For instances with an IPv6 address, replace `--instance-id i-1234567890abcdef0` with `--private-ip-address 2001:db8::1234:5678:1.2.3.4`. ### Multi-connection To allow multiple connections to an instance, first run the [https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/open-tunnel.html](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/open-tunnel.html) AWS CLI command to start listening for new TCP connections, and then use `ssh` to create a new TCP connection and a private tunnel to your instance. **To allow multiple connections to your instance using SSH and the `open-tunnel` command** 1. Run the following command to start listening for new TCP connections on the specified port on your local machine. ``` aws ec2-instance-connect open-tunnel \ --instance-id i-1234567890abcdef0 \ --local-port 8888 ``` Expected output: ``` Listening for connections on port 8888. ``` 1. In a *new terminal window*, run the following `ssh` command to create a new TCP connection and a private tunnel to your instance. ``` ssh -i my-key-pair.pem ec2-user@localhost -p 8888 ``` Expected output – In the *first* terminal window, you'll see the following: ``` [1] Accepted new tcp connection, opening websocket tunnel. ``` You might also see the following: ``` [1] Closing tcp connection. ``` ## Connect to your Linux instance with its instance ID using the AWS CLI (Linux) Connect with the instance ID using the AWS CLI If you only know your instance ID, you can use the [ec2-instance-connect ssh](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/ssh.html) AWS CLI command to connect to your instance using an SSH client. For more information, see [Connect using the AWS CLI](ec2-instance-connect-methods.md#connect-linux-inst-eic-cli-ssh). **Prerequisites** + Install AWS CLI version 2 and configure it using your credentials. For more information, see [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) and [Configure the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) in the *AWS Command Line Interface User Guide*. + Alternatively, open AWS CloudShell and run AWS CLI commands in its pre-authenticated shell. **To connect to an instance using the instance ID and an EC2 Instance Connect Endpoint** If you only know the instance ID, use the [ec2-instance-connect ssh](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/ssh.html) CLI command, and specify the `ssh` command, the instance ID, and the `--connection-type` parameter with the `eice` value to use an EC2 Instance Connect Endpoint. If the instance only has an IPv6 address, you must also include the `--instance-ip` parameter with the IPv6 address. + If the instance has a private IPv4 address (it can also have an IPv6 address) use the following command and parameters: ``` aws ec2-instance-connect ssh \ --instance-id i-1234567890example \ --os-user ec2-user \ --connection-type eice ``` + If the instance only has an IPv6 address, include the `--instance-ip` parameter with the IPv6 address: ``` aws ec2-instance-connect ssh \ --instance-id i-1234567890example \ --instance-ip 2001:db8::1234:5678:1.2.3.4 \ --os-user ec2-user \ --connection-type eice ``` **Tip** If you get an error, make sure that you're using AWS CLI version 2. The `ssh` parameter is only available in AWS CLI version 2. For more information, see [About AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html#welcome-versions-v2) in the *AWS Command Line Interface User Guide*. ## Connect to your Windows instance using RDP (Windows) Connect using RDP You can use Remote Desktop Protocol (RDP) over EC2 Instance Connect Endpoint to connect to a Windows instance without a public IPv4 address or public DNS name. **To connect to your Windows instance using an RDP client** 1. Complete Steps 1 – 8 in [Connect to your Windows instance using RDP](connect-rdp.md). After downloading the RDP desktop file at Step 8, you'll get an **Unable to connect** message, which is to be expected because your instance does not have a public IP address. 1. Run the following command to establish a private tunnel to the VPC in which the instance is located. `--remote-port` must be `3389` because RDP uses port 3389 by default. ``` aws ec2-instance-connect open-tunnel \ --instance-id i-1234567890abcdef0 \ --remote-port 3389 \ --local-port any-port ``` 1. In your **Downloads** folder, find the RDP desktop file that you downloaded, and drag it onto the RDP client window. 1. Right-click the RDP desktop file and choose **Edit**. 1. In the **Edit PC** window, for **PC name** (the instance to connect to), enter `localhost:local-port`, where `local-port` uses the same value as you specified in Step 2, and then choose **Save**. Note that the following screenshot of the **Edit PC** window is from Microsoft Remote Desktop on a Mac. If you are using a Windows client, the window might be different. ![\[The RDP client with the example "localhost:5555" in the PC name field.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ec2-instance-connect-endpoint-rdp.png) 1. In the RDP client, right-click the PC (that you just configured) and choose **Connect** to connect to your instance. 1. At the prompt, enter the decrypted password for the administrator account. ## Troubleshoot Use the following information to help diagnose and fix issues that you might encounter when using EC2 Instance Connect Endpoint to connect an instance. ### Can't connect to your instance The following are common reasons why you might not be able to connect to your instance. + Security groups – Check the security groups assigned to the EC2 Instance Connect Endpoint and your instance. For more information about the required security group rules, see [Security groups for EC2 Instance Connect Endpoint](eice-security-groups.md). + Instance state – Verify that your instance is in the `running` state. + Key pair – If the command you're using to connect requires a private key, verify that your instance has a public key and that you have the corresponding private key. + IAM permissions – Verify that you have the required IAM permissions. For more information, see [Grant permissions to use EC2 Instance Connect Endpoint](permissions-for-ec2-instance-connect-endpoint.md). For more troubleshooting tips for Linux instances, see [Troubleshoot issues connecting to your Amazon EC2 Linux instance](TroubleshootingInstancesConnecting.md). For troubleshooting tips for Windows instances, see [Troubleshoot issues connecting to your Amazon EC2 Windows instance](troubleshoot-connect-windows-instance.md). ### ErrorCode: AccessDeniedException If you receive an `AccessDeniedException` error, and the `maxTunnelDuration` condition is specified in the IAM policy, be sure to specify the `--max-tunnel-duration` parameter when connecting to an instance. For more information about this parameter, see [https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/open-tunnel.html](https://docs.aws.amazon.com/cli/latest/reference/ec2-instance-connect/open-tunnel.html) in the *AWS CLI Command Reference*. # Log connections established over EC2 Instance Connect Endpoint Log connections You can log resource operations and audit connections established over the EC2 Instance Connect Endpoint with AWS CloudTrail logs. For more information about using AWS CloudTrail with Amazon EC2, see [Log Amazon EC2 API calls using AWS CloudTrail](monitor-with-cloudtrail.md). ## Log EC2 Instance Connect Endpoint API calls with AWS CloudTrail Log EC2 Instance Connect Endpoint API calls EC2 Instance Connect Endpoint resource operations are logged to CloudTrail as management events. When the following API calls are made, the activity is recorded as a CloudTrail event in **Event history**: + `CreateInstanceConnectEndpoint` + `DescribeInstanceConnectEndpoints` + `DeleteInstanceConnectEndpoint` You can view, search, and download recent events in your AWS account. For more information, see [Viewing events with CloudTrail Event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html) in the *AWS CloudTrail User Guide*. ## Use AWS CloudTrail to audit users who connect to an instance using EC2 Instance Connect Endpoint Audit users who connect via EC2 Instance Connect Endpoint Connection attempts to instances via EC2 Instance Connect Endpoint are logged in CloudTrail in **Event history**. When a connection to an instance is initiated through an EC2 Instance Connect Endpoint, the connection is logged as a CloudTrail management event with the `eventName` of `OpenTunnel`. You can create Amazon EventBridge rules that route the CloudTrail event to a target. For more information, see the [Amazon EventBridge User Guide](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html). The following is an example of an `OpenTunnel` management event that was logged in CloudTrail. ``` { "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "ABCDEFGONGNOMOOCB6XYTQEXAMPLE", "arn": "arn:aws:iam::1234567890120:user/IAM-friendly-name", "accountId": "123456789012", "accessKeyId": "ABCDEFGUKZHNAW4OSN2AEXAMPLE", "userName": "IAM-friendly-name" }, "eventTime": "2023-04-11T23:50:40Z", "eventSource": "ec2-instance-connect.amazonaws.com", "eventName": "OpenTunnel", "awsRegion": "us-east-1", "sourceIPAddress": "1.2.3.4", "userAgent": "aws-cli/1.15.61 Python/2.7.10 Darwin/16.7.0 botocore/1.10.60", "requestParameters": { "instanceConnectEndpointId": "eici-0123456789EXAMPLE", "maxTunnelDuration": "3600", "remotePort": "22", "privateIpAddress": "10.0.1.1" }, "responseElements": null, "requestID": "98deb2c6-3b3a-437c-a680-03c4207b6650", "eventID": "bbba272c-8777-43ad-91f6-c4ab1c7f96fd", "readOnly": false, "resources": [{ "accountId": "123456789012", "type": "AWS::EC2::InstanceConnectEndpoint", "ARN": "arn:aws:ec2:us-east-1:123456789012:instance-connect-endpoint/eici-0123456789EXAMPLE" }], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "123456789012", "eventCategory": "Management" } ``` # Service-linked role for EC2 Instance Connect Endpoint Service-linked role Amazon EC2 uses AWS Identity and Access Management (IAM) [service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-service-linked-role). A service-linked role is a unique type of IAM role that is linked directly to Amazon EC2. Service-linked roles are predefined by Amazon EC2 and include all the permissions that Amazon EC2 requires to call other AWS services on your behalf. For more information, see [Service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create-service-linked-role.html) in the *IAM User Guide*. ## Service-linked role permissions for EC2 Instance Connect Endpoint Service-linked role permissions Amazon EC2 uses **AWSServiceRoleForEC2InstanceConnect** to create and manage network interfaces in your account that are required by EC2 Instance Connect Endpoint. The **AWSServiceRoleForEC2InstanceConnect** service-linked role trusts the following service to assume the role: + `ec2-instance-connect.amazonaws.com` The **AWSServiceRoleForEC2InstanceConnect** service-linked role uses the following managed policy: + **Ec2InstanceConnectEndpoint** To view the permissions for the managed policy, see [Ec2InstanceConnectEndpoint](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/Ec2InstanceConnectEndpoint.html) in the *AWS Managed Policy Reference*. ## Create a service-linked role for EC2 Instance Connect Endpoint Create a service-linked role You don't need to manually create this service-linked role. When you create an EC2 Instance Connect Endpoint, Amazon EC2 creates the service-linked role for you. ## Edit a service-linked role for EC2 Instance Connect Endpoint Edit a service-linked role EC2 Instance Connect Endpoint doesn't allow you to edit the **AWSServiceRoleForEC2InstanceConnect** service-linked role. ## Delete a service-linked role for EC2 Instance Connect Endpoint Delete a service-linked role If you no longer need to use EC2 Instance Connect Endpoint, we recommend that you delete the **AWSServiceRoleForEC2InstanceConnect** service-linked role. You must delete all EC2 Instance Connect Endpoint resources before you can delete the service-linked role. To delete the service-linked role, see [Delete a service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#id_roles_manage_delete-slr) in the *IAM User Guide*. You must configure permissions to allow an IAM entity (a user, group, or role) to create, edit, or delete a service-linked role. For more information, see [Service-linked role permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create-service-linked-role.html#service-linked-role-permissions) in the *IAM User Guide*. # Quotas for EC2 Instance Connect Endpoint Quotas Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. Your AWS account has the following quotas related to EC2 Instance Connect Endpoint. | Name | Default | Adjustable | | --- | --- | --- | | Maximum number of EC2 Instance Connect Endpoints per AWS account per AWS Region | 5 | No | | Maximum number of EC2 Instance Connect Endpoints per VPC | 1 | No | | Maximum number of EC2 Instance Connect Endpoints per subnet | 1 | No | | Maximum number of concurrent connections per EC2 Instance Connect Endpoint | 20 | No | # Amazon EC2 instance state changes Instance state changes An Amazon EC2 instance transitions through different states from the moment you launch it through to its termination. The following illustration represents the transitions between instance states. ![\[The instance lifecycle.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/instance_lifecycle.png) You can receive notifications when your instances change states. For more information, see [State change events for Amazon EC2 instances](monitoring-instance-state-changes.md). ## Billing by instance state The following table provides a brief description of each instance state and indicates whether instance usage is billed. Some AWS resources, such as Amazon EBS volumes and Elastic IP addresses, incur charges regardless of the instance's state. For more information, see [Avoiding Unexpected Charges](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/checklistforunwantedcharges.html) in the *AWS Billing User Guide*. | Instance state | Description | Instance usage billing | | --- | --- | --- | | `pending` | The instance is preparing to enter the `running` state. An instance enters the `pending` state when it is launched or when it is started after being in the `stopped` state. | Not billed | | `running` | The instance is running and ready for use. | Billed | | `stopping` | The instance is preparing to be stopped. | Not billed If you hibernate an instance, you're billed while the instance is in the `stopping` state. | | `stopped` | The instance is shut down and cannot be used. The instance can be started at any time. | Not billed | | `shutting-down` | The instance is preparing to be terminated. | Not billed | | `terminated` | The instance has been permanently deleted and cannot be started. | Not billed Reserved Instances that applied to terminated instances are billed until the end of their term according to their payment option. For more information, see [Reserved Instances for Amazon EC2 overview](ec2-reserved-instances.md) | ## Pending instances When you launch an instance, it enters the `pending` state. The instance type that you specified at launch determines the hardware of the host computer for your instance. We use the Amazon Machine Image (AMI) you specified at launch to boot the instance. After the instance is ready for you, it enters the `running` state. You can connect to your running instance and use it the way that you'd use a computer sitting in front of you. As soon as your instance transitions to the `running` state, you're billed for each second, with a one-minute minimum, that you keep the instance running, even if the instance remains idle and you don't connect to it. ## Stopped instances If your instance fails a status check or is not running your applications as expected, and if the root volume of your instance is an Amazon EBS volume, you can stop and start your instance to try to fix the problem. When you stop your instance, it enters the `stopping` state, and then the `stopped` state. You are not charged for usage or data transfer fees for your instance when it is `stopped`. Charges are incurred for the storage of any Amazon EBS volumes. While your instance is in the `stopped` state, you can modify certain attributes of the instance, including the instance type. When you start your instance, it enters the `pending` state, and the instance is moved to a new host computer (though in some cases, it remains on the current host). When you stop and start your instance, you lose any data on the instance store volumes attached to the previous host computer. Your instance retains its private IPv4 address, which means that an Elastic IP address associated with the private IPv4 address or network interface remains associated with your instance. If your instance has an IPv6 address, it retains the IPv6 address. Each time you transition an instance from `stopped` to `running`, you are charged per second when the instance is running, with a minimum of one minute per instance start. For more details about stopping and starting an instance, see [Stop and start Amazon EC2 instances](Stop_Start.md). ## Hibernated instances When you hibernate an instance, we signal the operating system to perform hibernation (suspend-to-disk), which saves the contents from the instance memory (RAM) to your Amazon EBS root volume. We persist the instance's Amazon EBS root volume and any attached Amazon EBS data volumes. When you start your instance, the Amazon EBS root volume is restored to its previous state and the RAM contents are reloaded. Previously attached data volumes are reattached and the instance retains its instance ID. When you hibernate your instance, it enters the `stopping` state, and then the `stopped` state. We don't charge usage for a hibernated instance when it is in the `stopped` state, but we do charge while it is in the `stopping` state, unlike when you [stop an instance](#instance-stop-start) without hibernating it. We don't charge usage for data transfer fees, but we do charge for the storage for any Amazon EBS volumes, including storage for the RAM data. When you start your hibernated instance, it enters the `pending` state, and we move the instance to a new host computer (though in some cases, it remains on the current host). Your instance retains its private IPv4 address, which means that an Elastic IP address associated with the private IPv4 address or network interface is still associated with your instance. If your instance has an IPv6 address, it retains its IPv6 address. For more information, see [Hibernate your Amazon EC2 instance](Hibernate.md). ## Rebooting instances You can reboot your instance using the Amazon EC2 console, a command line tool, and the Amazon EC2 API. We recommend that you use Amazon EC2 to reboot your instance instead of running the operating system reboot command from your instance. Rebooting an instance is equivalent to rebooting an operating system. The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes. It typically takes a few minutes for the reboot to complete, but the time it takes to reboot depends on the instance configuration. Rebooting an instance doesn't start a new instance billing period; per second billing continues without a further one-minute minimum charge. For more information, see [Reboot your Amazon EC2 instance](ec2-instance-reboot.md). ## Terminated instances When you've decided that you no longer need an instance, you can terminate it. As soon as the status of an instance changes to `shutting-down` or `terminated`, you stop incurring charges for that instance. If you enable termination protection, you can't terminate the instance using the console, CLI, or API. After you terminate an instance, it remains visible in the console for a short while, and then the entry is automatically deleted. You can also describe a terminated instance using the CLI and API. Resources (such as tags) are gradually disassociated from the terminated instance, therefore may no longer be visible on the terminated instance after a short while. You can't connect to or recover a terminated instance. Each Amazon EBS-backed instance supports the `InstanceInitiatedShutdownBehavior` attribute, which controls whether the instance stops or terminates when you initiate shutdown from within the instance itself (for example, by using the **shutdown** command on Linux). The default behavior is to stop the instance. You can modify the setting of this attribute while the instance is running or stopped. Each Amazon EBS volume supports the `DeleteOnTermination` attribute, which controls whether the volume is deleted or preserved when you terminate the instance it is attached to. The default is to delete the root volume and preserve any other EBS volumes. For more information, see [Terminate Amazon EC2 instances](terminating-instances.md). ## Differences between instance states The following table summarizes the key differences between rebooting, stopping, hibernating, and terminating your instance. | Characteristic | Reboot | Stop/start (Amazon EBS-backed instances only) | Hibernate (Amazon EBS-backed instances only) | Terminate | | --- | --- | --- | --- | --- | | Host computer | The instance stays on the same host computer. | We move the instance to a new host computer (though in some cases, it remains on the current host). | We move the instance to a new host computer (though in some cases, it remains on the current host). | None | | Private IPv4 address | The instance keeps its private IPv4 address. | The instance keeps its private IPv4 address. | The instance keeps its private IPv4 address. | None | | Public IPv4 address | The instance keeps its public IPv4 address. | The instance gets a new public IPv4 address, unless it has a secondary network interface or a secondary private IPv4 address that is associated with an Elastic IP address. | The instance gets a new public IPv4 address, unless it has a secondary network interface or a secondary private IPv4 address that is associated with an Elastic IP address. | None | | Elastic IP address (IPv4) | The Elastic IP address remains associated with the instance | The Elastic IP address remains associated with the instance | The Elastic IP address remains associated with the instance | The Elastic IP address is disassociated from the instance | | IPv6 address | The instance keeps its IPv6 address | The instance keeps its IPv6 address | The instance keeps its IPv6 address | None | | Instance store volumes | The data is preserved | The data is erased | The data is erased | The data is erased | | Root volume | The volume is preserved | The volume is preserved | The volume is preserved | The volume is deleted by default | | RAM (contents of memory) | The RAM is erased | The RAM is erased | The RAM is saved to a file on the root volume | The RAM is erased | | Billing | The instance billing hour doesn't change | You stop incurring charges for an instance as soon as its state changes to `stopping`. Each time an instance transitions from `stopped` to `running`, we start a new instance billing period, billing a minimum of one minute every time you start your instance. | You incur charges while the instance is in the `stopping` state, but stop incurring charges when the instance is in the `stopped` state. Each time an instance transitions from `stopped` to `running`, we start a new instance billing period, billing a minimum of one minute every time you start your instance. | You stop incurring charges for an instance as soon as its state changes to `shutting-down` | Operating system shutdown commands always terminate an instance with an instance store root volume. You can control whether operating system shutdown commands stop or terminate an instance with an EBS root volume. For more information, see [Change instance initiated shutdown behavior](Using_ChangingInstanceInitiatedShutdownBehavior.md). # Stop and start Amazon EC2 instances Stop and start You can stop and start your instance if it has an Amazon EBS volume as its root volume. When you stop an instance, it shuts down. When you start an instance, it is typically migrated to a new underlying host computer and assigned a new public IPv4 address. An instance stop can be user-initiated (where you manually stop the instance) or initiated by AWS (in response to a scheduled stop event when AWS detects irreparable failure of the underlying host for your instance). For user-initiated stops, we recommend using the Amazon EC2 console, CLI, or API instead of running the operating system stop command from your instance. When using Amazon EC2, if the instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard shut down. Furthermore, AWS CloudTrail creates an API record of when your instance was stopped. This topic describes how to perform a user-initiated stop. For information about a stop performed by AWS, see [Manage Amazon EC2 instances scheduled to stop or retire](schedevents_actions_retire.md). When you stop an instance, it is not deleted. If you decide that you no longer need an instance, you can terminate it. For more information, see [Terminate Amazon EC2 instances](terminating-instances.md). If you want to hibernate an instance to save the contents from the instance memory (RAM), see [Hibernate your Amazon EC2 instance](Hibernate.md). For distinctions between instance lifecycle actions, see [Differences between instance states](ec2-instance-lifecycle.md#lifecycle-differences). **Topics** + [How it works](how-ec2-instance-stop-start-works.md) + [ # Methods for stopping an instance ](instance-stop-methods.md) + [Manually stop and start](#starting-stopping-instances) + [Automatically stop and start](#stop-start-ec2-instances-on-a-schedule) + [Find running and stopped instances](#find-running-and-stopped-instances-in-globalview) + [ ## Find the initial and most recent launch times ](#find-initial-launch-time) + [Enable stop protection](ec2-stop-protection.md) # How EC2 instance stop and start works How it works When you stop an Amazon EC2 instance, changes are registered at the operating system (OS) level of the instance, some resources are lost, and some resources persist. When you start an instance, changes are registered at the instance level. **Topics** + [ ## What happens when you stop an instance ](#what-happens-stop) + [ ## What happens when you start an instance ](#what-happens-start) + [ ## Test application response to stop and start ](#test-stop-start-instance) + [ ## Costs related to instance stop and start ](#ec2-stop-start-costs) ## What happens when you stop an instance The following describes what typically happens when you stop an instance using the default stop method. Note that some aspects might vary depending on which [stop method](instance-stop-methods.md) you use. **Changes registered at the OS level** + The API request sends a button press event to the guest. + Various system services are stopped as a result of the button press event. Graceful OS shutdown is triggered by the ACPI shutdown button press event from the hypervisor. + ACPI shutdown is initiated. + The instance shuts down when the graceful OS shutdown process exits. There is no configurable OS shutdown time. + If the instance OS does not cleanly shut down within a few minutes, a hard shutdown is performed. + The instance stops running. + The instance state changes to `stopping` and then `stopped`. + [Auto Scaling] If your instance is in an Auto Scaling group, when the instance is in any Amazon EC2 state other than `running`, or if its status for the status checks becomes `impaired`, Amazon EC2 Auto Scaling considers the instance to be unhealthy and replaces it. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + [Windows instances] When you stop and start a Windows instance, the launch agent performs tasks on the instance, such as changing the drive letters for any attached Amazon EBS volumes. For more information about these defaults and how you can change them, see [Use the EC2Launch v2 agent to perform tasks during EC2 Windows instance launch](ec2launch-v2.md). **Resources lost** + Data stored on the RAM. + Data stored on the instance store volumes. + The public IPv4 address that Amazon EC2 automatically assigned to the instance upon launch or start. To retain a public IPv4 address that never changes, you can associate an [Elastic IP address](elastic-ip-addresses-eip.md) with your instance. **Resources that persist** + Any attached Amazon EBS root and data volumes. + Data stored on the Amazon EBS volumes. + Any attached [network interfaces](using-eni.md). A network interface includes the following resources, which also persist: + Private IPv4 addresses. + IPv6 addresses. + Elastic IP addresses associated with the instance. Note that when the instance is stopped, you are [charged for the associated Elastic IP addresses](elastic-ip-addresses-eip.md#eip-pricing). The following diagram illustrates what persists and what is lost when an EC2 instance is stopped. The diagram is divided into three parts: the first part, labeled **Running EC2 instance**, shows the instance in the `running` state with its resources. The second part, labeled **Stopped EC2 instance**, shows the instance in the `stopped` state with the resources that persist. The third part, labeled **Lost**, shows the resources that are lost when the instance is stopped. ![\[The public IPv4 address, RAM, and instance storage data are lost when an instance is stopped.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/stop-instance.png) For information about what happens when you stop a Mac instance, see [Stop or terminate your Amazon EC2 Mac instance](mac-instance-stop.md). ## What happens when you start an instance + In most cases, the instance is migrated to a new underlying host computer (though in some cases, such as when an instance is allocated to a host in a [Dedicated Host](dedicated-hosts-understanding.md) configuration, it remains on the current host). + The associated EBS volumes and network interfaces are reattached to the instance. + Amazon EC2 assigns a new public IPv4 address to the instance if the instance is configured to receive a public IPv4 address, unless it has a secondary network interface or a secondary private IPv4 address that is associated with an Elastic IP address. + If you stop an instance in a placement group and then start it again, it still runs in the placement group. However, the start fails if there isn't enough capacity for the instance. If you receive a capacity error when starting an instance in a placement group that already has running instances, stop all the instances in the placement group and start them all again. Starting the instances may migrate them to hardware that has capacity for all of the requested instances. ## Test application response to stop and start Test application response You can use AWS Fault Injection Service to test how your application responds when your instance is stopped and started. For more information, see the [AWS Fault Injection Service User Guide](https://docs.aws.amazon.com/fis/latest/userguide/what-is.html). ## Costs related to instance stop and start Related costs The following costs are associated with stopping and starting an instance. **Stopping** – As soon as the state of an instance changes to `shutting-down` or `terminated`, charges are no longer incurred for the instance. You are not charged for usage or data transfer fees for a stopped instance. Charges are incurred to store Amazon EBS storage volumes. **Starting** – Each time you start a stopped instance, you are charged for a minimum of one minute of usage. After one minute, you are charged for only the seconds you use. For example, if you run an instance for 20 seconds and then stop it, you are charged for a minute of usage. If you run an instance for 3 minutes and 40 seconds, you are charged for 3 minutes and 40 seconds of usage. # Methods for stopping an instance There are four ways to perform a user-initiated stop: default stop, stop with skip OS shutdown, force stop, and force stop with skip OS shutdown. The following table compares the key differences between the stop methods: | Stop method | Key purpose | Use case | CLI command | | --- | --- | --- | --- | | Default stop | Normal instance shutdown with attempted graceful OS shutdown. | Typical instance stop. | 
aws ec2 stop-instances \
--instance-id i-1234567890abcdef0
| | Stop with skip OS shutdown | Bypasses the graceful OS shutdown when stopping an instance. | When bypassing graceful OS shutdown is required. | 
aws ec2 stop-instances \
--instance-id i-1234567890abcdef0 \
--skip-os-shutdown
| | Force stop | Handles stuck instances. Attempts a default stop first; if instance fails to stop, then forcibly stops the instance. | When instance is stuck in stopping state. | 
aws ec2 stop-instances \
--instance-id i-1234567890abcdef0 \
--force
| | Force stop with skip OS shutdown | Force stops and bypasses the graceful OS shutdown when stopping an instance. | When force stop and bypassing graceful OS shutdown is required. | 
aws ec2 stop-instances \
--instance-id i-1234567890abcdef0 \
--force \
--skip-os-shutdown
| For instructions on how to use each method, see the following: + [Stop an instance with a graceful OS shutdown](Stop_Start.md#stop-instance-with-graceful-os-shutdown) + [Stop an instance and bypass the graceful OS shutdown](Stop_Start.md#stop-instance-bypass-graceful-os-shutdown) + [Force stop an instance](TroubleshootingInstancesStopping.md#force-stop-instance) **Topics** + [ ## Default stop ](#ec2-instance-default-stop) + [ ## Stop with skip OS shutdown ](#ec2-instance-stop-with-skip-os-shutdown) + [ ## Force stop ](#ec2-instance-force-stop) + [ ## Force stop with skip OS shutdown ](#ec2-instance-force-stop-with-skip-os-shutdown) The following sections provide more detailed information about the four different user-initiated stop methods. ## Default stop The default stop method is the standard way to stop an instance. When you issue the StopInstances command, the instance transitions from the `running` state, to `stopping`, and finally to `stopped`, as illustrated by the following diagram: ![\[Default stop flow\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/stop-instance-flow-1.png) **Purpose:** Normal instance shutdown with attempted graceful OS shutdown. **Data impact:** Preserves data on the EBS root volume and data volumes. Loses data on the instance store volume. **When to use:** First stop attempt for typical stops. **Note** If you've already attempted a stop with skip OS shutdown, a subsequent default stop attempt during the same state transition session will not perform a graceful OS shutdown. Bypassing the graceful OS shutdown is irreversible for the instance's current session. ## Stop with skip OS shutdown When bypassing the graceful OS shutdown is required, the stop with skip OS shutdown method can be used to stop an instance and bypass the graceful OS shutdown, as illustrated by the following diagram: ![\[Stop with skip OS shutdown flow\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/stop-instance-flow-3.png) **Warning** Bypassing the graceful OS shutdown might result in data loss or corruption (for example, memory contents not flushed to disk or loss of in-flight IOs) or skipped shutdown scripts. **Purpose:** Bypass the graceful OS shutdown when stopping an instance. **Data impact:** Might result in data loss or corruption. Contents of memory might not be flushed to disk and in-flight IOs might be lost. Might skip shutdown scripts. **When to use:** When bypassing the graceful OS shutdown is required. If used while a default stop with graceful OS shutdown is in progress, the graceful OS shutdown will be bypassed. **Note** Bypassing the graceful OS shutdown is irreversible for the instance's current state transition session. A subsequent default stop attempt during this session will not attempt a graceful OS shutdown. ## Force stop The force stop method is used to handle instances that are stuck in the `stopping` state. An instance typically becomes stuck due to an underlying hardware issue (indicated by a failed [system status check](monitoring-system-instance-status-check.md#system-status-checks)). The force stop method first attempts a default stop. If the instance remains stuck in the `stopping` state, the `force` parameter forcibly shuts down the instance and transitions the instance to the `stopped` state, as indicated by the following diagram: ![\[Force stop flow\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/stop-instance-flow-2.png) **Purpose:** Handles instances stuck in the `stopping` state. Attempts a default stop first. If the instance fails to stop, then forcibly shuts down the instance. **Data impact:** Attempts a default stop first, but if force stop goes ahead, then might cause data loss or corruption. In rare cases, results in post-stop writes to EBS volumes or other shared resources. **When to use:** Second stop attempt when an instance remains stuck after a default stop. For more information, see [Troubleshoot Amazon EC2 instance stop issues](TroubleshootingInstancesStopping.md). ## Force stop with skip OS shutdown When force stopping and bypassing the graceful OS shutdown is required, the force stop with skip OS shutdown method can be used to bring an instance to the `stopped` state, as illustrated in the following diagram: ![\[Force stop with skip OS shutdown flow\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/stop-instance-flow-4.png) **Purpose:** Combines force stop with bypassing a graceful OS shutdown when stopping an instance. **Data impact:** Skip OS shutdown might result in data loss or corruption. Contents of memory might not be flushed to disk and in-flight IOs might be lost. Might skip shutdown scripts. If force stop goes ahead, then might cause additional data loss or corruption. In rare cases, results in post-stop writes to the EBS volumes or other shared resources. **When to use:** When you want to be sure that your instance will stop and you want to bypass the graceful OS shutdown. If used while a default stop with graceful OS shutdown is in progress, the graceful OS shutdown will be bypassed. ## Manually stop and start your instances Manually stop and start You can stop and start your Amazon EBS-backed instances (instances with EBS root volumes). You can't stop and start instances with an instance store root volume. When using the default method to stop an instance, a graceful operating system (OS) shutdown is attempted. You can bypass the graceful OS shutdown; however, this might risk data integrity. **Warning** When you stop an instance, the data on any instance store volumes is erased. Before you stop an instance, verify that you've copied any data that you need from the instance store volumes to persistent storage, such as Amazon EBS or Amazon S3. [Linux instances] Using the OS **halt** command from an instance does not initiate a shutdown. If you use the **halt** command, the instance does not terminate; instead, it places the CPU into `HLT`, which suspends CPU operation. The instance remains running. You can initiate a shutdown using the OS **shutdown** or **poweroff** commands. When you use an OS command, the instance stops by default. You can change this behavior. For more information, see [Change instance initiated shutdown behavior](Using_ChangingInstanceInitiatedShutdownBehavior.md). **Note** If you stopped an Amazon EBS-backed instance and it appears "stuck" in the `stopping` state, you can forcibly stop it. For more information, see [Troubleshoot Amazon EC2 instance stop issues](TroubleshootingInstancesStopping.md). **Topics** + [ ### Stop an instance with a graceful OS shutdown ](#stop-instance-with-graceful-os-shutdown) + [ ### Stop an instance and bypass the graceful OS shutdown ](#stop-instance-bypass-graceful-os-shutdown) + [ ### Start an instance ](#start-ec2-instance) ### Stop an instance with a graceful OS shutdown You can stop an instance using the default stop method, which includes an attempt at a graceful OS shutdown. For more information, see [Default stop](instance-stop-methods.md#ec2-instance-default-stop). ------ #### [ Console ] **To stop an instance using the default stop method** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances**, and then select the instance. 1. Choose **Instance state**, **Stop instance**. If this option is disabled, either the instance is already stopped or its root volume is an instance store volume. 1. When prompted for confirmation, choose **Stop**. It can take a few minutes for the instance to stop. ------ #### [ AWS CLI ] **To stop an instance using the default stop method** Use the [stop-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/stop-instances.html) command. ``` aws ec2 stop-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To stop an instance using the default stop method** Use the [Stop-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2Instance.html) cmdlet ``` Stop-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ ### Stop an instance and bypass the graceful OS shutdown You can bypass the graceful OS shutdown when stopping an instance. For more information, see [Stop with skip OS shutdown](instance-stop-methods.md#ec2-instance-stop-with-skip-os-shutdown). **Warning** Bypassing the graceful OS shutdown might result in data loss or corruption (for example, memory contents not flushed to disk or loss of in-flight IOs) or skipped shutdown scripts. ------ #### [ Console ] **To stop an instance and bypass the graceful OS shutdown** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances** and select the instance. 1. Choose **Instance state**, **Stop instance**. 1. Under **Skip OS shutdown**, select the **Skip OS shutdown** checkbox. If you don't see this option in the console, it's not yet available in the console in the current Region. You can, however, access this feature using the AWS CLI or SDK, or try another Region in the console. 1. Choose **Stop**. ------ #### [ AWS CLI ] **To stop an instance and bypass the graceful OS shutdown** Use the [stop-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/stop-instances.html) command with `--skip-os-shutdown`. ``` aws ec2 stop-instances \ --instance-ids i-1234567890abcdef0 \ --skip-os-shutdown ``` ------ #### [ PowerShell ] **To stop an instance and bypass the graceful OS shutdown** Use the [Stop-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2Instance.html) cmdlet with `-SkipOsShutdown $true`. ``` Stop-EC2Instance ` -InstanceId i-1234567890abcdef0 ` -SkipOsShutdown $true ``` ------ ### Start an instance You can start a stopped instance. ------ #### [ Console ] **To start an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances**. 1. Select the instance, and choose **Instance state**, **Start instance**. It can take a few minutes for the instance to enter the `running` state. ------ #### [ AWS CLI ] **To start an instance** Use the [start-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/start-instances.html) command. ``` aws ec2 start-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To start an instance** Use the [Start-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Start-EC2Instance.html) cmdlet. ``` Start-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ ## Automatically stop and start your instances Automatically stop and start You can automate stopping and starting instances with the following services: **Instance Scheduler on AWS** You can use Instance Scheduler on AWS to automate the starting and stopping of EC2 instances. For more information, see [How do I use Instance Scheduler with CloudFormation to schedule EC2 instances?](https://repost.aws/knowledge-center/stop-start-instance-scheduler) Note that [additional charges apply](https://docs.aws.amazon.com/solutions/latest/instance-scheduler-on-aws/cost.html). **AWS Lambda and an Amazon EventBridge rule** You can use Lambda and an EventBridge rule to stop and start your instances on a schedule. For more information, see [How do I use Lambda to stop and start Amazon EC2 instances at regular intervals?](https://repost.aws/knowledge-center/start-stop-lambda-eventbridge) **Amazon EC2 Auto Scaling** To ensure you have the correct number of Amazon EC2 instances available to handle the load for an application, create Auto Scaling groups. Amazon EC2 Auto Scaling ensures that your application always has the right capacity to handle the traffic demand, and saves costs by launching instances only when they are needed. Note that Amazon EC2 Auto Scaling terminates, rather than stops, unneeded instances. To set up Auto Scaling groups, see [Get started with Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/get-started-with-ec2-auto-scaling.html). ## Find all running and stopped instances Find running and stopped instances You can find all of your running and stopped instances across all AWS Regions on a single page using [Amazon EC2 Global View](https://console.aws.amazon.com/ec2globalview/home). This capability is especially useful for taking inventory and finding forgotten instances. For information about how to use Global View, see [View resources across Regions using AWS Global View](global-view.md). Alternatively, you can run a command or cmdlet in each Region where you have instances. ------ #### [ AWS CLI ] **To get the number of EC2 instances in a Region** Use the following [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command to count the instances in the current Region. You must run this command in each Region where you have instances. ``` aws ec2 describe-instances \ --region us-east-2 \ --query "length(Reservations[].Instances[])" ``` The following is example output. ``` 27 ``` **To get summary info about your EC2 instances in a Region** Use the following [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. You must run this command in each Region where you have instances. ``` aws ec2 describe-instances \ --region us-east-2 \ --query "Reservations[].Instances[].[InstanceId,InstanceType,PrivateIpAddress]" \ --output table ``` The following is example output. ``` --------------------------------------------------------- | DescribeInstances | +---------------------+---------------+-----------------+ | i-0e3e777f4362f1bf7| t2.micro | 10.0.12.9 | | i-09453945dcf1529e9| t2.micro | 10.0.143.213 | | i-08fd74f3f1595fdbd| m7i.4xlarge | 10.0.1.103 | +---------------------+---------------+-----------------+ ``` ------ #### [ PowerShell ] **To get the number of EC2 instances in a Region** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance -Region us-east-2).Instances.Length ``` The following is example output. ``` 27 ``` **To get summary info about your EC2 instances in a Region** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. You must run this command in each Region where you have instances. ``` (Get-EC2Instance).Instances | Select InstanceId, InstanceType, PrivateIpAddress ``` The following is example output. ``` InstanceId InstanceType PrivateIpAddress ---------- ------------ ---------------- i-0e3e777f4362f1bf7 t2.micro 10.0.12.9 i-09453945dcf1529e9 t2.micro 10.0.143.213 i-08fd74f3f1595fdbd m7i.4xlarge 10.0.1.103 ``` ------ ## Find the initial and most recent launch times When you describe an instance, the launch time for the instance is its most recent launch time. After you stop and start an instance, the launch time reflects the new instance start time. To find the initial launch time for an instance, even after stopping and starting it, view the time at which the primary network interface was attached to the instance. ------ #### [ Console ] **To find the most recent launch time** Select the instance and find **Launch time** under **Instance details** on the **Details** tab. **To find the initial launch time** Select the instance and find the primary network interface (device index is 0) under **Network interfaces** on the **Networking** tab. ------ #### [ AWS CLI ] **To find the initial and most recent launch times** Use the following [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command to display both the initial launch time and the most recent launch time for the specified instance. ``` aws ec2 describe-instances \ --instance-id i-1234567890abcdef0 \ --query 'Reservations[].Instances[].{InstanceID:InstanceId,InitialLaunch:NetworkInterfaces[0].Attachment.AttachTime,LastLaunch:LaunchTime}' ``` The following is example output. ``` [ { "InstanceID": "i-1234567890abcdef0", "InitialLaunch": "2024-04-19T00:47:08+00:00", "LastLaunch": "2024-05-27T06:24:06+00:00" } ] ``` ------ #### [ PowerShell ] **To find the most recent launch time** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance -InstanceId i-1234567890abcdef0).Instances.LaunchTime ``` The following is example output. ``` Monday, May 27, 2024 6:24:06 AM ``` **To find the initial launch time** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance -InstanceId i-1234567890abcdef0).Instances.NetworkInterfaces.Attachment.AttachTime ``` The following is example output. ``` Friday, April 19, 2024 12:47:08 AM ``` ------ # Enable stop protection for your EC2 instances Enable stop protection To prevent an instance from being accidentally stopped, you can enable stop protection for the instance. Stop protection also protects your instance from accidental termination. The `DisableApiStop` attribute of the Amazon EC2 [https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html) API controls whether the instance can be stopped by using the Amazon EC2 console, the AWS CLI, or the Amazon EC2 API. You can set the value of this attribute when you launch the instance, while the instance is running, or while the instance is stopped. **Considerations** + Enabling stop protection does not prevent you from accidentally stopping an instance by initiating a shutdown from the instance using an operating system command such as **shutdown** or **poweroff**. + Enabling stop protection does not prevent AWS from stopping the instance when there is a [scheduled event](monitoring-instances-status-check_sched.md) to stop the instance. + Enabling stop protection does not prevent Amazon EC2 Auto Scaling from terminating an instance when the instance is unhealthy or during scale-in events. You can control whether an Auto Scaling group can terminate a particular instance when scaling in by using [instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html). + Stop protection not only prevents your instance from being accidentally stopped, but also from accidental termination when using the console, AWS CLI, or API. However, it does not automatically set the `DisableApiTermination` attribute. Note that when the `DisableApiStop` attribute is set to `false`, the `DisableApiTermination` attribute setting determines whether the instance can be terminated using the console, AWS CLI, or API. For more information see [Terminate Amazon EC2 instances](terminating-instances.md). + You can't enable stop protection for an instance with an instance store root volume. + You can't enable stop protection for Spot Instances. + The Amazon EC2 API follows an eventual consistency model when you enable or disable stop protection. This means that the result of running commands to set the stop protection attribute might not be immediately visible to all subsequent commands you run. For more information, see [Eventual consistency](https://docs.aws.amazon.com/ec2/latest/devguide/eventual-consistency.html) in the *Amazon EC2 Developer Guide*. **Topics** + [ ## Enable stop protection for an instance at launch ](#enable-stop-protection-at-launch) + [ ## Enable stop protection for a running or stopped instance ](#enable-stop-protection-on-running-or-stopped-instance) + [ ## Disable stop protection for a running or stopped instance ](#disable-stop-protection-on-running-or-stopped-instance) ## Enable stop protection for an instance at launch You can enable stop protection for an instance when launching the instance. ------ #### [ Console ] **To enable stop protection for an instance at launch** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the dashboard, choose **Launch instance**. 1. Configure your instance in the [new launch instance wizard](ec2-launch-instance-wizard.md). 1. In the wizard, enable stop protection by choosing **Enable** for **Stop protection** under **Advanced details**. ------ #### [ AWS CLI ] **To enable stop protection for an instance at launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to launch the instance. Add the following parameter. ``` --disable-api-stop ``` ------ #### [ PowerShell ] **To enable stop protection for an instance at launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet to launch the instance. Add the following parameter. ``` -DisableApiStop $true ``` ------ ## Enable stop protection for a running or stopped instance You can enable stop protection for an instance while the instance is running or stopped. ------ #### [ Console ] **To enable stop protection for an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances**. 1. Select the instance, and then choose **Actions**>**Instance settings**>**Change stop protection**. 1. Select the **Enable** checkbox, and then choose **Save**. ------ #### [ AWS CLI ] **To enable stop protection for an instance** Use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --disable-api-stop ``` ------ #### [ PowerShell ] **To enable stop protection for an instance** Use the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet. ``` Edit-EC2InstanceAttribute ` -InstanceId i-1234567890abcdef0 ` -DisableApiStop $true ``` ------ ## Disable stop protection for a running or stopped instance You can disable stop protection for a running or stopped instance using one of the following methods. ------ #### [ Console ] **To disable stop protection for a running or stopped instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instances**. 1. Select the instance, and then choose **Actions**, **Instance settings**, **Change stop protection**. 1. Clear the **Enable** checkbox, and then choose **Save**. ------ #### [ AWS CLI ] **To disable stop protection for a running or stopped instance** Use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --no-disable-api-stop ``` ------ #### [ PowerShell ] **To disable stop protection for an instance** Use the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet. ``` Edit-EC2InstanceAttribute ` -InstanceId i-1234567890abcdef0 ` -DisableApiStop $false ``` ------ # Hibernate your Amazon EC2 instance Hibernate When you hibernate an instance, Amazon EC2 signals the operating system to perform hibernation (suspend-to-disk). Hibernation saves the contents from the instance memory (RAM) to your Amazon Elastic Block Store (Amazon EBS) root volume. Amazon EC2 persists the instance's EBS root volume and any attached EBS data volumes. When your instance is started: + The EBS root volume is restored to its previous state + The RAM contents are reloaded + The processes that were previously running on the instance are resumed + Previously attached data volumes are reattached and the instance retains its instance ID You can hibernate an instance only if it's [enabled for hibernation](enabling-hibernation.md) and it meets the [hibernation prerequisites](hibernating-prerequisites.md). If an instance or application takes a long time to bootstrap and build a memory footprint in order to become fully productive, you can use hibernation to pre-warm the instance. To pre-warm the instance, you: 1. Launch it with hibernation enabled. 1. Bring it to a desired state. 1. Hibernate it so that it's ready to be resumed to the desired state whenever needed. You're not charged for instance usage for a hibernated instance when it is in the `stopped` state or for data transfer when the contents of the RAM are transferred to the EBS root volume. You are charged for storage of any EBS volumes, including storage for the RAM contents. If you no longer need an instance, you can terminate it at any time, including when it is in a `stopped` (hibernated) state. For more information, see [Terminate Amazon EC2 instances](terminating-instances.md). **Topics** + [How it works](instance-hibernate-overview.md) + [Prerequisites](hibernating-prerequisites.md) + [ # Configure a Linux AMI to support hibernation ](hibernation-enabled-AMI.md) + [Enable instance hibernation](enabling-hibernation.md) + [ # Disable KASLR on an instance (Ubuntu only) ](hibernation-disable-kaslr.md) + [Hibernate an instance](hibernating-instances.md) + [Start a hibernated instance](hibernating-resuming.md) + [Troubleshoot](troubleshoot-instance-hibernate.md) # How Amazon EC2 instance hibernation works How it works The following diagram shows a basic overview of the hibernation process for EC2 instances. ![\[Overview of the hibernation flow.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/hibernation-flow.png) ## What happens when you hibernate an instance When you hibernate an instance, the following happens: + The instance moves to the `stopping` state. Amazon EC2 signals the operating system to perform hibernation (suspend-to-disk). The hibernation freezes all of the processes, saves the contents of the RAM to the EBS root volume, and then performs a regular shutdown. + After the shutdown is complete, the instance moves to the `stopped` state. + Any EBS volumes remain attached to the instance, and their data persists, including the saved contents of the RAM. + Any Amazon EC2 instance store volumes remain attached to the instance, but the data on the instance store volumes is lost. + In most cases, the instance is migrated to a new underlying host computer when it's started. This is also what happens when you stop and start an instance. + When the instance is started, the instance boots up and the operating system reads in the contents of the RAM from the EBS root volume, before unfreezing processes to resume its state. + The instance retains its private IPv4 addresses and any IPv6 addresses. When the instance is started, the instance continues to retain its private IPv4 addresses and any IPv6 addresses. + Amazon EC2 releases the public IPv4 address. When the instance is started, Amazon EC2 assigns a new public IPv4 address to the instance. + The instance retains its associated Elastic IP addresses. You're charged for any Elastic IP addresses that are associated with a hibernated instance. For information about how hibernation differs from reboot, stop, and terminate, see [Differences between instance states](ec2-instance-lifecycle.md#lifecycle-differences). ## Limitations + When you hibernate an instance, the data on any instance store volumes is lost. + (Linux instances) You can't hibernate a Linux instance that has more than 150 GiB of RAM. + (Windows instances) You can't hibernate a Windows instance that has more than 16 GiB of RAM. + While your instance is hibernated, you can't modify it. This is different to a stopped instance that isn't hibernated, where you can modify certain attributes, such as the instance type or size. + If you create a snapshot or AMI from an instance that is hibernated or has hibernation enabled, you might not be able to connect to a new instance that is launched from the AMI or from an AMI that was created from the snapshot. + (Spot Instances only) If Amazon EC2 hibernates your Spot Instance, only Amazon EC2 can resume your instance. If you hibernate your Spot Instance ([user-initiated hibernation](hibernating-instances.md)), you can resume your instance. A hibernated Spot Instance can only be resumed if capacity is available and the Spot price is less than or equal to your specified maximum price. + You can't hibernate an instance that is in an Auto Scaling group or used by Amazon ECS. If your instance is in an Auto Scaling group and you try to hibernate it, the Amazon EC2 Auto Scaling service marks the stopped instance as unhealthy, and might terminate it and launch a replacement instance. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + You can't hibernate an instance that is configured to boot in UEFI mode with [UEFI Secure Boot](uefi-secure-boot.md) enabled. + If you hibernate an instance that was launched into a Capacity Reservation, the Capacity Reservation does not ensure that the hibernated instance can resume after you try to start it. + You can’t hibernate an instance that uses a kernel below 5.10 if Federal Information Processing Standard (FIPS) mode is enabled. + We do not support keeping an instance hibernated for more than 60 days. To keep the instance for longer than 60 days, you must start the hibernated instance, stop the instance, and start it. + We constantly update our platform with upgrades and security patches, which can conflict with existing hibernated instances. We notify you about critical updates that require a start for hibernated instances so that we can perform a shutdown or a reboot to apply the necessary upgrades and security patches. ## Considerations for hibernating a Spot Instance + If *you* hibernate your Spot Instance, you can restart it provided capacity is available and the Spot price is less than or equal to your specified maximum price. + If *Amazon EC2* hibernates your Spot Instance: + Only Amazon EC2 can resume your instance. + Amazon EC2 resumes the hibernated Spot Instance when capacity becomes available with a Spot price that is less than or equal to your specified maximum price. + Before Amazon EC2 hibernates your Spot Instance, you'll receive an interruption notice two minutes before hibernation starts. For more information, see [Spot Instance interruptions](spot-interruptions.md). # Prerequisites for EC2 instance hibernation Prerequisites You can enable hibernation support for an On-Demand Instance or a Spot Instance when you launch it. You can't enable hibernation on an existing instance, whether it is running or stopped. For more information, see [Enable instance hibernation](enabling-hibernation.md). **Topics** + [ ## AWS Regions ](#hibernation-prereqs-regions) + [ ## AMIs ](#hibernation-prereqs-supported-amis) + [ ## Instance families ](#hibernation-prereqs-supported-instance-families) + [ ## Instance RAM size ](#instance-ram-size) + [ ## Root volume type ](#hibernation-prereqs-root-volume-type) + [ ## Root volume size ](#hibernation-prereqs-ebs-root-volume-size) + [ ## Root volume encryption ](#hibernation-prereqs-ebs-root-volume-encryption) + [ ## EBS volume type ](#hibernation-prereqs-ebs-volume-types) + [ ## Spot Instance requests ](#hibernation-prereqs-spot-request) ## AWS Regions You can use hibernation with instances in all AWS Regions. ## AMIs You must use an HVM AMI that supports hibernation. The following AMIs support hibernation: ### Linux AMIs **AMIs for Intel and AMD instance types** + AL2023 AMI released 2023.09.20 or later ¹ + Amazon Linux 2 AMI released 2019.08.29 or later + Amazon Linux AMI 2018.03 released 2018.11.16 or later + CentOS version 8 AMI ² ([Additional configuration](hibernation-enabled-AMI.md#configure-centos-for-hibernation) is required) + Fedora version 34 or later AMI ² ([Additional configuration](hibernation-enabled-AMI.md#configure-fedora-for-hibernation) is required) + Red Hat Enterprise Linux (RHEL) 9 AMI ² ([Additional configuration](hibernation-enabled-AMI.md#configure-RHEL-for-hibernation) is required) + Red Hat Enterprise Linux (RHEL) 8 AMI ² ([Additional configuration](hibernation-enabled-AMI.md#configure-RHEL-for-hibernation) is required) + Ubuntu 22.04.2 LTS (Jammy Jellyfish) AMI released with serial number 20230303 or later ³ + Ubuntu 20.04 LTS (Focal Fossa) AMI released with serial number 20210820 or later ³ + Ubuntu 18.04 LTS (Bionic Beaver) AMI released with serial number 20190722.1 or later ³ ⁵ + Ubuntu 16.04 LTS (Xenial Xerus) AMI ³ ⁴ ⁵ ([Additional configuration](hibernation-enabled-AMI.md#configure-ubuntu1604-for-hibernation) is required) **AMIs for Graviton instance types** + AL2023 AMI (64-bit Arm) released 2024.07.01 or later ¹ + Amazon Linux 2 AMI (64-bit Arm) released 2024.06.20 or later + Ubuntu 22.04.2 LTS (64-bit Arm) (Jammy Jellyfish) AMI released with serial number 20240701 or later ³ + Ubuntu 20.04 LTS (64-bit Arm) (Focal Fossa) AMI released with serial number 20240701 or later ³   ¹ For AL2023 minimal AMI, [additional configuration is required](hibernation-enabled-AMI.md#configure-AL2023-minimal-for-hibernation). ² For CentOS, Fedora, and Red Hat Enterprise Linux, hibernation is supported on Nitro-based instances only. ³ We recommend disabling KASLR on instances with Ubuntu 22.04.2 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), and Ubuntu 16.04 LTS (Xenial Xerus). For more information, see [Disable KASLR on an instance (Ubuntu only)](hibernation-disable-kaslr.md). ⁴ For the Ubuntu 16.04 LTS (Xenial Xerus) AMI, hibernation is not supported on `t3.nano` instance types. No patch will be made available because Ubuntu (Xenial Xerus) ended support in April 2021. If you want to use `t3.nano` instance types, we recommend that you upgrade to the Ubuntu 22.04.2 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa) AMI, or the Ubuntu 18.04 LTS (Bionic Beaver) AMI. ⁵ Support for Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) has reached end of life. To configure your own AMI to support hibernation, see [Configure a Linux AMI to support hibernation](hibernation-enabled-AMI.md). Support for other versions of Ubuntu and other operating systems is coming soon. ### Windows AMIs + Windows Server 2022 AMI released 2023.09.13 or later + Windows Server 2019 AMI released 2019.09.11 or later + Windows Server 2016 AMI released 2019.09.11 or later + Windows Server 2012 R2 AMI released 2019.09.11 or later + Windows Server 2012 AMI released 2019.09.11 or later ## Instance families You must use an instance family that supports hibernation. However, bare metal instances are not supported. + General purpose: M3, M4, M5, M5a, M5ad, M5d, M6a, M6g, M6gd, M6i, M6id, M6idn, M6in, M7a, M7g, M7gd, M7i, M7i-flex, M8a, M8azn, M8g, M8gb, M8gd, M8gn, M8i, M8i-flex, T2, T3, T3a, T4g + Compute optimized: C3, C4, C5, C5d, C6a, C6g, C6gd, C6gn, C6i, C6id, C6in, C7a, C7g, C7gd, C7gn, C7i, C7i-flex, C8a, C8g, C8gb, C8gd, C8gn, C8i, C8i-flex + Memory optimized: R3, R4, R5, R5a, R5ad, R5d, R6a, R6g, R6gd, R6idn, R6in, R7a, R7g, R7gd, R7i, R7iz, R8a, R8g, R8gb, R8gd, R8gn, R8i, R8i-flex, X2gd, X8aedz, X8i + Storage optimized: I3, I3en, I4g, I7i, I7ie, I8g, I8ge, Im4gn, Is4gen ------ #### [ Console ] **To get the instance types that support hibernation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instance Types**. 1. Add the filter **On-Demand Hibernation support = true**. 1. (Optional) Add filters to further scope to specific instance types of interest. ------ #### [ AWS CLI ] **To get the instance types that support hibernation** Use the [describe-instance-types](https://docs.aws.amazon.com/cli/latest/reference/describe-instance-types/.html) command. Note that the available instance types vary by Region. ``` aws ec2 describe-instance-types \ --filters Name=hibernation-supported,Values=true \ --query "InstanceTypes[*].[InstanceType]" \ --output text | sort ``` ------ #### [ PowerShell ] **To get the instance types that support hibernation** Use the [Get-EC2InstanceType](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceType.html) cmdlet. Note that the available instance types vary by Region. ``` (Get-EC2InstanceType ` -Filter @{Name="hibernation-supported"; Values="true"}).InstanceType | Sort-Object ``` ------ ## Instance RAM size **Linux instances** – Must be less than 150 GiB. **Windows instances** – Must be less than or equal to 16 GiB. For hibernating a T3 or T3a Windows instance, we recommend at least 1 GiB of RAM. ## Root volume type The root volume must be an EBS volume, not an instance store volume. ## Root volume size The root volume must be large enough to store the RAM contents and accommodate your expected usage, for example, OS or applications. If you enable hibernation, space is allocated on the root volume at launch to store the RAM. ## Root volume encryption The root volume must be encrypted to ensure the protection of sensitive content that is in memory at the time of hibernation. When RAM data is moved to the EBS root volume, it is always encrypted. Encryption of the root volume is enforced at instance launch. Use one of the following three options to ensure that the root volume is an encrypted EBS volume: + **EBS encryption by default** – You can enable EBS encryption by default to ensure that all new EBS volumes created in your AWS account are encrypted. This way, you can enable hibernation for your instances without specifying encryption intent at instance launch. For more information, see [Enable encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/encryption-by-default.html). + **EBS "single-step" encryption** – You can launch encrypted EBS-backed EC2 instances from an unencrypted AMI and also enable hibernation at the same time. For more information, see [Use encryption with EBS-backed AMIs](AMIEncryption.md). + **Encrypted AMI** – You can enable EBS encryption by using an encrypted AMI to launch your instance. If your AMI does not have an encrypted root snapshot, you can copy it to a new AMI and request encryption. For more information, see [Encrypt an unencrypted image during copy](AMIEncryption.md#copy-unencrypted-to-encrypted) and [Copy an AMI](CopyingAMIs.md#ami-copy-steps). ## EBS volume type The EBS volumes must use one of the following EBS volume types: + General Purpose SSD (`gp2` and `gp3`) + Provisioned IOPS SSD (`io1` and `io2`) If you choose a Provisioned IOPS SSD volume type, you must provision the EBS volume with the appropriate IOPS to achieve optimum performance for hibernation. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide*. ## Spot Instance requests For Spot Instances, the following requirements apply: + The Spot Instance request type must be `persistent`. + You can't specify a launch group in the Spot Instance request. # Configure a Linux AMI to support hibernation The following Linux AMIs can support hibernating an Amazon EC2 instance, provided you complete the additional configuration steps described in this section. **Topics** + [ ## AL2023 minimal AMI released 2023.09.20 or later ](#configure-AL2023-minimal-for-hibernation) + [ ## Amazon Linux 2 minimal AMI released 2019.08.29 or later ](#configure-AL2-minimal-for-hibernation) + [ ## Amazon Linux 2 released before 2019.08.29 ](#configure-AL2-for-hibernation) + [ ## Amazon Linux released before 2018.11.16 ](#configure-AL-for-hibernation) + [ ## CentOS version 8 or later ](#configure-centos-for-hibernation) + [ ## Fedora version 34 or later ](#configure-fedora-for-hibernation) + [ ## Red Hat Enterprise Linux version 8 or 9 ](#configure-RHEL-for-hibernation) + [ ## Ubuntu 20.04 LTS (Focal Fossa) released before serial number 20210820 ](#configure-ubuntu2004-for-hibernation) + [ ## Ubuntu 18.04 (Bionic Beaver) released before serial number 20190722.1 ](#configure-ubuntu1804-for-hibernation) + [ ## Ubuntu 16.04 (Xenial Xerus) ](#configure-ubuntu1604-for-hibernation) For the Linux and Windows AMIs that support hibernation and for which *no additional* configuration is required, see [AMIs](hibernating-prerequisites.md#hibernation-prereqs-supported-amis). For more information, see [Update instance software on your Amazon Linux 2 instance](https://docs.aws.amazon.com/linux/al2/ug/install-updates.html). ## AL2023 minimal AMI released 2023.09.20 or later **To configure an AL2023 minimal AMI released 2023.09.20 or later to support hibernation** 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo dnf install ec2-hibinit-agent ``` 1. Restart the service. ``` [ec2-user ~]$ sudo systemctl start hibinit-agent ``` ## Amazon Linux 2 minimal AMI released 2019.08.29 or later **To configure an Amazon Linux 2 minimal AMI released 2019.08.29 or later to support hibernation** 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo yum install ec2-hibinit-agent ``` 1. Restart the service. ``` [ec2-user ~]$ sudo systemctl start hibinit-agent ``` ## Amazon Linux 2 released before 2019.08.29 **To configure an Amazon Linux 2 AMI released before 2019.08.29 to support hibernation** 1. Update the kernel to `4.14.138-114.102` or later. ``` [ec2-user ~]$ sudo yum update kernel ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo yum install ec2-hibinit-agent ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `4.14.138-114.102` or later. ``` [ec2-user ~]$ uname -a ``` 1. Stop the instance and create an AMI. For more information, see [Create an Amazon EBS-backed AMI](creating-an-ami-ebs.md). ## Amazon Linux released before 2018.11.16 **To configure an Amazon Linux AMI released before 2018.11.16 to support hibernation** 1. Update the kernel to `4.14.77-70.59` or later. ``` [ec2-user ~]$ sudo yum update kernel ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo yum install ec2-hibinit-agent ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `4.14.77-70.59` or greater. ``` [ec2-user ~]$ uname -a ``` 1. Stop the instance and create an AMI. For more information, see [Create an Amazon EBS-backed AMI](creating-an-ami-ebs.md). ## CentOS version 8 or later **To configure a CentOS version 8 or later AMI to support hibernation** 1. Update the kernel to `4.18.0-305.7.1.el8_4.x86_64` or later. ``` [ec2-user ~]$ sudo yum update kernel ``` 1. Install the Fedora Extra Packages for Enterprise Linux (EPEL) repository. ``` [ec2-user ~]$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo yum install ec2-hibinit-agent ``` 1. Enable the hibernate agent to start on boot. ``` [ec2-user ~]$ sudo systemctl enable hibinit-agent.service ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `4.18.0-305.7.1.el8_4.x86_64` or later. ``` [ec2-user ~]$ uname -a ``` ## Fedora version 34 or later **To configure a Fedora version 34 or later AMI to support hibernation** 1. Update the kernel to `5.12.10-300.fc34.x86_64` or later. ``` [ec2-user ~]$ sudo yum update kernel ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo dnf install ec2-hibinit-agent ``` 1. Enable the hibernate agent to start on boot. ``` [ec2-user ~]$ sudo systemctl enable hibinit-agent.service ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `5.12.10-300.fc34.x86_64` or later. ``` [ec2-user ~]$ uname -a ``` ## Red Hat Enterprise Linux version 8 or 9 **To configure a Red Hat Enterprise Linux 8 or 9 AMI to support hibernation** 1. Update the kernel to `4.18.0-305.7.1.el8_4.x86_64` or later. ``` [ec2-user ~]$ sudo yum update kernel ``` 1. Install the Fedora Extra Packages for Enterprise Linux (EPEL) repository. RHEL version 8: ``` [ec2-user ~]$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm ``` RHEL version 9: ``` [ec2-user ~]$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo yum install ec2-hibinit-agent ``` 1. Enable the hibernate agent to start on boot. ``` [ec2-user ~]$ sudo systemctl enable hibinit-agent.service ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `4.18.0-305.7.1.el8_4.x86_64` or later. ``` [ec2-user ~]$ uname -a ``` ## Ubuntu 20.04 LTS (Focal Fossa) released before serial number 20210820 **To configure an Ubuntu 20.04 LTS (Focal Fossa) AMI released before serial number 20210820 to support hibernation** 1. Update the linux-aws-kernel to `5.8.0-1038.40` or later, and grub2 to `2.04-1ubuntu26.13` or later. ``` [ec2-user ~]$ sudo apt update [ec2-user ~]$ sudo apt dist-upgrade ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `5.8.0-1038.40` or later. ``` [ec2-user ~]$ uname -a ``` 1. Confirm that the grub2 version is updated to `2.04-1ubuntu26.13` or later. ``` [ec2-user ~]$ dpkg --list | grep grub2-common ``` ## Ubuntu 18.04 (Bionic Beaver) released before serial number 20190722.1 **To configure an Ubuntu 18.04 LTS AMI released before serial number 20190722.1 to support hibernation** 1. Update the kernel to `4.15.0-1044` or later. ``` [ec2-user ~]$ sudo apt update [ec2-user ~]$ sudo apt dist-upgrade ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo apt install ec2-hibinit-agent ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `4.15.0-1044` or later. ``` [ec2-user ~]$ uname -a ``` ## Ubuntu 16.04 (Xenial Xerus) To configure Ubuntu 16.04 LTS to support hibernation, you need to install the linux-aws-hwe kernel package version 4.15.0-1058-aws or later and the ec2-hibinit-agent. **Important** The `linux-aws-hwe` kernel package is supported by Canonical. The standard support for Ubuntu 16.04 LTS ended in April 2021, and the package no longer receives regular updates. However, it will receive additional security updates until the Extended Security Maintenance support ends in 2024. For more information, see [Amazon EC2 Hibernation for Ubuntu 16.04 LTS now available](https://ubuntu.com/blog/amazon-ec2-hibernation-for-ubuntu-16-04-lts-now-available) on the Canonical Ubuntu Blog. We recommend that you upgrade to the Ubuntu 20.04 LTS (Focal Fossa) AMI or the Ubuntu 18.04 LTS (Bionic Beaver) AMI. **To configure an Ubuntu 16.04 LTS AMI to support hibernation** 1. Update the kernel to `4.15.0-1058-aws` or later. ``` [ec2-user ~]$ sudo apt update [ec2-user ~]$ sudo apt install linux-aws-hwe ``` 1. Install the `ec2-hibinit-agent` package from the repositories. ``` [ec2-user ~]$ sudo apt install ec2-hibinit-agent ``` 1. Reboot the instance. ``` [ec2-user ~]$ sudo reboot ``` 1. Confirm that the kernel version is updated to `4.15.0-1058-aws` or later. ``` [ec2-user ~]$ uname -a ``` # Enable hibernation for an Amazon EC2 instance Enable instance hibernation To hibernate an instance, you must first enable it for hibernation while launching the instance. **Important** You can't enable or disable hibernation for an instance after you launch it. **Topics** + [ ## Enable hibernation for On-Demand Instances ](#enable-hibernation-for-on-demand-instances) + [ ## Enable hibernation for Spot Instances ](#enable-hibernation-for-spot-instances) + [ ## View if an instance is enabled for hibernation ](#view-if-instance-is-enabled-for-hibernation) ## Enable hibernation for On-Demand Instances You can enable hibernation for your On-Demand Instances. ------ #### [ Console ] **To enable hibernation for an On-Demand Instance** 1. Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md), but don't launch the instance until you've completed the following steps to enable hibernation. 1. To enable hibernation, configure the following fields in the launch instance wizard: 1. Under **Application and OS Images (Amazon Machine Image)**, select an AMI that supports hibernation. For more information, see [AMIs](hibernating-prerequisites.md#hibernation-prereqs-supported-amis). 1. Under **Instance type**, select a supported instance type. For more information, see [Instance families](hibernating-prerequisites.md#hibernation-prereqs-supported-instance-families). 1. Under **Configure storage**, choose **Advanced** (at the right), and specify the following information for the root volume: + For **Size (GiB)**, enter the EBS root volume size. The volume must be large enough to store the RAM contents and accommodate your expected usage. + For **Volume type**, select a supported EBS volume type: General Purpose SSD (`gp2` and `gp3`) or Provisioned IOPS SSD (`io1` and `io2`). + For **Encrypted**, choose **Yes**. If you enabled encryption by default in this AWS Region, **Yes** is selected. + For **KMS key**, select the encryption key for the volume. If you enabled encryption by default in this AWS Region, the default encryption key is selected. For more information about the prerequisites for the root volume, see [Prerequisites for EC2 instance hibernation](hibernating-prerequisites.md). 1. Expand **Advanced details**, and for **Stop - Hibernate behavior**, choose **Enable**. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ------ #### [ AWS CLI ] **To enable hibernation for an On-Demand Instance** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to launch an instance. Specify the EBS root volume parameters using the `--block-device-mappings file://mapping.json` parameter, and enable hibernation using the `--hibernation-options Configured=true` parameter. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type m5.large \ --block-device-mappings file://mapping.json \ --hibernation-options Configured=true \ --count 1 \ --key-name MyKeyPair ``` Specify the following in `mapping.json`. ``` [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeSize": 30, "VolumeType": "gp2", "Encrypted": true } } ] ``` The value for `DeviceName` must match the root device name that's associated with the AMI. To find the root device name, use the [describe-images](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html) command. ``` aws ec2 describe-images --image-id ami-0abcdef1234567890 ``` If you enabled encryption by default in this AWS Region, you can omit `"Encrypted": true`. ------ #### [ PowerShell ] **To enable hibernation for an On-Demand Instance** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) command to launch an instance. Specify the EBS root volume by first defining the block device mapping, and then adding it to the command using the `-BlockDeviceMappings` parameter. Enable hibernation using the `-HibernationOptions_Configured $true` parameter. ``` $ebs_encrypt = New-Object Amazon.EC2.Model.BlockDeviceMapping $ebs_encrypt.DeviceName = "/dev/xvda" $ebs_encrypt.Ebs = New-Object Amazon.EC2.Model.EbsBlockDevice $ebs_encrypt.Ebs.VolumeSize = 30 $ebs_encrypt.Ebs.VolumeType = "gp2" $ebs_encrypt.Ebs.Encrypted = $true New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType m5.large ` -BlockDeviceMappings $ebs_encrypt ` -HibernationOptions_Configured $true ` -MinCount 1 ` -MaxCount 1 ` -KeyName MyKeyPair ``` The value for `DeviceName` must match the root device name associated with the AMI. To find the root device name, use the [Get-EC2Image](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Image.html) command. ``` Get-EC2Image -ImageId ami-0abcdef1234567890 ``` If you enabled encryption by default in this AWS Region, you can omit `Encrypted = $true` from the block device mapping. ------ ## Enable hibernation for Spot Instances You can enable hibernation for your Spot Instances. For more information about hibernating a Spot Instance on interruption, see [Spot Instance interruptions](spot-interruptions.md). ------ #### [ Console ] **To enable hibernation for a Spot Instance** 1. Follow the procedure to [request a Spot Instance using the launch instance wizard](using-spot-instances-request.md), but don't launch the instance until you've completed the following steps to enable hibernation. 1. To enable hibernation, configure the following fields in the launch instance wizard: 1. Under **Application and OS Images (Amazon Machine Image)**, select an AMI that supports hibernation. For more information, see [AMIs](hibernating-prerequisites.md#hibernation-prereqs-supported-amis). 1. Under **Instance type**, select a supported instance type. For more information, see [Instance families](hibernating-prerequisites.md#hibernation-prereqs-supported-instance-families). 1. Under **Configure storage**, choose **Advanced** (at the right), and specify the following information for the root volume: + For **Size (GiB)**, enter the EBS root volume size. The volume must be large enough to store the RAM contents and accommodate your expected usage. + For **Volume type**, select a supported EBS volume type: General Purpose SSD (`gp2` and `gp3`) or Provisioned IOPS SSD (`io1` and `io2`). + For **Encrypted**, choose **Yes**. If you enabled encryption by default in this AWS Region, **Yes** is selected. + For **KMS key**, select the encryption key for the volume. If you enabled encryption by default in this AWS Region, the default encryption key is selected. For more information about the prerequisites for the root volume, see [Prerequisites for EC2 instance hibernation](hibernating-prerequisites.md). 1. Expand **Advanced details**, and, in addition to the fields for configuring a Spot Instance, do the following: 1. For **Request type**, choose **Persistent**. 1. For **Interruption behavior**, choose **Hibernate**. Alternatively, for **Stop - Hibernate behavior**, choose **Enable**. Both fields enable hibernation on your Spot Instance. You need only configure one of them. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ------ #### [ AWS CLI ] **To enable hibernation for a Spot Instance** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to request a Spot Instance. Specify the EBS root volume parameters using the `--block-device-mappings file://mapping.json` parameter, and enable hibernation using the `--hibernation-options Configured=true` parameter. The Spot request type (`SpotInstanceType`) must be `persistent`. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type c4.xlarge \ --block-device-mappings file://mapping.json \ --hibernation-options Configured=true \ --count 1 \ --key-name MyKeyPair --instance-market-options { "MarketType":"spot", "SpotOptions":{ "MaxPrice":"1", "SpotInstanceType":"persistent" } } ``` Specify the EBS root volume parameters in `mapping.json` as follows. ``` [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeSize": 30, "VolumeType": "gp2", "Encrypted": true } } ] ``` The value for `DeviceName` must match the root device name that's associated with the AMI. To find the root device name, use the [describe-images](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html) command. ``` aws ec2 describe-images --image-id ami-0abcdef1234567890 ``` If you enabled encryption by default in this AWS Region, you can omit `"Encrypted": true`. ------ #### [ PowerShell ] **To enable hibernation for a Spot Instance** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) command to request a Spot Instance. Specify the EBS root volume by first defining the block device mapping, and then adding it to the command using the `-BlockDeviceMappings` parameter. Enable hibernation using the `-HibernationOptions_Configured $true` parameter. ``` $ebs_encrypt = New-Object Amazon.EC2.Model.BlockDeviceMapping $ebs_encrypt.DeviceName = "/dev/xvda" $ebs_encrypt.Ebs = New-Object Amazon.EC2.Model.EbsBlockDevice $ebs_encrypt.Ebs.VolumeSize = 30 $ebs_encrypt.Ebs.VolumeType = "gp2" $ebs_encrypt.Ebs.Encrypted = $true New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType m5.large ` -BlockDeviceMappings $ebs_encrypt ` -HibernationOptions_Configured $true ` -MinCount 1 ` -MaxCount 1 ` -KeyName MyKeyPair ` -InstanceMarketOption @( MarketType = spot; SpotOptions @{ MaxPrice = 1; SpotInstanceType = persistent} ) ``` The value for `DeviceName` must match the root device name associated with the AMI. To find the root device name, use the [Get-EC2Image](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Image.html) command. ``` Get-EC2Image -ImageId ami-0abcdef1234567890 ``` If you enabled encryption by default in this AWS Region, you can omit `Encrypted = $true` from the block device mapping. ------ ## View if an instance is enabled for hibernation You can check whether an instance is enabled for hibernation. ------ #### [ Console ] **To view if an instance is enabled for hibernation** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and, on the **Details** tab, in the **Instance details** section, inspect **Stop-hibernate behavior**. **Enabled** indicates that the instance is enabled for hibernation. ------ #### [ AWS CLI ] **To view if an instance is enabled for hibernation** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command and specify the `--filters "Name=hibernation-options.configured,Values=true"` parameter to filter instances that are enabled for hibernation. ``` aws ec2 describe-instances \ --filters "Name=hibernation-options.configured,Values=true" ``` The following field in the output indicates that the instance is enabled for hibernation. ``` "HibernationOptions": { "Configured": true } ``` ------ #### [ PowerShell ] **To view if an instance is enabled for hibernation** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet and filter instances that are enabled for hibernation. ``` (Get-EC2Instance ` -Filter @{Name="hibernation-options.configured"; Values="true"}).Instances ``` ------ # Disable KASLR on an instance (Ubuntu only) To run hibernation on a newly launched instance with Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 18.04 LTS (Bionic Beaver) released with serial number 20190722.1 or later, or Ubuntu 20.04 LTS (Focal Fossa) released with serial number 20210820 or later, we recommend disabling KASLR (Kernel Address Space Layout Randomization). On Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, or Ubuntu 20.04 LTS, KASLR is enabled by default. KASLR is a standard Linux kernel security feature that helps to mitigate exposure to and ramifications of yet-undiscovered memory access vulnerabilities by randomizing the base address value of the kernel. With KASLR enabled, there is a possibility that the instance might not resume after it has been hibernated. To learn more about KASLR, see [Ubuntu Features](https://wiki.ubuntu.com/Security/Features). **To disable KASLR on an instance launched with Ubuntu** 1. Connect to your instance using SSH. For more information, see [Connect to your Linux instance using SSH](connect-to-linux-instance.md). 1. Open the `/etc/default/grub.d/50-cloudimg-settings.cfg` file in your editor of choice. Edit the `GRUB_CMDLINE_LINUX_DEFAULT` line to append the `nokaslr` option to its end, as shown in the following example. ``` GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 nvme_core.io_timeout=4294967295 nokaslr" ``` 1. Save the file and exit your editor. 1. Run the following command to rebuild the grub configuration. ``` sudo update-grub ``` 1. Reboot the instance. ``` sudo reboot ``` 1. Run the following command to confirm that `nokaslr` has been added. ``` cat /proc/cmdline ``` The output of the command should include the `nokaslr` option. # Hibernate an Amazon EC2 instance Hibernate an instance You can initiate hibernation on an On-Demand Instance or Spot Instance if the instance is an EBS-backed instance, is [enabled for hibernation](enabling-hibernation.md), and meets the [hibernation prerequisites](hibernating-prerequisites.md). If an instance cannot hibernate successfully, a normal shutdown occurs. ------ #### [ Console ] **To hibernate an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select an instance, and choose **Instance state**, **Hibernate instance**. If **Hibernate instance** is disabled, the instance is already hibernated or stopped, or it can't be hibernated. For more information, see [Prerequisites for EC2 instance hibernation](hibernating-prerequisites.md). 1. When prompted for confirmation, choose **Hibernate**. It can take a few minutes for the instance to hibernate. The instance state first changes to **Stopping**, and then changes to **Stopped** when the instance has hibernated. ------ #### [ AWS CLI ] **To hibernate an instance** Use the [stop-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/stop-instances.html) command and specify the `--hibernate` parameter. ``` aws ec2 stop-instances \ --instance-ids i-1234567890abcdef0 \ --hibernate ``` ------ #### [ PowerShell ] **To hibernate an instance** Use the [Stop-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Stop-EC2Instance.html) cmdlet. ``` Stop-EC2Instance ` -InstanceId i-1234567890abcdef0 ` -Hibernate $true ``` ------ You can check whether hibernation was initiated on an instance. ------ #### [ Console ] **To view if hibernation was initiated on an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and, on the **Details** tab, in the **Instance details** section, check the value for **State transition message**. **Client.UserInitiatedHibernate: User initiated hibernate** indicates that you initiated hibernation on the On-Demand Instance or Spot Instance. ------ #### [ AWS CLI ] **To view if hibernation was initiated on an instance** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command and specify the `state-reason-code` filter to see the instances on which hibernation was initiated. ``` aws ec2 describe-instances \ --filters "Name=state-reason-code,Values=Client.UserInitiatedHibernate" ``` The following field in the output indicates that hibernation was initiated on the On-Demand Instance or Spot Instance. ``` "StateReason": { "Code": "Client.UserInitiatedHibernate" } ``` ------ #### [ PowerShell ] **To view if hibernation was initiated on an instance** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet and specify the `state-reason-code` filter to see the instances on which hibernation was initiated. ``` Get-EC2Instance ` -Filter @{Name="state-reason-code";Value="Client.UserInitiatedHibernate"} ``` ------ # Start a hibernated Amazon EC2 instance Start a hibernated instance Start a hibernated instance by starting it in the same way that you would start a stopped instance. For Spot Instances, if Amazon EC2 hibernated the instance, then only Amazon EC2 can resume it. You can only resume a hibernated Spot Instance if *you* hibernated it. Spot Instances can only be resumed if capacity is available and the Spot price is less than or equal to your specified maximum price. ------ #### [ Console ] **To start a hibernated instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select a hibernated instance, and choose **Instance state**, **Start instance**. It can take a few minutes for the instance to enter the `running` state. During this time, the instance [status checks](monitoring-system-instance-status-check.md#types-of-instance-status-checks) show the instance in a failed state until the instance has started. ------ #### [ AWS CLI ] **To start a hibernated instance** Use the [start-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/start-instances.html) command. ``` aws ec2 start-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To start a hibernated instance** Use the [Start-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Start-EC2Instance.html) cmdlet. ``` Start-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ # Troubleshoot Amazon EC2 instance hibernation Troubleshoot Use this information to help diagnose and fix issues that you might encounter when hibernating an instance. **Topics** + [ ## Can't hibernate immediately after launch ](#hibernate-troubleshooting-1) + [ ## Takes too long to transition from stopping to stopped, and memory state not restored after start ](#hibernate-troubleshooting-2) + [ ## Instance "stuck" in the stopping state ](#hibernate-troubleshooting-3) + [ ## Can’t start Spot Instance immediately after hibernate ](#hibernate-troubleshooting-4) + [ ## Resume Spot Instances failed ](#hibernate-troubleshooting-5) ## Can't hibernate immediately after launch If you try to hibernate an instance too quickly after you've launched it, you get an error. You must wait for about two minutes for Linux instances and about five minutes for Windows instances after launch before hibernating. ## Takes too long to transition from stopping to stopped, and memory state not restored after start If it takes a long time for your hibernating instance to transition from the `stopping` state to `stopped`, and if the memory state is not restored after you start, this could indicate that hibernation was not properly configured. **Linux instances** Check the instance system log and look for messages that are related to hibernation. To access the system log, [connect](connect-to-linux-instance.md) to the instance or use the [get-console-output](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-console-output.html) command. Find the log lines from the `hibinit-agent`. If the log lines indicate a failure or the log lines are missing, there was most likely a failure configuring hibernation at launch. For example, the following message indicates that the instance root volume is not large enough: `hibinit-agent: Insufficient disk space. Cannot create setup for hibernation. Please allocate a larger root device.` If the last log line from the `hibinit-agent` is `hibinit-agent: Running: swapoff /swap`, hibernation was successfully configured. If you do not see any logs from these processes, your AMI might not support hibernation. For information about supported AMIs, see [Prerequisites for EC2 instance hibernation](hibernating-prerequisites.md). If you used your own Linux AMI, make sure that you followed the instructions for [Configure a Linux AMI to support hibernation](hibernation-enabled-AMI.md). **Windows Server 2016 and later** Check the EC2 launch log and look for messages that are related to hibernation. To access the EC2 launch log, [connect](connecting_to_windows_instance.md) to the instance and open the `C:\ProgramData\Amazon\EC2-Windows\Launch\Log\Ec2Launch.log` file in a text editor. If you're using EC2Launch v2, open `C:\ProgramData\Amazon\EC2Launch\log\agent.log`. **Note** By default, Windows hides files and folders under `C:\ProgramData`. To view EC2 Launch directories and files, enter the path in Windows Explorer or change the folder properties to show hidden files and folders. Find the log lines for hibernation. If the log lines indicate a failure or the log lines are missing, there was most likely a failure configuring hibernation at launch. For example, the following message indicates that hibernation failed to configure: `Message: Failed to enable hibernation.` If the error message includes decimal ASCII values, you can convert the ASCII values to plain text in order to read the full error message. If the log line contains `HibernationEnabled: true`, hibernation was successfully configured. **Windows Server 2012 R2 and earlier** Check the EC2 config log and look for messages that are related to hibernation. To access the EC2 config log, [connect](connecting_to_windows_instance.md) to the instance and open the `C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2ConfigLog.txt` file in a text editor. Find the log lines for `SetHibernateOnSleep`. If the log lines indicate a failure or the log lines are missing, there was most likely a failure configuring hibernation at launch. For example, the following message indicates that the instance root volume is not large enough: `SetHibernateOnSleep: Failed to enable hibernation: Hibernation failed with the following error: There is not enough space on the disk.` If the log line is `SetHibernateOnSleep: HibernationEnabled: true`, hibernation was successfully configured. **Windows instance size** If you’re using a T3 or T3a Windows instance with less than 1 GiB of RAM, try increasing the size of the instance to one that has at least 1 GiB of RAM. ## Instance "stuck" in the stopping state If you hibernated your instance and it appears "stuck" in the `stopping` state, you can forcibly stop it. For more information, see [Troubleshoot Amazon EC2 instance stop issues](TroubleshootingInstancesStopping.md). ## Can’t start Spot Instance immediately after hibernate If you try to start a Spot Instance within two minutes of hibernating it, you might get the following error: `You failed to start the Spot Instance because the associated Spot Instance request is not in an appropriate state to support start.` Wait for about two minutes for Linux instances and about five minutes for Windows instances and then retry starting the instance. ## Resume Spot Instances failed If your Spot Instance was hibernated successfully but failed to resume, and instead rebooted (a fresh restart where the hibernated state is not retained), it might be because the user data contained the following script: ``` /usr/bin/enable-ec2-spot-hibernation ``` Remove this script from the **User data** field in the launch template, and then request a new Spot Instance. Note that even if the instance failed to resume, without the hibernated state preserved, the instance can still be started in the same way as starting from the `stopped` state. # Reboot your Amazon EC2 instance Reboot An instance reboot is equivalent to an operating system reboot. In most cases, it takes only a few minutes to reboot your instance. When you reboot an instance, it keeps the following: + Public DNS name (IPv4) + Private IPv4 address + Public IPv4 address + IPv6 address (if applicable) + Any data on its instance store volumes Rebooting an instance doesn't start a new instance billing period, unlike [stopping and starting](Stop_Start.md) an instance (which starts a new billing period with a one-minute minimum charge). An instance reboot can be user-initiated (where you manually reboot the instance) or initiated by AWS (for automatic instance recovery, or in response to a scheduled reboot event for necessary maintenance, such as to apply updates that require a reboot). For user-initiated reboots, we recommend using the Amazon EC2 console, CLI, or API instead of running the operating system reboot command from your instance. When using Amazon EC2, if the instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot. Furthermore, AWS CloudTrail creates an API record of when your instance was rebooted. This topic describes how to perform a user-initiated reboot. For information about reboots performed by AWS, see [Automatic instance recovery](ec2-instance-recover.md) and [Manage Amazon EC2 instances scheduled for reboot](schedevents_actions_reboot.md). **Important** If updates are installing on your instance, we recommend that you do not reboot or shut down your instance using the Amazon EC2 console or the command line until all the updates are installed. When you use the Amazon EC2 console or the command line to reboot or shut down your instance, there is a risk that your instance will be hard rebooted. A hard reboot while updates are being installed could throw your instance into an unstable state. ------ #### [ Console ] **To reboot an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Instance state**, **Reboot instance**. 1. Choose **Reboot** when prompted for confirmation. The instance remains in the `running` state. ------ #### [ AWS CLI ] **To reboot an instance** Use the [reboot-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/reboot-instances.html) command. ``` aws ec2 reboot-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To reboot an instance** Use the [Restart-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Restart-EC2Instance.html) cmdlet. ``` Restart-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ **To run a controlled fault injection experiment** You can use AWS Fault Injection Service to test how your application responds when your instance is rebooted. For more information, see the [AWS Fault Injection Service User Guide](https://docs.aws.amazon.com/fis/latest/userguide/what-is.html). # Terminate Amazon EC2 instances Terminate **Warning** **Terminating an instance is permanent and irreversible.** After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see [How instance termination works](how-ec2-instance-termination-works.md). Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage. You can delete your instance when you no longer need it. This is referred to as *terminating* your instance. As soon as the state of an instance changes to `shutting-down` or `terminated`, you stop incurring charges for that instance. You can't connect to or start an instance after you've terminated it. However, you can launch new instances using the same AMI. If you'd rather stop or hibernate your instance, see [Stop and start Amazon EC2 instances](Stop_Start.md) or [Hibernate your Amazon EC2 instance](Hibernate.md). For more information, see [Differences between instance states](ec2-instance-lifecycle.md#lifecycle-differences). **Topics** + [ # How instance termination works ](how-ec2-instance-termination-works.md) + [ # Methods for terminating an instance ](instance-terminate-methods.md) + [ ## Terminate an instance with a graceful OS shutdown ](#terminating-instances-console) + [ ## Terminate an instance and bypass the graceful OS shutdown ](#terminating-instances-bypass-graceful-os-shutdown) + [ ## Troubleshoot instance termination ](#troubleshoot-instance-terminate) + [ # Change instance termination protection ](Using_ChangingDisableAPITermination.md) + [ # Change instance initiated shutdown behavior ](Using_ChangingInstanceInitiatedShutdownBehavior.md) + [ # Preserve data when an instance is terminated ](preserving-volumes-on-termination.md) # How instance termination works How it works When you terminate an instance, changes are registered at the operating system (OS) level of the instance, some resources are lost, and some resources persist. The following diagram shows what is lost and what persists when an Amazon EC2 instance is terminated. When an instance terminates, the data on any instance store volumes and the data stored in the instance RAM is erased. Any Elastic IP addresses associated with the instance are detached. For Amazon EBS root volumes and data volumes, the outcome depends on the **Delete on termination** setting of each volume. ![\[The IP addresses, RAM, instance store volumes, and EBS root volume are lost when an instance is terminated.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/terminate-instance.png) ## Considerations + **Data persistence** + Instance store volumes: All data is permanently deleted when the instance terminates. + EBS root volume: + When attached at launch, deleted by default when the instance terminates. + When attached after launch, persists by default when the instance terminates. + EBS data volumes: + When attached at launch using the console: Persists by default when the instance terminates. + When attached at launch using the CLI: Deleted by default when the instance terminates. + When attached after launch using the console or CLI: Persists by default when the instance terminates. **Note** Any volumes that are not deleted on instance termination continue to incur charges. You can change the setting so that a volume is deleted or persists on instance termination. For more information, see [Preserve data when an instance is terminated](preserving-volumes-on-termination.md). + **Protection against accidental termination** + To prevent an instance from being accidentally terminated by someone, [enable termination protection](Using_ChangingDisableAPITermination.md). + To control whether an instance stops or terminates when shutdown is initiated from the instance, change the [instance initiated shutdown behavior](Using_ChangingInstanceInitiatedShutdownBehavior.md). + **Shutdown scripts** – If you run a script on instance termination, your instance might have an abnormal termination because we have no way of ensuring that shutdown scripts run. Amazon EC2 attempts to cleanly shut down an instance and run any system shutdown scripts; however, certain events (such as hardware failure) may prevent these system shutdown scripts from running. + **Bare metal instances** – x86 bare metal instances don't support cooperative shutdown. ## What happens when you terminate an instance **Changes registered at the OS level** + The API request sends a button press event to the guest. + Various system services are stopped as a result of the button press event. Graceful shutdown of the system is provided by **systemd** (Linux) or the System process (Windows). Graceful shutdown is triggered by the ACPI shutdown button press event from the hypervisor. + ACPI shutdown is initiated. + The instance shuts down after the graceful shutdown process exits. There is no configurable OS shutdown time. The instance remains visible in the console for a short time, then the entry is automatically deleted. **Resources lost** + Data stored on the instance store volumes. + EBS root volume if the `DeleteOnTermination` attribute is set to `true`. + EBS data volumes (attached at launch or after) if the `DeleteOnTermination` attribute is set to `true`. **Resources that persist** + EBS root volume if the `DeleteOnTermination` attribute is set to `false`. + EBS data volumes (attached at launch or after) if the `DeleteOnTermination` attribute is set to `false`. ## Test application response to instance termination Test application response You can use AWS Fault Injection Service to test how your application responds when your instance is terminated. For more information, see the [AWS Fault Injection Service User Guide](https://docs.aws.amazon.com/fis/latest/userguide/what-is.html). # Methods for terminating an instance **Warning** **Terminating an instance is permanent and irreversible.** After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see [How instance termination works](how-ec2-instance-termination-works.md). Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage. There are four ways to perform a user-initiated instance termination: default terminate, terminate with skip OS shutdown, force terminate, and force terminate with skip OS shutdown. The following table compares the key differences between the termination methods: **Note** You can't terminate an instance if termination protection is turned on. For more information, see [Change instance termination protection](Using_ChangingDisableAPITermination.md). | Termination method | Key purpose | Use case | CLI command | | --- | --- | --- | --- | | Default terminate | Normal instance shutdown with attempted graceful OS shutdown. | Typical instance termination. | 
aws ec2 terminate-instances \
--instance-id i-1234567890abcdef0
| | Terminate with skip OS shutdown | Bypasses the graceful OS shutdown when terminating an instance. | When bypassing graceful OS shutdown is required. | 
aws ec2 terminate-instances \
--instance-id i-1234567890abcdef0 \
--skip-os-shutdown
| | Force terminate | Handles stuck instances. Attempts a default termination first; if instance fails to terminate, then forcibly terminates the instance. | When instance is stuck in shutting-down state. | 
aws ec2 terminate-instances \
--instance-id i-1234567890abcdef0 \
--force
| | Force terminate with skip OS shutdown | Force terminates and bypasses the graceful OS shutdown when terminating an instance. | When force termination and bypassing graceful OS shutdown is required. | 
aws ec2 terminate-instances \
--instance-id i-1234567890abcdef0 \
--force \
--skip-os-shutdown
| For instructions on how to use each method, see the following: + [Terminate an instance with a graceful OS shutdown](terminating-instances.md#terminating-instances-console) + [Terminate an instance and bypass the graceful OS shutdown](terminating-instances.md#terminating-instances-bypass-graceful-os-shutdown) + [Force terminate an instance](TroubleshootingInstancesShuttingDown.md#force-terminate-ec2-instance) ## Terminate an instance with a graceful OS shutdown You can terminate an instance using the default terminate method, which includes an attempt at a graceful OS shutdown. For more information, see [Methods for terminating an instance](instance-terminate-methods.md). ------ #### [ Console ] **To terminate an instance using the default terminate method** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance, and choose **Instance state**, **Terminate (delete) instance**. 1. Choose **Terminate (delete)** when prompted for confirmation. 1. After you terminate an instance, it remains visible for a short while, with a state of `terminated`. If termination fails or if a terminated instance is visible for more than a few hours, see [Terminated instance still displayed](TroubleshootingInstancesShuttingDown.md#terminated-instance-still-displaying). ------ #### [ AWS CLI ] **To terminate an instance using the default terminate method** Use the [terminate-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html) command. ``` aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 ``` ------ #### [ PowerShell ] **To terminate an instance using the default terminate method** Use the [Remove-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2Instance.html) cmdlet. ``` Remove-EC2Instance -InstanceId i-1234567890abcdef0 ``` ------ ## Terminate an instance and bypass the graceful OS shutdown You can bypass the graceful OS shutdown when terminating an instance. For more information, see [Methods for terminating an instance](instance-terminate-methods.md). ------ #### [ Console ] **To terminate an instance and bypass the graceful OS shutdown** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance, and choose **Instance state**, **Terminate (delete) instance**. 1. Under **Skip OS shutdown**, select the **Skip OS shutdown** checkbox. If you don't see this option in the console, it's not yet available in the console in the current Region. You can, however, access this feature using the AWS CLI or SDK, or try another Region in the console. 1. Choose **Terminate (delete)**. 1. After you terminate an instance, it remains visible for a short while, with a state of `terminated`. If termination fails or if a terminated instance is visible for more than a few hours, see [Terminated instance still displayed](TroubleshootingInstancesShuttingDown.md#terminated-instance-still-displaying). ------ #### [ AWS CLI ] **To terminate an instance and bypass the graceful OS shutdown** Use the [terminate-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html) command with `--skip-os-shutdown`.. ``` aws ec2 terminate-instances \ --instance-ids i-1234567890abcdef0 \ --skip-os-shutdown ``` ------ #### [ PowerShell ] **To terminate an instance and bypass the graceful OS shutdown** Use the [Remove-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-EC2Instance.html) cmdlet with `-SkipOsShutdown $true`.. ``` Remove-EC2Instance ` -InstanceId i-1234567890abcdef0 ` -SkipOsShutdown $true ``` ------ ## Troubleshoot instance termination The requester must have permission to call `ec2:TerminateInstances`. For more information, see [Example policies to work with instances](ExamplePolicies_EC2.md#iam-example-instances). If you terminate your instance and another instance starts, most likely you have configured automatic scaling through a feature like EC2 Fleet or Amazon EC2 Auto Scaling. For more information, see [Instances automatically launched or terminated](TroubleshootingInstancesShuttingDown.md#automatic-instance-create-or-delete). **Note** You can't terminate an instance if termination protection is turned on. For more information, see [Change instance termination protection](Using_ChangingDisableAPITermination.md). If your instance is in the `shutting-down` state for longer than usual, you can attempt to force terminate it. If it remains in the `shutting-down` state, it should be cleaned up (terminated) by automated processes within the Amazon EC2 service. For more information, see [Delayed instance termination](TroubleshootingInstancesShuttingDown.md#instance-stuck-terminating). # Change instance termination protection Change termination protection To prevent your instance from being accidentally terminated using the Amazon EC2 API, whether you call `TerminateInstances` directly or using another interface such as the Amazon EC2 console, enable *termination protection* for the instance. The `DisableApiTermination` attribute controls whether the instance can be terminated. By default, termination protection is disabled for your instance. You can set the value of this attribute when you launch an instance, or while the instance is running or stopped. The `DisableApiTermination` attribute doesn't prevent you from terminating an instance by initiating shutdown from the instance (for example, by using an operating system command for system shutdown) when the `InstanceInitiatedShutdownBehavior` attribute is set to `terminate`. For more information, see [Change instance initiated shutdown behavior](Using_ChangingInstanceInitiatedShutdownBehavior.md). **Considerations** + Enabling termination protection does not prevent AWS from terminating the instance when there is a [scheduled event](monitoring-instances-status-check_sched.md) to terminate the instance. + Enabling termination protection does not prevent Amazon EC2 Auto Scaling from terminating an instance when the instance is unhealthy or during scale-in events. You can control whether an Auto Scaling group can terminate a particular instance when scaling using [instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html). You can control whether an Auto Scaling group can terminate unhealthy instances by [suspending the ReplaceUnhealthy scaling process](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html). + You can't enable termination protection for Spot Instances. ------ #### [ Console ] **To enable termination protection for an instance at launch** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. On the dashboard, choose **Launch instance**. 1. Expand **Advanced details**. For **Termination protection**, select **Enable**. 1. When you are finishing specifying the details for your instance, choose **Launch instance**. **To change termination protection for an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, select **Instances**. 1. Select the instance. 1. Choose **Actions**, **Instance settings**, **Change termination protection**. 1. For **Termination protection** select or clear **Enable**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To enable termination protection for an instance** Use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --disable-api-termination ``` **To disable termination protection for an instance** Use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --no-disable-api-termination ``` ------ #### [ PowerShell ] **To enable termination protection for an instance** Use the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet. ``` Edit-EC2InstanceAttribute ` -InstanceId i-1234567890abcdef0 ` -DisableApiTermination $true ``` **To disable termination protection for an instance** Use the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet. ``` Edit-EC2InstanceAttribute ` -InstanceId i-1234567890abcdef0 ` -DisableApiTermination $false ``` ------ ## Terminate multiple instances with termination protection If you terminate multiple instances across multiple Availability Zones in the same request, and one or more of the specified instances are enabled for termination protection, the request fails with the following results: + The specified instances that are in the same Availability Zone as the protected instance are not terminated. + The specified instances that are in different Availability Zones, where no other specified instances are protected, are successfully terminated. **Example** Suppose that you have the following four instances across two Availability Zones. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingDisableAPITermination.html) If you attempt to terminate all of these instances in the same request, the request reports failure with the following results: + **Instance 1** and **Instance 2** are successfully terminated because neither instance is enabled for termination protection. + **Instance 3** and **Instance 4** fail to terminate because **Instance 3** is enabled for termination protection. # Change instance initiated shutdown behavior Change initiated shutdown behavior **Warning** **Terminating an instance is permanent and irreversible.** After you terminate an instance, you can no longer connect to it, and it can't be recovered. All attached Amazon EBS volumes that are configured to be deleted on termination are also permanently deleted and can't be recovered. All data stored on instance store volumes is permanently lost. For more information, see [How instance termination works](how-ec2-instance-termination-works.md). Before you terminate an instance, ensure that you have backed up all data that you need to retain after the termination to persistent storage. By default, when you initiate a shutdown from an Amazon EBS backed instance (using a command such as **shutdown** or **poweroff**), the instance stops. You can change this behavior so that the instance terminates instead by changing the `InstanceInitiatedShutdownBehavior` attribute for the instance. You can change this attribute while the instance is running or stopped. The **halt** command doesn't initiate a shutdown. If used, the instance doesn't terminate; instead, it places the CPU into `HLT` and the instance continues to run. **Note** The `InstanceInitiatedShutdownBehavior` attribute only applies when you perform a shutdown from the operating system of the instance itself. It doesn't apply when you stop an instance using the `StopInstances` API or the Amazon EC2 console. ------ #### [ Console ] **To change the instance initiated shutdown behavior** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance. 1. Choose **Actions**, **Instance settings**, **Change shutdown behavior**. **Shutdown behavior** displays the current behavior. 1. To change the behavior, for **Shutdown behavior**, choose **Stop** or **Terminate**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To change the instance initiated shutdown behavior** Use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --instance-initiated-shutdown-behavior terminate ``` ------ #### [ PowerShell ] **To change the instance initiated shutdown behavior** Use the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet. ``` Edit-EC2InstanceAttribute ` -InstanceId i-1234567890abcdef0 ` -InstanceInitiatedShutdownBehavior terminate ``` ------ # Preserve data when an instance is terminated When an Amazon EC2 instance is terminated, you can preserve the data on your instance store volumes or Amazon EBS volumes. This topic explains how to ensure your data persists beyond instance termination. ## How instance termination affects root and data volumes **Instance store volumes** When an instance is terminated, the instance store volumes are automatically deleted and the data is lost. To preserve this data beyond the lifetime of the instance, before terminating the instance, manually copy the data to persistent storage, such as an Amazon EBS volume, an Amazon S3 bucket, or an Amazon EFS file system. For more information, see [Storage options for your Amazon EC2 instances](Storage.md). **Amazon EBS volumes** When an instance is terminated, the EBS volumes are either deleted or preserved, depending on the value of the `DeleteOnTermination` attribute for each volume: + **Yes** (console) / `true` (CLI) – The volume is deleted when the instance is terminated. + **No** (console) / `false` (CLI) – The volume is preserved when the instance is terminated. Preserved volumes continue to incur charges. **Note** After an instance terminates, you can take a snapshot of the preserved volume or attach it to another instance. To avoid incurring charges, you must delete the volume. ## Default deletion behavior for EBS volumes The default `DeleteOnTermination` value differs depending on the volume type, whether the volume was attached at launch or after, and the method (console or CLI) used to attach the volume: | Volume type | Attached when | Method for attaching | Default behavior on instance termination | | --- | --- | --- | --- | | Root volume | At launch | Console or CLI | Delete | | Root volume | After launch | Console or CLI | Preserve | | Data volume | At launch | Console | Preserve | | Data volume | At launch | CLI | Delete | | Data volume | After launch | Console and CLI | Preserve | ## Check volume persistence settings The default value at launch for an EBS volume is determined by the `DeleteOnTermination` attribute set on the AMI. You can change the value at instance launch, overriding the AMI setting. We recommend that you verify the default setting for the `DeleteOnTermination` attribute after you launch an instance. **To check if an Amazon EBS volume will be deleted on instance termination** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance. 1. Choose the **Storage** tab. 1. Under **Block devices**, scroll right to check the **Delete on termination** column. + If **Yes**, the volume is deleted when the instance is terminated. + If **No**, the volume is not be deleted when the instance is terminated. Any volumes not deleted continue to incur charges. ## Change the root volume to persist at launch You can change the `DeleteOnTermination` attribute of an EBS root volume when you launch an instance. You can also use the following procedure for a data volume. ------ #### [ Console ] **To change the root volume of an instance to persist at launch** 1. Follow the procedure to [launch an instance](ec2-launch-instance-wizard.md), but don't launch the instance until you've completed the following steps to change the root volume to persist. 1. On the **Configure storage** pane, choose **Advanced**. 1. Under **EBS volumes**, expand the root volume information. 1. For **Delete on termination**, choose **No**. 1. In the **Summary** panel, review your instance configuration, and then choose **Launch instance**. For more information, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ------ #### [ AWS CLI ] **To change the root volume of an instance to persist at launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command to change the value of `DeleteOnTermination` in the block device mapping. Add the `--block-device-mappings` option: ``` --block-device-mappings file://mapping.json ``` In `mapping.json`, specify the device name, for example `/dev/sda1` or `/dev/xvda`, and for `DeleteOnTermination`, specify `false`. ``` [ { "DeviceName": "device_name", "Ebs": { "DeleteOnTermination": false } } ] ``` ------ #### [ PowerShell ] **To change the root volume of an instance to persist at launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet to change the value of `DeleteOnTermination` in the block device mapping. Add the `-BlockDeviceMapping` option: ``` -BlockDeviceMapping $bdm ``` In `bdm`, specify the device name, for example `/dev/sda1` or `/dev/xvda`, and for `DeleteOnTermination`, specify `false`. ``` $ebd = New-Object -TypeName Amazon.EC2.Model.EbsBlockDevice $ebd.DeleteOnTermination = false $bdm = New-Object -TypeName Amazon.EC2.Model.BlockDeviceMapping $bdm.DeviceName = "/dev/sda1" $bdm.Ebs = $ebd ``` ------ ## Change the root volume of a running instance to persist You can change the EBS root volume of a running instance to persist. You can also use the following procedure for a data volume. ------ #### [ AWS CLI ] **To change the root volume to persist** Use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. ``` aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --block-device-mappings file://mapping.json ``` In `mapping.json`, specify the device name, for example `/dev/sda1` or `/dev/xvda`, and for `--DeleteOnTermination`, specify `false`. ``` [ { "DeviceName": "device_name", "Ebs": { "DeleteOnTermination": false } } ] ``` ------ #### [ PowerShell ] **To change the root volume to persist** Use the [Edit-EC2InstanceAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceAttribute.html) cmdlet. Add the `-BlockDeviceMapping` option: ``` -BlockDeviceMapping $bdm ``` In `bdm`, specify the device name, for example `/dev/sda1` or `/dev/xvda`, and for `DeleteOnTermination`, specify `false`. ``` $ebd = New-Object -TypeName Amazon.EC2.Model.EbsBlockDevice $ebd.DeleteOnTermination = false $bdm = New-Object -TypeName Amazon.EC2.Model.BlockDeviceMapping $bdm.DeviceName = "/dev/sda1" $bdm.Ebs = $ebd ``` ------ # Instance retirement Retire An instance is scheduled to be retired when AWS detects irreparable failure of the underlying hardware that hosts the instance. The instance root volume type determines the behavior of instance retirement: + If your instance root volume is an Amazon EBS volume, the instance is stopped, and you can start it again at any time. Starting the stopped instance migrates it to new hardware. + If your instance root volume is an instance store volume, the instance is terminated, and can't be used again. For more information about the types of instance events, see [Scheduled events for Amazon EC2 instances](monitoring-instances-status-check_sched.md). **Topics** + [ ## Identify instances scheduled for retirement ](#instance-retirement-identify) + [ ## Actions to take for EBS-backed instances scheduled for retirement ](#instance-retirement-actions-EBS) + [ ## Actions to take for instance-store backed instances scheduled for retirement ](#instance-retirement-actions-instance-store) ## Identify instances scheduled for retirement If your instance is scheduled for retirement, you receive an email prior to the event with the instance ID and retirement date. You can also check for instances that are scheduled for retirement. **Important** If an instance is scheduled for retirement, we recommend that you take action as soon as possible, because the instance might already be unreachable. For more information, see [Check if your instance is reachable](#check-instance). **Topics** + [ ### Monitor the email for the account contacts ](#identify-by-email) + [ ### Check your instances ](#identify-in-console-cli) ### Monitor the email for the account contacts If an instance is scheduled for retirement, the primary contact for the account and the operations contact receive an email prior to the event. This email includes the instance ID and scheduled retirement date. For more information, see [Update the primary contact for your AWS account](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-primary.html) and [Update the alternate contacts for your AWS account](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-contact-alternate.html) in the *AWS Account Management Reference Guide*. ### Check your instances If you use an email account that you do not check regularly, you might miss an instance retirement notification. You can check whether any of your instances are scheduled for retirement at any time. ------ #### [ Console ] **To identify instances scheduled for retirement** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **EC2 Dashboard**. Under **Scheduled events**, you can see the events that are associated with your Amazon EC2 instances and volumes, organized by Region. ![\[Scheduled events\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/dashboard-scheduled-events.png) 1. If you have an instance with a scheduled event listed, select its link below the Region name to go to the **Events** page. 1. The **Events** page lists all resources that have events associated with them. To view instances that are scheduled for retirement, select **Instance resources** from the first filter list, and then **Instance stop or retirement** from the second filter list. 1. If the filter results show that an instance is scheduled for retirement, select it, and note the date and time in the **Start time** field in the details pane. This is your instance retirement date. ------ #### [ AWS CLI ] **To find instances scheduled for retirement** Use the following [describe-instance-status](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-status.html) command. Repeat in each Region where you have running instances. ``` aws ec2 describe-instance-status --filters Name=event.code,Values=instance-retirement ``` ------ #### [ PowerShell ] **To find instances scheduled for retirement** Use the [Get-EC2InstanceStatus](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceStatus.html) cmdlet. Repeat in each Region where you have running instances. ``` Get-EC2InstanceStatus -Filter @{Name="event.code"; Values="instance-retirement"} ``` ------ ## Actions to take for EBS-backed instances scheduled for retirement To preserve the data on your retiring instance, you can perform one of the following actions. It's important that you take this action before the instance retirement date to prevent unforeseen downtime and data loss. For Linux instances, if you are not sure whether your instance is backed by EBS or instance store, see [Root volumes for your Amazon EC2 instances](RootDeviceStorage.md). **Check if your instance is reachable** When you are notified that your instance is scheduled for retirement, we recommend that you take the following action as soon as possible: + Check if your instance is reachable by either [connecting to](connect.md) or pinging your instance. + If your instance is reachable, you should plan to stop/start your instance at an appropriate time before the scheduled retirement date, when the impact is minimal. For more information about stopping and starting your instance, and what to expect when your instance is stopped, such as the effect on public, private, and Elastic IP addresses that are associated with your instance, see [Stop and start Amazon EC2 instances](Stop_Start.md). Note that data on instance store volumes is lost when you stop and start your instance. + If your instance is unreachable, you should take immediate action and perform a [stop/start](Stop_Start.md) to recover your instance. + Alternatively, if you want to [terminate](terminating-instances.md) your instance, plan to do so as soon as possible so that you stop incurring charges for the instance. **Create a backup of your instance** Create an EBS-backed AMI from your instance so that you have a backup. To ensure data integrity, stop the instance before you create the AMI. You can wait for the scheduled retirement date when the instance is stopped, or stop the instance yourself before the retirement date. You can start the instance again at any time. For more information, see [Create an Amazon EBS-backed AMI](creating-an-ami-ebs.md). **Launch a replacement instance** After you create an AMI from your instance, you can use the AMI to launch a replacement instance. From the Amazon EC2 console, select your new AMI and then choose **Launch instance from AMI**. Configure the parameters for your instance and then choose **Launch instance**. For more information about each field, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). ## Actions to take for instance-store backed instances scheduled for retirement To preserve the data on your retiring instance, you can perform one of the following actions. It's important that you take this action before the instance retirement date to prevent unforeseen downtime and data loss. **Warning** If your instance has an instance store root volume and it passes its retirement date, it is terminated and you cannot recover the instance or any data that was stored on it. Regardless of the root volume type of your instance, the data on instance store volumes is lost when the instance is retired, even if the volumes are attached to an instance with an EBS root volume. **Check if your instance is reachable** When you are notified that your instance is scheduled for retirement, we recommend that you take the following action as soon as possible: + Check if your instance is reachable by either [connecting](connect-to-linux-instance.md) to or pinging your instance. + If your instance is unreachable, there is likely very little that can be done to recover your instance. For more information, see [Troubleshoot an unreachable Amazon EC2 instance](troubleshoot-unreachable-instance.md). AWS will terminate your instance on the scheduled retirement date, so, for an unreachable instance, you can immediately [terminate](terminating-instances.md) the instance yourself. **Launch a replacement instance** Create an Amazon S3-backed AMI from your instance using the AMI tools, as described in [Create an Amazon S3-backed AMI](creating-an-ami-instance-store.md). From the Amazon EC2 console, select your new AMI and then choose **Launch instance from AMI**. Configure the parameters for your instance and then choose **Launch instance**. For more information about each field, see [Launch an EC2 instance using the launch instance wizard in the console](ec2-launch-instance-wizard.md). **Convert your instance to an EBS-backed instance** Transfer your data to an EBS volume, take a snapshot of the volume, and then create AMI from the snapshot. You can launch a replacement instance from your new AMI. For more information, see [Convert your Amazon S3-backed AMI to an EBS-backed AMI](Using_ConvertingS3toEBS.md). # Automatic instance recovery **Important** This section describes how to proactively configure recovery mechanisms on an EC2 instance. These recovery mechanisms are designed to restore instance availability when AWS detects an underlying hardware or software issue that causes a system status check to fail. If you are currently experiencing problems accessing your instance, see [Troubleshoot EC2 instances](ec2-instance-troubleshoot.md). If AWS detects that an instance is unavailable due to an underlying hardware or software issue, there are two mechanisms that can automatically restore instance availability—[simplified automatic recovery](instance-configuration-recovery.md) and [Amazon CloudWatch action based recovery](cloudwatch-recovery.md). Restoring instance availability is also known as *instance recovery*. During the instance recovery process, AWS will attempt to move your instance from the host with the underlying hardware or software issue to a different host. If successful, the instance recovery process will appear to the instance as an unplanned reboot. You can [verify if instance recovery occurred](verify-if-automatic-recovery-occurred.md). If the recovery process is unsuccessful, the instance might continue running on the host with the underlying hardware or software issue. In this case, manual intervention is required. If the instance becomes unreachable or the system status check continues to fail, we recommend that you manually [stop and start](Stop_Start.md) the instance. When you start an instance, it is typically migrated to a new underlying host computer. However, unlike automatic instance recovery, where the instance retains its public IPv4 address, a restarted instance receives a new public IPv4 address unless it has an Elastic IP address. To benefit from the automatic recovery mechanisms, they must be configured in advance on an instance before a system status check fails. By default, simplified automatic recovery is enabled during instance launch. You can optionally configure Amazon CloudWatch action based recovery after launch. Having one of these mechanisms configured makes your instance more resilient. Simplified automatic recovery and Amazon CloudWatch action based recovery are only available on supported instances. For more information, see [Requirements for enabling simplified automatic recovery](instance-configuration-recovery.md#requirements-for-simplified-automatic-recovery) and [Requirements for enabling CloudWatch action based recovery](cloudwatch-recovery.md#requirements-for-cloudwatch-action-based-recovery). **Warning** When AWS recovers your instance due to an underlying hardware or software issue, be aware of the following consequences: data stored in volatile memory (RAM) will be lost and the operating system’s uptime will start over from zero. Furthermore, with CloudWatch action based recovery, data on instance store volumes will also be lost. To help protect against data loss, we recommend that you regularly create backups of valuable data. For more information about backup and recovery best practices for EC2 instances, see [Best practices for Amazon EC2](ec2-best-practices.md). Automatic instance recovery mechanisms are designed for *individual instances*. For guidance on building a resilient *system*, see [Build a resilient system](#instance-recovery-build-a-resilient-system). **Topics** + [ ## Key concepts of automatic instance recovery ](#ec2-automatic-instance-recovery-key-concepts) + [ ## Differences between simplified automatic recovery and CloudWatch action based recovery ](#differences) + [ ## Build a resilient system ](#instance-recovery-build-a-resilient-system) + [ # Verify if automatic instance recovery occurred ](verify-if-automatic-recovery-occurred.md) + [ # Configure simplified automatic recovery on an Amazon EC2 instance ](instance-configuration-recovery.md) + [ # Configure CloudWatch action based recovery on an EC2 instance ](cloudwatch-recovery.md) ## Key concepts of automatic instance recovery Automatic instance recovery is an Amazon EC2 feature that automatically restores instance availability when underlying hardware or software failures occur, enhancing the resilience and reliability of your EC2 instances. The following are key concepts of automatic instance recovery: **Configuration options** Two mechanisms can be configured to support automatic instance recovery: + [Simplified automatic recovery](instance-configuration-recovery.md): Enabled by default on supported instances. + [CloudWatch action based recovery](cloudwatch-recovery.md): Requires manual configuration on supported instances. **System status checks** System status checks automatically monitor the AWS infrastructure on which your EC2 instance runs. + If a system status check fails, AWS initiates automatic instance recovery, which attempts to migrate the affected instance to different hardware. + A failed system status check indicates a problem with the host's hardware or software, and not a problem with the instance itself. Automatic instance recovery can recover an instance that fails a system status check. However, automatic instance recovery does not operate if only the instance status check fails. + For the differences between instance and system status checks, see [Types of status checks](monitoring-system-instance-status-check.md#types-of-instance-status-checks). **Examples of underlying hardware or software problems** Hardware or software issues that can cause a system status check to fail include loss of network connectivity, loss of system power, software issues on the physical host, and hardware issues on the physical host that impact network reachability. **Characteristics of recovered instances** A recovered instance is identical to the original instance, except for the elements that are lost. Preserved elements: + Instance ID + Public, private, and Elastic IP addresses + Instance metadata + Placement group + Attached EBS volumes + Availability Zone Lost elements: + Data stored in volatile memory (RAM) + Data stored on instance store volumes (applicable to CloudWatch action based recovery only) + Operating system uptime resets to zero **Monitoring system status checks with CloudWatch** The [StatusCheckFailed\$1System](viewing_metrics_with_cloudwatch.md#status-check-metrics) metric in CloudWatch indicates whether a system status check passed or failed. Metric values: + **0** – The system status check passed. + **1** – The system status check failed. **Events in Health Dashboard** During automatic instance recovery attempts, AWS sends events to your Health Dashboard based on the configured recovery mechanism and its outcome: + Simplified automatic recovery + Success event: `AWS_EC2_SIMPLIFIED_AUTO_RECOVERY_SUCCESS` + Failure event: `AWS_EC2_SIMPLIFIED_AUTO_RECOVERY_FAILURE` + CloudWatch action based recovery + Success event: `AWS_EC2_INSTANCE_AUTO_RECOVERY_SUCCESS` + Failure event: `AWS_EC2_INSTANCE_AUTO_RECOVERY_FAILURE` ## Differences between simplified automatic recovery and CloudWatch action based recovery The following table compares the key differences between simplified automatic recovery and CloudWatch action based recovery. | Comparison point | Simplified automatic recovery | CloudWatch action based recovery | | --- | --- | --- | | Configuration | Enabled by default on supported instances | Requires manual configuration of CloudWatch alarms and actions | | Flexibility | Fixed recovery behavior managed by AWS | Customizable actions and conditions | | Notification | Basic notifications through Health Dashboard | Customizable notifications through SNS | | Metal instance size | Excluded | Included | | Instance store volumes attached at launch | Not supported for instances that attach instance store volumes at launch | Supported on selected instance types. Note that data on instance store volumes is lost during instance recovery. | | Recovery time | Standard recovery attempt | Faster recovery attempts than simplified automatic recovery | | Host problem resolves during migration | Migration might be canceled and the instance stays on the original host | Migration continues to a new host | | Cost | No additional cost | Might incur CloudWatch charges | ## Build a resilient system While simplified automatic recovery and CloudWatch action based recovery are effective for maintaining individual instance availability, AWS recommends implementing a high-availability architecture that allows failover of traffic to healthy instances. To achieve this, consider using AWS services such as Elastic Load Balancing (which distributes incoming traffic across multiple EC2 instances) and Amazon EC2 Auto Scaling (which automatically adjusts the number of instances based on demand and health). For more information about building a resilient, fault-tolerant system with EC2 instances, see the following resources: + [Back to Basics: Designing for Failure with EC2](https://www.youtube.com/watch?v=5Hq5YxOrKYs) on the *AWS YouTube channel* + [Disaster Recovery (DR) Architecture on AWS, Part I: Strategies for Recovery in the Cloud](https://aws.amazon.com/blogs/architecture/disaster-recovery-dr-architecture-on-aws-part-i-strategies-for-recovery-in-the-cloud/) on the *AWS Architecture Blog* site + [Application Load Balancers User Guide](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) + [Amazon EC2 Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html) + [REL11-BP02 Fail over to healthy resources](https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/rel_withstand_component_failures_failover2good.html) in the *Reliability Pillar AWS Well-Architected Framework* # Verify if automatic instance recovery occurred Verify if automatic recovery occurred If your instance appears to have been offline and then unexpectedly rebooted, it might have undergone [automatic instance recovery](ec2-instance-recover.md#ec2-automatic-instance-recovery-key-concepts) in response to an underlying hardware or software issue. You can verify this by checking for automatic instance recovery events in your Health Dashboard. You can also check whether an underlying hardware or software issue was detected for your instance by checking the **StatusCheckFailed\$1System** Amazon CloudWatch metric. ## Check for events in Health Dashboard When an automatic instance recovery attempt occurs, AWS sends events to your Health Dashboard. The specific event depends on the configured recovery mechanism and whether the attempt succeeded or failed. **To check for automatic instance recovery events in the Health Dashboard** 1. Open the Health Dashboard at [https://phd.aws.amazon.com/phd/home\$1/](https://phd.aws.amazon.com/phd/). 1. Look for the events associated with automatic instance recovery. The presence of these events can confirm whether an attempt at automatic instance recovery occurred and its outcome. + Simplified automatic recovery + Success event: `AWS_EC2_SIMPLIFIED_AUTO_RECOVERY_SUCCESS` + Failure event: `AWS_EC2_SIMPLIFIED_AUTO_RECOVERY_FAILURE` + CloudWatch action based recovery + Success event: `AWS_EC2_INSTANCE_AUTO_RECOVERY_SUCCESS` + Failure event: `AWS_EC2_INSTANCE_AUTO_RECOVERY_FAILURE` ## Monitor system status checks with CloudWatch You can verify if an underlying hardware or software issue was detected for your instance by checking the [StatusCheckFailed\$1System](viewing_metrics_with_cloudwatch.md#status-check-metrics) metric in CloudWatch. The metric value indicates whether a system status check passed (no hardware or software issue) or failed (hardware or software issue). **To verify if an underlying hardware or software issue was detected** 1. Open the CloudWatch console **Metrics** page at [https://console.aws.amazon.com/cloudwatch/home?\$1metricsV2](https://console.aws.amazon.com/cloudwatch/home?#metricsV2). 1. Verify that you're in the same Region as your EC2 instance. 1. Paste the following metric in the **Metrics** search field, and press Enter. ``` StatusCheckFailed_System ``` 1. Choose **EC2 > Per-Instance Metrics**. 1. In the table, select the check box next to the instance that you want to check. 1. Change the query period to the time that you suspect the recovery event occurred. 1. Choose the **Graphed metrics** tab, and for **StatusCheckFailed\$1System**, do the following: 1. For **Statistic**, choose either **Average**, **Maximum**, or **Minimum**. 1. For **Period**, choose **1 minute**. 1. Check the value for **StatusCheckFailed\$1System**. + Value of **0**: The system status check passed, indicating no underlying hardware or software issue. + Value of **1**: The system status check failed, indicating an underlying hardware or software issue. For more information, see [Automatic instance recovery](ec2-instance-recover.md). # Configure simplified automatic recovery on an Amazon EC2 instance Simplified automatic recovery **Important** This section describes how to proactively configure recovery mechanisms on an EC2 instance. These recovery mechanisms are designed to restore instance availability when AWS detects an underlying hardware or software issue that causes a system status check to fail. If you are currently experiencing problems accessing your instance, see [Troubleshoot EC2 instances](ec2-instance-troubleshoot.md). If AWS detects that an instance is unavailable due to an underlying hardware or software issue, *simplified automatic recovery* can automatically restore instance availability by moving the instance from the host with the underlying issue to a different host. If simplified automatic recovery occurs, AWS sends one of the following events to your AWS Health Dashboard, depending on the outcome: + Success event: `AWS_EC2_SIMPLIFIED_AUTO_RECOVERY_SUCCESS` + Failure event: `AWS_EC2_SIMPLIFIED_AUTO_RECOVERY_FAILURE` To be notified of these events, you can configure notifications. For more information, see [Creating your first notification configuration in AWS User Notifications](https://docs.aws.amazon.com/notifications/latest/userguide/getting-started.html) in the *AWS User Notifications User Guide*. You can also use [Amazon EventBridge rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rules.html) to monitor simplified automatic recovery events. Simplified automatic recovery is enabled by default on all supported instances during instance launch. However, it can only operate if an instance is in the `running` state, there are no service events listed in the AWS Health Dashboard, and there is available capacity for the instance type. In some situations, such as significant outages, capacity constraints might cause recovery attempts to fail. For more information, see [Troubleshoot simplified automatic recovery failures](#ec2-instance-recover-simplified-auto-recovery-troubleshooting). You can disable simplified automatic recovery during or after launch, and re-enable it later if required. **Warning** When AWS recovers your instance due to an underlying hardware or software issue, be aware of the following consequences: data stored in volatile memory (RAM) will be lost and the operating system’s uptime will start over from zero. To help protect against data loss, we recommend that you regularly create backups of valuable data. For more information about backup and recovery best practices for EC2 instances, see [Best practices for Amazon EC2](ec2-best-practices.md). Automatic instance recovery mechanisms are designed for *individual instances*. For guidance on building a resilient *system*, see [Build a resilient system](ec2-instance-recover.md#instance-recovery-build-a-resilient-system). **Topics** + [ ## Requirements for enabling simplified automatic recovery ](#requirements-for-simplified-automatic-recovery) + [ ## Configure simplified automatic recovery ](#set-recovery-behavior) + [ ## Troubleshoot simplified automatic recovery failures ](#ec2-instance-recover-simplified-auto-recovery-troubleshooting) ## Requirements for enabling simplified automatic recovery Simplified automatic recovery can be enabled on instances that meet the following criteria: **Instance types** + **General purpose:** A1, M3, M4, M5, M5a, M5n, M5zn, M6a, M6g, M6i, M6in, M7a, M7g, M7i, M7i-flex, M8a, M8azn, M8g, M8gb, M8gn, M8i, M8i-flex, T1, T2, T3, T3a, T4g + **Compute optimized:** C3, C4, C5, C5a, C5n, C6a, C6g, C6gn, C6i, C6in, C7a, C7g, C7gn, C7i, C7i-flex, C8a, C8g, C8gb, C8gn, C8i, C8i-flex + **Memory optimized:** R3, R4, R5, R5a, R5b, R5n, R6a, R6g, R6i, R6in, R7a, R7g, R7i, R7iz, R8a, R8g, R8gb, R8gn, R8i, R8i-flex, U-3tb1, U-6tb1, U-9tb1, U-12tb1, U-18tb1, U-24tb1, U7i-6tb, U7i-8tb, U7i-12tb, U7in-16tb, U7in-24tb, U7in-32tb, U7inh-32tb, X1, X1e, X2iezn, X8g, X8i + **Accelerated computing:** G3, G5g, Inf1, P3, VT1 + **High-performance computing:** Hpc6a, Hpc7a, Hpc7g, Hpc8a **Tenancy** + Shared + Dedicated Instance For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md). **Limitations** Simplified automatic recovery is not supported for instances with the following characteristics: + Instance size: `metal` instances + Tenancy: Dedicated Host. For Dedicated Hosts, use [Dedicated Host Auto Recovery](dedicated-hosts-recovery.md) instead. + Storage: Instances with instance store volumes + Networking: Instances using an Elastic Fabric Adapter + Auto Scaling: Instances that are part of an Auto Scaling group + Maintenance: Instances currently undergoing a scheduled maintenance event ## Configure simplified automatic recovery Simplified automatic recovery is enabled by default when you launch a supported instance. You can set the automatic recovery behavior to `disabled` during or after launching the instance. The `default` configuration doesn't enable simplified automatic recovery for an unsupported instance. ------ #### [ Console ] **To disable simplified automatic recovery at launch** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**, and then choose **Launch instance**. 1. In the **Advanced details** section, for **Instance auto-recovery**, choose **Disabled**. 1. Configure the remaining instance launch settings as needed and then launch the instance. **To disable simplified automatic recovery after launch** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance, and then choose **Actions**, **Instance settings**, **Change auto-recovery behavior**. 1. Choose **Off**, and then choose **Save**. **To enable simplified automatic recovery after launch** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance, and then choose **Actions**, **Instance settings**, **Change auto-recovery behavior**. 1. Choose **Default (On)**, and then choose **Save**. ------ #### [ AWS CLI ] **To disable simplified automatic recovery at launch** Use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instance.html) command with the `--maintenance-options` option. ``` --maintenance-options AutoRecovery=Disabled ``` **To disable simplified automatic recovery after launch** Use the [modify-instance-maintenance-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-maintenance-options.html) command. ``` aws ec2 modify-instance-maintenance-options \ --instance-id i-1234567890abcdef0 \ --auto-recovery disabled ``` **To enable simplified automatic recovery after launch** Use the [modify-instance-maintenance-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-maintenance-options.html) command. ``` aws ec2 modify-instance-maintenance-options \ --instance-id i-1234567890abcdef0 \ --auto-recovery default ``` ------ #### [ PowerShell ] **To disable simplified automatic recovery at launch** Use the [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet. ``` -MaintenanceOptions_AutoRecovery Disabled ``` **To disable simplified automatic recovery after launch** Use the [Edit-EC2InstanceMaintenanceOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMaintenanceOption.html) cmdlet. ``` Edit-EC2InstanceMaintenanceOption ` -InstanceId i-1234567890abcdef0 ` -AutoRecovery Disabled ``` **To enable simplified automatic recovery after launch** Use the [Edit-EC2InstanceMaintenanceOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMaintenanceOption.html) cmdlet. ``` Edit-EC2InstanceMaintenanceOption ` -InstanceId i-1234567890abcdef0 ` -AutoRecovery Enabled ``` ------ ## Troubleshoot simplified automatic recovery failures If simplified automatic recovery fails to recover your instance, consider the following issues: + AWS service events are running Simplified automatic recovery does not operate during service events in the AWS Health Dashboard. You might not receive recovery failure notifications for such events. For the latest service availability information, see the [Service health](https://health.aws.amazon.com/health/status) status page. + Insufficient capacity There is temporarily insufficient replacement hardware to migrate the instance. + Maximum daily recovery attempts reached The instance has reached the maximum daily allowance for recovery attempts. Your instance might subsequently be retired if automatic recovery fails and a hardware degradation is determined to be the root cause of the original failed system status check. If the instance’s system status check failure persists despite multiple recovery attempts, see [Troubleshoot instances with failed status checks](TroubleshootingInstances.md) for additional guidance. # Configure CloudWatch action based recovery on an EC2 instance CloudWatch action based recovery **Important** This section describes how to proactively configure recovery mechanisms on an EC2 instance. These recovery mechanisms are designed to restore instance availability when AWS detects an underlying hardware or software issue that causes a system status check to fail. If you are currently experiencing problems accessing your instance, see [Troubleshoot EC2 instances](ec2-instance-troubleshoot.md). If AWS detects that an instance is unavailable due to an underlying hardware or software issue, *CloudWatch action based recovery* can automatically restore instance availability by moving the instance from the host with the underlying issue to a different host. If CloudWatch action based recovery occurs, AWS sends one of the following events to your AWS Health Dashboard, depending on the outcome: + Success event: `AWS_EC2_INSTANCE_AUTO_RECOVERY_SUCCESS` + Failure event: `AWS_EC2_INSTANCE_AUTO_RECOVERY_FAILURE` You can configure CloudWatch action based recovery to add recovery actions to Amazon CloudWatch alarms. CloudWatch action based recovery works with the `StatusCheckFailed_System` metric. CloudWatch action based recovery provides to-the-minute recovery response time granularity and Amazon Simple Notification Service (Amazon SNS) notifications of recovery actions and outcomes. These configuration options allow for faster recovery attempts with more granular control over the system status check failure event response compared to simplified automatic recovery. For more information about available CloudWatch options, see [Status checks for your instances](monitoring-system-instance-status-check.md). However, CloudWatch action based recovery can only operate if an instance is in the `running` state, there are no service events listed in the AWS Health Dashboard, and there is available capacity for the instance type. In some situations, such as significant outages, capacity constraints might cause recovery attempts to fail. For more information, see [Troubleshoot CloudWatch action based recovery failures](#ec2-instance-recover-cloudwatch-troubleshooting). **Warning** When AWS recovers your instance due to an underlying hardware or software issue, be aware of the following consequences: data stored in volatile memory (RAM) and on instance store volumes will be lost, and the operating system’s uptime will start over from zero. To help protect against data loss, we recommend that you regularly create backups of valuable data. For more information about backup and recovery best practices for EC2 instances, see [Best practices for Amazon EC2](ec2-best-practices.md). Automatic instance recovery mechanisms are designed for *individual instances*. For guidance on building a resilient *system*, see [Build a resilient system](ec2-instance-recover.md#instance-recovery-build-a-resilient-system). **Topics** + [ ## Requirements for enabling CloudWatch action based recovery ](#requirements-for-cloudwatch-action-based-recovery) + [ ## Configure CloudWatch action based recovery ](#ec2-instance-recover-cloudwatch-configure) + [ ## Troubleshoot CloudWatch action based recovery failures ](#ec2-instance-recover-cloudwatch-troubleshooting) ## Requirements for enabling CloudWatch action based recovery Requirements CloudWatch action based recovery can be enabled on instances that meet the following criteria: **Instance types** + **General purpose:** A1, M3, M4, M5, M5a, M5n, M5zn, M6a, M6g, M6i, M6in, M7a, M7g, M7i, M7i-flex, M8a, M8azn, M8g, M8gb, M8gn, M8i, M8i-flex, T1, T2, T3, T3a, T4g + **Compute optimized:** C3, C4, C5, C5a, C5n, C6a, C6g, C6gn, C6i, C6in, C7a, C7g, C7gn, C7i, C7i-flex, C8a, C8g, C8gb, C8gn, C8i, C8i-flex + **Memory optimized:** R3, R4, R5, R5a, R5b, R5n, R6a, R6g, R6i, R6in, R7a, R7g, R7i, R7iz, R8a, R8g, R8gb, R8gn, R8i, R8i-flex, U-3tb1, U-6tb1, U-9tb1, U-12tb1, U-18tb1, U-24tb1, U7i-6tb, U7i-8tb, U7i-12tb, U7in-16tb, U7in-24tb, U7in-32tb, U7inh-32tb, X1, X1e, X2idn, X2iedn, X2iezn, X8g, X8i + **Accelerated computing:** G3, G5g, Inf1, P3, VT1 + **High-performance computing:** Hpc6a, Hpc7a, Hpc7g, Hpc8a + **Metal instances:** Any of the above instance types with the metal instance size. + **If instance store volumes are added at launch:** Then only the following instance types are supported: M3, C3, R3, X1, X1e, X2idn, X2iedn **Tenancy** + Shared + Dedicated Instance For more information, see [Amazon EC2 Dedicated Instances](dedicated-instance.md). **Limitations** CloudWatch action based recovery is not supported for instances with the following characteristics: + Tenancy: Dedicated Host. For Dedicated Hosts, use [Dedicated Host Auto Recovery](dedicated-hosts-recovery.md) instead. + Networking: Instances using an Elastic Fabric Adapter + Auto Scaling: Instances that are part of an Auto Scaling group + Maintenance: Instances currently undergoing a scheduled maintenance event ### Find a supported instance type You can view the instance types that support CloudWatch action based recovery. ------ #### [ Console ] **To view the instance types that support CloudWatch action based recovery** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the left navigation pane, choose **Instance Types**. 1. In the filter bar, add the filter **Auto Recovery support = true**. The **Instance types** table displays all the instance types that support CloudWatch action based recovery. 1. (Optional) Add filters to further scope to specific instance types of interest. ------ #### [ AWS CLI ] **To view the instance types that support CloudWatch action based recovery** Use the [describe-instance-types](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-types.html) command with the `auto-recovery-supported` filter. ``` aws ec2 describe-instance-types \ --filters Name=auto-recovery-supported,Values=true \ --query "InstanceTypes[*].[InstanceType]" \ --output text | sort ``` ------ #### [ PowerShell ] **To view the instance types that support CloudWatch action based recovery** Use the [Get-EC2InstanceType](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceType.html) cmdlet with the `auto-recovery-supported` filter. ``` Get-EC2InstanceType ` -Filter @{Name="auto-recovery-supported";Values="true"} | ` Select InstanceType | Sort-Object InstanceType ``` ------ ## Configure CloudWatch action based recovery To configure CloudWatch action based recovery for an EC2 instance, create a CloudWatch alarm that monitors the `StatusCheckFailed_System` metric for the specified instance. Set the alarm to trigger when the metric value is **1**, indicating a failed system status check. Configure the alarm action to automatically recover the instance when triggered. You can configure the alarm using either the Amazon EC2 console or the CloudWatch console. For the instructions, see [Add recover actions to Amazon CloudWatch alarms](UsingAlarmActions.md#AddingRecoverActions) in this user guide, or [Adding recover actions to Amazon CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html#AddingRecoverActions) in the *Amazon CloudWatch User Guide*. ## Troubleshoot CloudWatch action based recovery failures Troubleshoot If CloudWatch action based recovery fails to recover your instance, consider the following issues: + AWS service events are running CloudWatch action based recovery does not operate during service events in the AWS Health Dashboard. You might not receive recovery failure notifications for such events. For the latest service availability information, see the [Service health](https://health.aws.amazon.com/health/status) status page. + Insufficient capacity There is temporarily insufficient replacement hardware to migrate the instance. + Maximum daily recovery attempts reached The instance has reached the maximum daily allowance for recovery attempts. Your instance might subsequently be retired if automatic recovery fails and a hardware degradation is determined to be the root cause of the original failed system status check. If the instance’s system status check failure persists despite multiple recovery attempts, see [Troubleshoot instances with failed status checks](TroubleshootingInstances.md) for additional guidance. # Use instance metadata to manage your EC2 instance Instance metadata *Instance metadata* is data about your instance that you can use to configure or manage the running instance. Instance metadata includes the following: **Instance metadata properties** Instance metadata properties are divided into [categories](#instancedata-data-categories), for example, host name, events, and security groups. **Dynamic data** Dynamic data is metadata that's generated when the instance is launched, such as an instance identity document. For more information, see [Dynamic data categories](#dynamic-data-categories). **User data** You can also use instance metadata to access *user data* that you specified when you launched your instance. For example, you can specify parameters for configuring your instance, or include a simple script. You can also build generic AMIs and use user data to modify the configuration files supplied at launch time. For example, if you run web servers for various small businesses, they can all use the same generic AMI and retrieve their content from an Amazon S3 bucket that you specify in the user data at launch. To add a new customer at any time, create a bucket for the customer, add their content, and launch your AMI with the unique bucket name provided to your code in the user data. If you launch multiple instances using the same `RunInstances` call, the user data is available to all instances in that reservation. Each instance that is part of the same reservation has a unique `ami-launch-index` number, so that you can write code that controls what the instances do. For example, the first host might elect itself as the original node in a cluster. For a detailed AMI launch example, see [Identify each instance launched in a single request](AMI-launch-index-examples.md). **Important** Although you can only access instance metadata and user data from within the instance itself, the data is not protected by authentication or cryptographic methods. Anyone who has direct access to the instance, and potentially any software running on the instance, can view its metadata. Therefore, you should not store sensitive data, such as passwords or long-lived encryption keys, as user data. **Topics** + [ ## Instance metadata categories ](#instancedata-data-categories) + [ ## Dynamic data categories ](#dynamic-data-categories) + [ # Access instance metadata for an EC2 instance ](instancedata-data-retrieval.md) + [ # Configure the Instance Metadata Service options ](configuring-instance-metadata-options.md) + [ # Run commands when you launch an EC2 instance with user data input ](user-data.md) + [ # Identify each instance launched in a single request ](AMI-launch-index-examples.md) ## Instance metadata categories Instance metadata properties are divided into categories. To retrieve instance metadata properties, you specify the category in the request, and the metadata is returned in the response. When new categories are released, a new instance metadata build is created with a new version number. In the following table, the **Version when category was released** column specifies the build version when an instance metadata category was released. To avoid having to update your code every time Amazon EC2 releases a new instance metadata build, use `latest` instead of the version number in your metadata requests. For more information, see [Get the available versions of the instance metadata](configuring-instance-metadata-service.md#instance-metadata-ex-1). When Amazon EC2 releases a new instance metadata category, the instance metadata for the new category might not be available for existing instances. With [Nitro-based instances](instance-types.md#instance-hypervisor-type), you can retrieve instance metadata only for the categories that were available at launch. For instances with the Xen hypervisor, you can [stop and then start](Stop_Start.md) the instance to update the categories that are available for the instance. The following table lists the categories of instance metadata. Some of the category names include placeholders for data that is unique to your instance. For example, *mac* represents the MAC address for the network interface. You must replace the placeholders with actual values when you retrieve the instance metadata. | Category | Description | Version when category was released | | --- | --- | --- | | ami-id | The AMI ID used to launch the instance. | 1.0 | | ami-launch-index | If you launch multiple instances using the same RunInstances call, this value indicates the launch order for each instance. The value of the first instance launched is 0. If you launch instances using Auto Scaling or EC2 fleet, this value is always 0. | 1.0 | | ami-manifest-path | The path to the AMI manifest file in Amazon S3. If you used an Amazon EBS-backed AMI to launch the instance, the returned result is unknown. | 1.0 | | ancestor-ami-ids | The AMI IDs of any instances that were rebundled to create this AMI. This value will only exist if the AMI manifest file contained an ancestor-amis key. | 2007-10-10 | | autoscaling/target-lifecycle-state | Value showing the target Auto Scaling lifecycle state that an Auto Scaling instance is transitioning to. Present when the instance transitions to one of the target lifecycle states after March 10, 2022. Possible values: `Detached` \$1 `InService` \$1 `Standby` \$1 `Terminated` \$1 `Warmed:Hibernated` \$1 `Warmed:Running` \$1 `Warmed:Stopped` \$1 `Warmed:Terminated`. See [Retrieve the target lifecycle state through instance metadata](https://docs.aws.amazon.com/autoscaling/ec2/userguide/retrieving-target-lifecycle-state-through-imds.html) in the *Amazon EC2 Auto Scaling User Guide*. | 2021-07-15 | | block-device-mapping/ami | The virtual device that contains the root/boot file system. | 2007-12-15 | | block-device-mapping/ebsN | The virtual devices associated with any Amazon EBS volumes. Amazon EBS volumes are only available in metadata if they were present at launch time or when the instance was last started. The N indicates the index of the Amazon EBS volume (such as ebs1 or ebs2). | 2007-12-15 | | block-device-mapping/ephemeralN | The virtual devices for any non-NVMe instance store volumes. The N indicates the index of each volume. The number of instance store volumes in the block device mapping might not match the actual number of instance store volumes for the instance. The instance type determines the number of instance store volumes that are available to an instance. If the number of instance store volumes in a block device mapping exceeds the number available to an instance, the additional instance store volumes are ignored. | 2007-12-15 | | block-device-mapping/root | The virtual devices or partitions associated with the root devices or partitions on the virtual device, where the root (/ or C:) file system is associated with the given instance. | 2007-12-15 | | block-device-mapping/swap | The virtual devices associated with swap. Not always present. | 2007-12-15 | | events/maintenance/history | If there are completed or canceled maintenance events for the instance, contains a JSON string with information about the events. | 2018-08-17 | | events/maintenance/scheduled | If there are active maintenance events for the instance, contains a JSON string with information about the events. For more information, see [View scheduled events that affect your Amazon EC2 instances](viewing_scheduled_events.md). | 2018-08-17 | | events/recommendations/rebalance | The approximate time, in UTC, when the EC2 instance rebalance recommendation notification is emitted for the instance. The following is an example of the metadata for this category: \$1"noticeTime": "2020-11-05T08:22:00Z"\$1. This category is available only after the notification is emitted. For more information, see [EC2 instance rebalance recommendations](rebalance-recommendations.md). | 2020-10-27 | | hostname | If the EC2 instance is using IP-based naming (IPBN), this is the private IPv4 DNS hostname of the instance. If the EC2 instance is using Resource-based naming (RBN), this is the RBN. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0). For more information about IPBN and RBN, see [EC2 instance hostnames and domains](ec2-instance-naming.md). | 1.0 | | iam/info | If there is an IAM role associated with the instance, contains information about the last time the instance profile was updated, including the instance's LastUpdated date, InstanceProfileArn, and InstanceProfileId. Otherwise, not present. | 2012-01-12 | | iam/security-credentials/role-name | If there is an IAM role associated with the instance, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role (for more information, see [Retrieve security credentials from instance metadata](instance-metadata-security-credentials.md)). Otherwise, not present. | 2012-01-12 | | identity-credentials/ec2/info | Information about the credentials in identity-credentials/ec2/security-credentials/ec2-instance. | 2018-05-23 | | identity-credentials/ec2/security-credentials/ec2-instance | Credentials for the instance identity role that allow on-instance software to identify itself to AWS to support features such as EC2 Instance Connect and AWS Systems Manager Default Host Management Configuration. These credentials have no policies attached, so they have no additional AWS API permissions beyond identifying the instance to the AWS feature. For more information, see [Instance identity roles for Amazon EC2 instances](iam-roles-for-amazon-ec2.md#ec2-instance-identity-roles). | 2018-05-23 | | instance-action | Notifies the instance that it should reboot in preparation for bundling. Valid values: none \$1 shutdown \$1 bundle-pending. | 2008-09-01 | | instance-id | The ID of this instance. | 1.0 | | instance-life-cycle | The purchasing option of this instance. For more information, see [Amazon EC2 billing and purchasing options](instance-purchasing-options.md). | 2019-10-01 | | instance-type | The type of instance. For more information, see [Amazon EC2 instance types](instance-types.md). | 2007-08-29 | | ipv6 | The IPv6 address of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0) network interface and the first IPv6 address assigned. If no IPv6 address exists on network interface[0], this item is not set and results in an HTTP 404 response. | 2021-01-03 | | kernel-id | The ID of the kernel launched with this instance, if applicable. | 2008-02-01 | | local-hostname | In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0). If the EC2 instance is using IP-based naming (IPBN), this is the private IPv4 DNS hostname of the instance. If the EC2 instance is using Resource-based naming (RBN), this is the RBN. For more information about IPBN, RBN, and EC2 instance naming, see [EC2 instance hostnames and domains](ec2-instance-naming.md). | 2007-01-19 | | local-ipv4 | The private IPv4 address of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0). If this is an IPv6-only instance, this item is not set and results in an HTTP 404 response. | 1.0 | | mac | The instance's media access control (MAC) address. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0). | 2011-01-01 | | metrics/vhostmd | No longer available. | 2011-05-01 | | network/interfaces/macs/mac/device-number | The unique device number associated with that interface. The device number corresponds to the device name; for example, a device-number of 2 is for the eth2 device. This category corresponds to the DeviceIndex and device-index fields that are used by the Amazon EC2 API and the EC2 commands for the AWS CLI. | 2011-01-01 | | network/interfaces/macs/mac/interface-id | The ID of the network interface. | 2011-01-01 | | network/interfaces/macs/mac/ipv4-associations/public-ip | The private IPv4 addresses that are associated with each public IP address and assigned to that interface. | 2011-01-01 | | network/interfaces/macs/mac/ipv6s | The IPv6 addresses assigned to the interface. | 2016-06-30 | | network/interfaces/macs/mac/ipv6-prefix | The IPv6 prefix assigned to the network interface. | | | network/interfaces/macs/mac/local-hostname | The private IPv4 DNS hostname of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0). If this is a IPv6-only instance, this is the resource-based name. For more information about IPBN and RBN, see [EC2 instance hostnames and domains](ec2-instance-naming.md). | 2007-01-19 | | network/interfaces/macs/mac/local-ipv4s | The private IPv4 addresses associated with the interface. If this is an IPv6-only network interface, this item is not set and results in an HTTP 404 response. | 2011-01-01 | | network/interfaces/macs/mac/mac | The instance's MAC address. | 2011-01-01 | | network/interfaces/macs/mac/network-card | The index of the network card. Some instance types support multiple network cards. | 2020-11-01 | | network/interfaces/macs/mac/owner-id | The ID of the owner of the network interface. In multiple-interface environments, an interface can be attached by a third party, such as Elastic Load Balancing. Traffic on an interface is always billed to the interface owner. | 2011-01-01 | | network/interfaces/macs/mac/public-hostname | The interface's public DNS (IPv4). This category is only returned if the enableDnsHostnames attribute is set to true. For more information, see [DNS attributes for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html) in the Amazon VPC User Guide. If the instance only has a public-IPv6 address and no public-IPv4 address, this item is not set and results in an HTTP 404 response. | 2011-01-01 | | network/interfaces/macs/mac/public-ipv4s | The public IP address or Elastic IP addresses associated with the interface. There may be multiple IPv4 addresses on an instance. | 2011-01-01 | | network/interfaces/macs/mac/security-groups | Security groups to which the network interface belongs. | 2011-01-01 | | network/interfaces/macs/mac/security-group-ids | The IDs of the security groups to which the network interface belongs. | 2011-01-01 | | network/interfaces/macs/mac/subnet-id | The ID of the subnet in which the interface resides. | 2011-01-01 | | network/interfaces/macs/mac/subnet-ipv4-cidr-block | The IPv4 CIDR block of the subnet in which the interface resides. | 2011-01-01 | | network/interfaces/macs/mac/subnet-ipv6-cidr-blocks | The IPv6 CIDR block of the subnet in which the interface resides. | 2016-06-30 | | network/interfaces/macs/mac/vpc-id | The ID of the VPC in which the interface resides. | 2011-01-01 | | network/interfaces/macs/mac/vpc-ipv4-cidr-block | The primary IPv4 CIDR block of the VPC. | 2011-01-01 | | network/interfaces/macs/mac/vpc-ipv4-cidr-blocks | The IPv4 CIDR blocks for the VPC. | 2016-06-30 | | network/interfaces/macs/mac/vpc-ipv6-cidr-blocks | The IPv6 CIDR block of the VPC in which the interface resides. | 2016-06-30 | | placement/availability-zone | The Availability Zone in which the instance launched. | 2008-02-01 | | placement/availability-zone-id | The static Availability Zone ID in which the instance is launched. The Availability Zone ID is consistent across accounts. However, it might be different from the Availability Zone, which can vary by account. | 2019-10-01 | | placement/group-name | The name of the placement group in which the instance is launched. | 2020-08-24 | | placement/host-id | The ID of the host on which the instance is launched. Applicable only to Dedicated Hosts. | 2020-08-24 | | placement/partition-number | The number of the partition in which the instance is launched. | 2020-08-24 | | placement/region | The AWS Region in which the instance is launched. | 2020-08-24 | | product-codes | AWS Marketplace product codes associated with the instance, if any. | 2007-03-01 | | public-hostname | The instance's public DNS (IPv4). This category is only returned if the enableDnsHostnames attribute is set to true. For more information, see [DNS attributes for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html) in the Amazon VPC User Guide. If the instance only has a public-IPv6 address and no public-IPv4 address, this item is not set and results in an HTTP 404 response. | 2007-01-19 | | public-ipv4 | The public IPv4 address. If an Elastic IP address is associated with the instance, the value returned is the Elastic IP address. | 2007-01-19 | | public-keys/0/openssh-key | Public key. Only available if supplied at instance launch time. | 1.0 | | ramdisk-id | The ID of the RAM disk specified at launch time, if applicable. | 2007-10-10 | | reservation-id | The ID of the reservation. | 1.0 | | security-groups | The names of the security groups applied to the instance. After launch, you can change the security groups of the instances. Such changes are reflected here and in network/interfaces/macs/**mac**/security-groups. | 1.0 | | services/domain | The domain for AWS resources for the Region. | 2014-02-25 | | services/partition | The partition that the resource is in. For standard AWS Regions, the partition is `aws`. If you have resources in other partitions, the partition is `aws-partitionname`. For example, the partition for resources in the China (Beijing) Region is `aws-cn`. | 2015-10-20 | | spot/instance-action | The action (hibernate, stop, or terminate) and the approximate time, in UTC, when the action will occur. This item is present only if the Spot Instance has been marked for hibernate, stop, or terminate. For more information, see [instance-action](spot-instance-termination-notices.md#instance-action-metadata). | 2016-11-15 | | spot/termination-time | The approximate time, in UTC, that the operating system for your Spot Instance will receive the shutdown signal. This item is present and contains a time value (for example, 2015-01-05T18:02:00Z) only if the Spot Instance has been marked for termination by Amazon EC2. The termination-time item is not set to a time if you terminated the Spot Instance yourself. For more information, see [termination-time](spot-instance-termination-notices.md#termination-time-metadata). | 2014-11-05 | | system | The underlying virtualization type (hypervisor) of the instance. | 2022-09-24 | | tags/instance | The instance tags associated with the instance. Only available if you explicitly allow access to tags in instance metadata. For more information, see [Enable access to tags in instance metadata](work-with-tags-in-IMDS.md#allow-access-to-tags-in-IMDS). | 2021-03-23 | ## Dynamic data categories The following table lists the categories of dynamic data. | Category | Description | Version when category was released | | --- | --- | --- | | fws/instance-monitoring | Value showing whether the customer has enabled detailed one-minute monitoring in CloudWatch. Valid values: enabled \$1 disabled | 2009-04-04 | | instance-identity/document | JSON containing instance attributes, such as instance-id, private IP address, etc. See [Instance identity documents for Amazon EC2 instances](instance-identity-documents.md). | 2009-04-04 | | instance-identity/pkcs7 | Used to verify the document's authenticity and content against the signature. See [Instance identity documents for Amazon EC2 instances](instance-identity-documents.md). | 2009-04-04 | | instance-identity/signature | Data that can be used by other parties to verify its origin and authenticity. See [Instance identity documents for Amazon EC2 instances](instance-identity-documents.md). | 2009-04-04 | # Access instance metadata for an EC2 instance Access instance metadata You can access EC2 instance metadata from inside of the instance itself or from the EC2 console, API, SDKs, or the AWS CLI. To get the current instance metadata settings for an instance from the console or command line, see [Query instance metadata options for existing instances](#query-IMDS-existing-instances). You can also modify user data for instances with an EBS root volume. The instance must be in the stopped state. For console directions, see [Update the instance user data](user-data.md#user-data-modify). For a Linux example that uses the AWS CLI, see [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html). For a Windows example that uses the Tools for Windows PowerShell, see [User data and the Tools for Windows PowerShell](user-data.md#user-data-powershell). **Note** You are not billed for HTTP requests used to retrieve instance metadata and user data. ## Instance metadata access considerations To avoid problems with instance metadata, consider the following. **Instance launch failures due to IMDSv2 enforcement (`HttpTokensEnforced=enabled`)** Before enabling IMDSv2 enforcement, you need all your software on the instance to support IMDSv2, after which you can change the default to disable IMDSv1 (`httpTokens=required`), after which you can enable enforcement. For more information, [Transition to using Instance Metadata Service Version 2](instance-metadata-transition-to-version-2.md). **Command format** The command format is different, depending on whether you use Instance Metadata Service Version 1 (IMDSv1) or Instance Metadata Service Version 2 (IMDSv2). By default, you can use both versions of the Instance Metadata Service. To require the use of IMDSv2, see [Use the Instance Metadata Service to access instance metadata](configuring-instance-metadata-service.md). **If IMDSv2 is required, IMDSv1 does not work** If you use IMDSv1 and receive no response, it's likely that IMDSv2 is required. To check whether IMDSv2 is required, select the instance to view its details. The **IMDSv2** value indicates either **Required** (you must use IMDSv2) or **Optional** (you can use either IMDSv2 or IMDSv1). **(IMDSv2) Use /latest/api/token to retrieve the token** Issuing `PUT` requests to any version-specific path, for example `/2021-03-23/api/token`, results in the metadata service returning 403 Forbidden errors. This behavior is intended. **Metadata version** To avoid having to update your code every time Amazon EC2 releases a new instance metadata build, we recommend that you use `latest` in the path, and not the version number. **IPv6 support** To retrieve instance metadata using an IPv6 address, ensure that you enable and use the IPv6 address of the IMDS `[fd00:ec2::254]` instead of the IPv4 address `169.254.169.254`. The instance must be a [Nitro-based instance](instance-types.md#instance-hypervisor-type) launched in a [subnet that supports IPv6](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-ip-address-range). **(Windows) Create custom AMIs using Windows Sysprep** To ensure that IMDS works when you launch an instance from a custom Windows AMI, the AMI must be a standardized image created with Windows Sysprep. Otherwise, the IMDS won't work. For more information, see [Create an Amazon EC2 AMI using Windows Sysprep](ami-create-win-sysprep.md). **In a container environment, consider reconfiguration or increasing the hop limit to 2** The AWS SDKs use IMDSv2 calls by default. If the IMDSv2 call receives no response, some AWS SDKs retry the call and, if still unsuccessful, use IMDSv1. This can result in a delay, especially in a container environment. For those AWS SDKs that *require* IMDSv2, if the hop limit is 1 in a container environment, the call might not receive a response at all because going to the container is considered an additional network hop. To mitigate these issues in a container environment, consider changing the configuration to pass settings (such as the AWS Region) directly to the container, or consider increasing the hop limit to 2. For information about the hop limit impact, see [Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service](https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/). For information about changing the hop limit, see [Change the PUT response hop limit](configuring-IMDS-existing-instances.md#modify-PUT-response-hop-limit). **Packets per second (PPS) limit** There is a 1024 packet per second (PPS) limit to services that use [link-local](using-instance-addressing.md#link-local-addresses) addresses. This limit includes the aggregate of [Route 53 Resolver DNS Queries](https://docs.aws.amazon.com/vpc/latest/userguide/AmazonDNS-concepts.html#vpc-dns-limits), Instance Metadata Service (IMDS) requests, [Amazon Time Service Network Time Protocol (NTP)](set-time.md) requests, and [Windows Licensing Service (for Microsoft Windows based instances)](https://aws.amazon.com/windows/resources/licensing/) requests. **Additional considerations for user data access** + User data is treated as opaque data: what you specify is what you get back upon retrieval. It is up to the instance to interpret and act on user data. + User data must be base64-encoded. Depending on the tool or SDK that you're using, the base64-encoding might be performed for you. For example: + The Amazon EC2 console can perform the base64-encoding for you or accept base64-encoded input. + [AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration-changes.html#cliv2-migration-binaryparam) performs base64-encoding of binary parameters for you by default. AWS CLI version 1 performs the base64-encoding of the `--user-data` parameter for you. + The AWS SDK for Python (Boto3) performs base64-encoding of the `UserData` parameter for you. + User data is limited to 16 KB, in raw form, before it is base64-encoded. The size of a string of length *n* after base64-encoding is ceil(*n*/3)\$14. + User data must be base64-decoded when you retrieve it. If you retrieve the data using instance metadata or the console, it's decoded for you automatically. + If you stop an instance, modify its user data, and start the instance, the updated user data is not run automatically when you start the instance. With Windows instances, you can configure settings so that updated user data scripts are run one time when you start the instance or every time you reboot or start the instance. + User data is an instance attribute. If you create an AMI from an instance, the instance user data is not included in the AMI. ## Access instance metadata from within an EC2 instance Because your instance metadata is available from your running instance, you do not need to use the Amazon EC2 console or the AWS CLI. This can be helpful when you're writing scripts to run from your instance. For example, you can access the local IP address of your instance from instance metadata to manage a connection to an external application. All of the following are considered instance metadata, but they are accessed in different ways. Select the tab that represents the type of instance metadata you want to access to see more information. ------ #### [ Metadata ] Instance metadata properties are divided into categories. For a description of each instance metadata category, see [Instance metadata categories](ec2-instance-metadata.md#instancedata-data-categories). To access instance metadata properties from within a running instance, get the data from the following IPv4 or IPv6 URIs. These IP addresses are link-local addresses and are valid only from the instance. For more information, see [Link-local addresses](using-instance-addressing.md#link-local-addresses). **IPv4** ``` http://169.254.169.254/latest/meta-data/ ``` **IPv6** ``` http://[fd00:ec2::254]/latest/meta-data/ ``` ------ #### [ Dynamic data ] To retrieve dynamic data from within a running instance, use one of the following URIs. **IPv4** ``` http://169.254.169.254/latest/dynamic/ ``` **IPv6** ``` http://[fd00:ec2::254]/latest/dynamic/ ``` **Examples: Access with cURL** The following examples use `cURL` to retrieve the high-level instance identity categories. *IMDSv2* ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/ rsa2048 pkcs7 document signature dsa2048 ``` *IMDSv1* ``` [ec2-user ~]$ curl http://169.254.169.254/latest/dynamic/instance-identity/ rsa2048 pkcs7 document signature dsa2048 ``` **Examples: Access with PowerShell** The following examples use PowerShell to retrieve the high-level instance identity categories. *IMDSv2* ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/dynamic/instance-identity/ document rsa2048 pkcs7 signature ``` *IMDSv1* ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/dynamic/instance-identity/ document rsa2048 pkcs7 signature ``` For more information about dynamic data and examples of how to retrieve it, see [Instance identity documents for Amazon EC2 instances](instance-identity-documents.md). ------ #### [ User data ] To retrieve user data from an instance, use one of the following URIs. To retrieve user data using the IPv6 address, you must enable it, and the instance must be a [Nitro-based instance](instance-types.md#instance-hypervisor-type) in a subnet that supports IPv6. **IPv4** ``` http://169.254.169.254/latest/user-data ``` **IPv6** ``` http://[fd00:ec2::254]/latest/user-data ``` A request for user data returns the data as it is (content type `application/octet-stream`). If the instance does not have any user data, the request returns `404 - Not Found`. **Examples: Access with cURL to retrieve comma-separated text** The following examples use `cURL` to retrieve user data that was specified as comma-separated text. *IMDSv2* ``` TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/user-data 1234,john,reboot,true | 4512,richard, | 173,,, ``` *IMDSv1* ``` curl http://169.254.169.254/latest/user-data 1234,john,reboot,true | 4512,richard, | 173,,, ``` **Examples: Access with PowerShell to retrieve comma-separated text** The following examples use PowerShell to retrieve user data that was specified as comma-separated text. *IMDSv2* ``` [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/user-data 1234,john,reboot,true | 4512,richard, | 173,,, ``` *IMDSv1* ``` Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} ` -Method PUT -Uri http://169.254.169.254/latest/api/token} -Method GET -uri http://169.254.169.254/latest/user-data 1234,john,reboot,true | 4512,richard, | 173,,, ``` **Examples: Access with cURL to retrieve a script** The following examples use `cURL` to retrieve user data that was specified as a script. *IMDSv2* ``` TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/user-data #!/bin/bash yum update -y service httpd start chkconfig httpd on ``` *IMDSv1* ``` curl http://169.254.169.254/latest/user-data #!/bin/bash yum update -y service httpd start chkconfig httpd on ``` **Examples: Access with PowerShell to retrieve a script** The following examples use PowerShell to retrieve user data that was specified as a script. *IMDSv2* ``` [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/user-data $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file true ``` *IMDSv1* ``` Invoke-RestMethod -uri http://169.254.169.254/latest/user-data $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file true ``` ------ ## Query instance metadata options for existing instances Query instance metadata options You can query the instance metadata options for your existing instances. ------ #### [ Console ] **To query the instance metadata options for an existing instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select your instance and check the following fields: + **IMDSv2** – The value is either **Required** or **Optional**. + **Allow tags in instance metadata** – The value is either **Enabled** or **Disabled**. 1. With your instance selected, choose **Actions**, **Instance settings**, **Modify instance metadata options**. The dialog box displays whether the instance metadata service is enabled or disabled for the selected instance. ------ #### [ AWS CLI ] **To query the instance metadata options for an existing instance** Use the [describe-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) command. ``` aws ec2 describe-instances \ --instance-id i-1234567898abcdef0 \ --query 'Reservations[].Instances[].MetadataOptions' ``` ------ #### [ PowerShell ] **To query the instance metadata options for an existing instance using the Tools for PowerShell** Use the [Get-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2Instance.html) cmdlet. ``` (Get-EC2Instance ` -InstanceId i-1234567898abcdef0).Instances.MetadataOptions ``` ------ ## Responses and error messages All instance metadata is returned as text (HTTP content type `text/plain`). A request for a specific metadata resource returns the appropriate value, or a `404 - Not Found` HTTP error code if the resource is not available. A request for a general metadata resource (the URI ends with a /) returns a list of available resources, or a `404 - Not Found` HTTP error code if there is no such resource. The list items are on separate lines, terminated by line feeds (ASCII 10). If an IMDSv1 request receives no response, it's likely that IMDSv2 is required. For requests made using IMDSv2, the following HTTP error codes can be returned: + `400 - Missing or Invalid Parameters` – The `PUT` request is not valid. + `401 - Unauthorized` – The `GET` request uses an invalid token. The recommended action is to generate a new token. + `403 - Forbidden` – The request is not allowed or the IMDS is turned off. + `404 - Not Found` – The resource is not available or there is no such resource. + `503` – The request could not be completed. Retry the request. If the IMDS returns an error, **curl** prints the error message in the output and returns a success status code. The error message is stored in the `TOKEN` variable, which causes **curl** commands that use the token to fail. If you call **curl** with the **-f** option, it returns an error status code in the event of an HTTP server error. If you enable error handling, the shell can catch the error and stop the script. ## Query throttling We throttle queries to the IMDS on a per-instance basis, and we place limits on the number of simultaneous connections from an instance to the IMDS. If you're using the IMDS to retrieve AWS security credentials, avoid querying for credentials during every transaction or concurrently from a high number of threads or processes, as this might lead to throttling. Instead, we recommend that you cache the credentials until they start approaching their expiry time. For more information about IAM role and security credentials associated with the role, see [Retrieve security credentials from instance metadata](instance-metadata-security-credentials.md). If you are throttled while accessing the IMDS, retry your query with an exponential backoff strategy. # Use the Instance Metadata Service to access instance metadata Use the IMDS You can access instance metadata from a running instance using one of the following methods: + Instance Metadata Service Version 2 (IMDSv2) – a session-oriented method For examples, see [Examples for IMDSv2](#instance-metadata-retrieval-examples). + Instance Metadata Service Version 1 (IMDSv1) – a request/response method For examples, see [Examples for IMDSv1](#instance-metadata-retrieval-examples-imdsv1). By default, you can use either IMDSv1 or IMDSv2, or both. You can configure the Instance Metadata Service (IMDS) on each instance to only accept IMDSv2 calls, which will cause IMDSv1 calls to fail. For information about how to configure your instance to use IMDSv2, see [Configure the Instance Metadata Service options](configuring-instance-metadata-options.md). The `PUT` or `GET` headers are unique to IMDSv2. If these headers are present in the request, then the request is intended for IMDSv2. If no headers are present, it is assumed the request is intended for IMDSv1. For an extensive review of IMDSv2, see [Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service](https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/). **Topics** + [ ## How Instance Metadata Service Version 2 works ](#instance-metadata-v2-how-it-works) + [ ## Use a supported AWS SDK ](#use-a-supported-sdk-version-for-imdsv2) + [ ## Examples for IMDSv2 ](#instance-metadata-retrieval-examples) + [ ## Examples for IMDSv1 ](#instance-metadata-retrieval-examples-imdsv1) ## How Instance Metadata Service Version 2 works How IMDSv2 works IMDSv2 uses session-oriented requests. With session-oriented requests, you create a session token that defines the session duration, which can be a minimum of one second and a maximum of six hours. During the specified duration, you can use the same session token for subsequent requests. After the specified duration expires, you must create a new session token to use for future requests. **Note** The examples in this section use the IPv4 address of the Instance Metadata Service (IMDS): `169.254.169.254`. If you are retrieving instance metadata for EC2 instances over the IPv6 address, ensure that you enable and use the IPv6 address instead: `[fd00:ec2::254]`. The IPv6 address of the IMDS is compatible with IMDSv2 commands. The IPv6 address is only accessible on [Nitro-based instances](instance-types.md#instance-hypervisor-type) in an [IPv6-supported subnet](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-ip-address-range) (dual stack or IPv6 only). The following examples use a shell script and IMDSv2 to retrieve the top-level instance metadata items. Each example: + Creates a session token lasting six hours (21,600 seconds) using the `PUT` request + Stores the session token header in a variable named `TOKEN` (Linux instances) or `token` (Windows instances) + Requests the top-level metadata items using the token ### Linux example You can run two separate commands, or combine them. **Separate commands** First, generate a token using the following command. ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` ``` Then, use the token to generate top-level metadata items using the following command. ``` [ec2-user ~]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/ ``` **Combined commands** You can store the token and combine the commands. The following example combines the above two commands and stores the session token header in a variable named TOKEN. **Note** If there is an error in creating the token, instead of a valid token, an error message is stored in the variable, and the command will not work. ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/ ``` After you've created a token, you can reuse it until it expires. In the following example command, which gets the ID of the AMI used to launch the instance, the token that is stored in `$TOKEN` in the previous example is reused. ``` [ec2-user ~]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/ami-id ``` ### Windows example ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/ ``` After you've created a token, you can reuse it until it expires. In the following example command, which gets the ID of the AMI used to launch the instance, the token that is stored in `$token` in the previous example is reused. ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} ` -Method GET -uri http://169.254.169.254/latest/meta-data/ami-id ``` When you use IMDSv2 to request instance metadata, the request must include the following: 1. Use a `PUT` request to initiate a session to the instance metadata service. The `PUT` request returns a token that must be included in subsequent `GET` requests to the instance metadata service. The token is required to access metadata using IMDSv2. 1. Include the token in all `GET` requests to the IMDS. When token usage is set to `required`, requests without a valid token or with an expired token receive a `401 - Unauthorized` HTTP error code. + The token is an instance-specific key. The token is not valid on other EC2 instances and will be rejected if you attempt to use it outside of the instance on which it was generated. + The `PUT` request must include a header that specifies the time to live (TTL) for the token, in seconds, up to a maximum of six hours (21,600 seconds). The token represents a logical session. The TTL specifies the length of time that the token is valid and, therefore, the duration of the session. + After a token expires, to continue accessing instance metadata, you must create a new session using another `PUT`. + You can choose to reuse a token or create a new token with every request. For a small number of requests, it might be easier to generate and immediately use a token each time you need to access the IMDS. But for efficiency, you can specify a longer duration for the token and reuse it rather than having to write a `PUT` request every time you need to request instance metadata. There is no practical limit on the number of concurrent tokens, each representing its own session. IMDSv2 is, however, still constrained by normal IMDS connection and throttling limits. For more information, see [Query throttling](instancedata-data-retrieval.md#instancedata-throttling). HTTP `GET` and `HEAD` methods are allowed in IMDSv2 instance metadata requests. `PUT` requests are rejected if they contain an X-Forwarded-For header. By default, the response to `PUT` requests has a response hop limit (time to live) of `1` at the IP protocol level. If you need a bigger hop limit, you can adjust it by using the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) AWS CLI command. For example, you might need a bigger hop limit for backward compatibility with container services running on the instance. For more information, see [Modify instance metadata options for existing instances](configuring-IMDS-existing-instances.md). ## Use a supported AWS SDK Supported SDKs To use IMDSv2, your EC2 instances must use an AWS SDK version that supports using IMDSv2. The latest versions of all the AWS SDKs support using IMDSv2. **Important** We recommend that you to stay up to date with SDK releases to keep up with the latest features, security updates, and underlying dependencies. Continued use of an unsupported SDK version is not recommended and is done at your discretion. For more information, see the [AWS SDKs and Tools maintenance policy](https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html) in the *AWS SDKs and Tools Reference Guide*. The following are the minimum versions that support using IMDSv2: + [AWS CLI](https://github.com/aws/aws-cli) – 1.16.289 + [AWS Tools for Windows PowerShell](https://github.com/aws/aws-tools-for-powershell) – 4.0.1.0 + [AWS SDK for .NET](https://github.com/aws/aws-sdk-net) – 3.3.634.1 + [AWS SDK for C\$1\$1](https://github.com/aws/aws-sdk-cpp) – 1.7.229 + [AWS SDK for Go](https://github.com/aws/aws-sdk-go) – 1.25.38 + [AWS SDK for Go v2](https://github.com/aws/aws-sdk-go-v2) – 0.19.0 + [AWS SDK for Java](https://github.com/aws/aws-sdk-java) – 1.11.678 + [AWS SDK for Java 2.x](https://github.com/aws/aws-sdk-java-v2) – 2.10.21 + [AWS SDK for JavaScript in Node.js](https://github.com/aws/aws-sdk-js) – 2.722.0 + [AWS SDK for Kotlin](https://github.com/awslabs/aws-sdk-kotlin) – 1.1.4 + [AWS SDK for PHP](https://github.com/aws/aws-sdk-php) – 3.147.7 + [AWS SDK for Python (Botocore)](https://github.com/boto/botocore) – 1.13.25 + [AWS SDK for Python (Boto3)](https://github.com/boto/boto3) – 1.12.6 + [AWS SDK for Ruby](https://github.com/aws/aws-sdk-ruby) – 3.79.0 ## Examples for IMDSv2 Run the following examples on your Amazon EC2 instance to retrieve the instance metadata for IMDSv2. On Windows instances, you can use Windows PowerShell or you can install cURL or wget. If you install a third-party tool on a Windows instance, ensure that you read the accompanying documentation carefully, as the calls and the output might be different from what is described here. **Topics** + [ ### Get the available versions of the instance metadata ](#instance-metadata-ex-1) + [ ### Get the top-level metadata items ](#instance-metadata-ex-2) + [ ### Get the values for metadata items ](#instance-metadata-ex-2a) + [ ### Get the list of available public keys ](#instance-metadata-ex-3) + [ ### Show the formats in which public key 0 is available ](#instance-metadata-ex-4) + [ ### Get public key 0 (in the OpenSSH key format) ](#instance-metadata-ex-5) + [ ### Get the subnet ID for an instance ](#instance-metadata-ex-6) + [ ### Get the instance tags for an instance ](#instance-metadata-ex-7) ### Get the available versions of the instance metadata This example gets the available versions of the instance metadata. Each version refers to an instance metadata build when new instance metadata categories were released. The instance metadata build versions do not correlate with the Amazon EC2 API versions. The earlier versions are available to you in case you have scripts that rely on the structure and information present in a previous version. ------ #### [ cURL ] ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/ 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 2011-01-01 2011-05-01 2012-01-12 2014-02-25 2014-11-05 2015-10-20 2016-04-19 ... latest ``` ------ #### [ PowerShell ] ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/ 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 2011-01-01 2011-05-01 2012-01-12 2014-02-25 2014-11-05 2015-10-20 2016-04-19 ... latest ``` ------ ### Get the top-level metadata items This example gets the top-level metadata items. For more information about the items in the response, see [Instance metadata categories](ec2-instance-metadata.md#instancedata-data-categories). Note that tags are included in this output only if you've allowed access. For more information, see [Enable access to tags in instance metadata](work-with-tags-in-IMDS.md#allow-access-to-tags-in-IMDS). ------ #### [ cURL ] ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ events/ hostname iam/ instance-action instance-id instance-life-cycle instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 public-keys/ reservation-id security-groups services/ tags/ ``` ------ #### [ PowerShell ] ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname iam/ instance-action instance-id instance-life-cycle instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 public-keys/ reservation-id security-groups services/ tags/ ``` ------ ### Get the values for metadata items These examples get the values of some of the top-level metadata items that were obtained in the preceding example. These requests use the stored token that was created using the command in the previous example. The token must not be expired. ------ #### [ cURL ] ``` [ec2-user ~]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/ami-id ami-0abcdef1234567890 ``` ``` [ec2-user ~]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/reservation-id r-0efghijk987654321 ``` ``` [ec2-user ~]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/local-hostname ip-10-251-50-12.ec2.internal ``` ``` [ec2-user ~]$ curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname ec2-203-0-113-25.compute-1.amazonaws.com ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/ami-id ami-0abcdef1234567890 ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/reservation-id r-0efghijk987654321 ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/local-hostname ip-10-251-50-12.ec2.internal ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/public-hostname ec2-203-0-113-25.compute-1.amazonaws.com ``` ------ ### Get the list of available public keys This example gets the list of available public keys. ------ #### [ cURL ] ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-keys/ 0=my-public-key ``` ------ #### [ PowerShell ] ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/public-keys/ 0=my-public-key ``` ------ ### Show the formats in which public key 0 is available This example shows the formats in which public key 0 is available. ------ #### [ cURL ] ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-keys/0/ openssh-key ``` ------ #### [ PowerShell ] ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key openssh-key ``` ------ ### Get public key 0 (in the OpenSSH key format) This example gets public key 0 (in the OpenSSH key format). ------ #### [ cURL ] ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key ssh-rsa MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE my-public-key ``` ------ #### [ PowerShell ] ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key ssh-rsa MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE my-public-key ``` ------ ### Get the subnet ID for an instance This example gets the subnet ID for an instance. ------ #### [ cURL ] ``` [ec2-user ~]$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:29:96:8f:6a:2d/subnet-id subnet-be9b61d7 ``` ------ #### [ PowerShell ] ``` PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token ``` ``` PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:29:96:8f:6a:2d/subnet-id subnet-be9b61d7 ``` ------ ### Get the instance tags for an instance If access to instance tags in the instance metadata is turned on, you can get the tags for a instance from instance metadata. For more information, see [Retrieve tags from instance metadata](work-with-tags-in-IMDS.md#retrieve-tags-from-IMDS). ## Examples for IMDSv1 Run the following examples on your Amazon EC2 instance to retrieve the instance metadata for IMDSv1. On Windows instances, you can use Windows PowerShell or you can install cURL or wget. If you install a third-party tool on a Windows instance, ensure that you read the accompanying documentation carefully, as the calls and the output might be different from what is described here. **Topics** + [ ### Get the available versions of the instance metadata ](#instance-metadata-ex-1-imdsv1) + [ ### Get the top-level metadata items ](#instance-metadata-ex-2-imdsv1) + [ ### Get the values for metadata items ](#instance-metadata-ex-2a-imdsv1) + [ ### Get the list of available public keys ](#instance-metadata-ex-3-imdsv1) + [ ### Show the formats in which public key 0 is available ](#instance-metadata-ex-4-imdsv1) + [ ### Get public key 0 (in the OpenSSH key format) ](#instance-metadata-ex-5-imdsv1) + [ ### Get the subnet ID for an instance ](#instance-metadata-ex-6-imdsv1) + [ ### Get the instance tags for an instance ](#instance-metadata-ex-7-imdsv1) ### Get the available versions of the instance metadata This example gets the available versions of the instance metadata. Each version refers to an instance metadata build when new instance metadata categories were released. The instance metadata build versions do not correlate with the Amazon EC2 API versions. The earlier versions are available to you in case you have scripts that rely on the structure and information present in a previous version. ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/ 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 2011-01-01 2011-05-01 2012-01-12 2014-02-25 2014-11-05 2015-10-20 2016-04-19 ... latest ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/ 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 2011-01-01 2011-05-01 2012-01-12 2014-02-25 2014-11-05 2015-10-20 2016-04-19 ... latest ``` ------ ### Get the top-level metadata items This example gets the top-level metadata items. For more information about the items in the response, see [Instance metadata categories](ec2-instance-metadata.md#instancedata-data-categories). Note that tags are included in this output only if you've allowed access. For more information, see [Enable access to tags in instance metadata](work-with-tags-in-IMDS.md#allow-access-to-tags-in-IMDS). ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ events/ hostname iam/ instance-action instance-id instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 public-keys/ reservation-id security-groups services/ tags/ ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname iam/ instance-action instance-id instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 public-keys/ reservation-id security-groups services/ tags/ ``` ------ ### Get the values for metadata items These examples get the values of some of the top-level metadata items that were obtained in the previous example. ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/ami-id ami-0abcdef1234567890 ``` ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/reservation-id r-0efghijk987654321 ``` ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/local-hostname ip-10-251-50-12.ec2.internal ``` ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/public-hostname ec2-203-0-113-25.compute-1.amazonaws.com ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/ami-id ami-0abcdef1234567890 ``` ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/reservation-id r-0efghijk987654321 ``` ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/local-hostname ip-10-251-50-12.ec2.internal ``` ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/public-hostname ec2-203-0-113-25.compute-1.amazonaws.com ``` ------ ### Get the list of available public keys This example gets the list of available public keys. ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/public-keys/ 0=my-public-key ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/public-keys/ 0=my-public-key ``` ------ ### Show the formats in which public key 0 is available This example shows the formats in which public key 0 is available. ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/public-keys/0/ openssh-key ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key openssh-key ``` ------ ### Get public key 0 (in the OpenSSH key format) This example gets public key 0 (in the OpenSSH key format). ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key ssh-rsa MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE my-public-key ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key ssh-rsa MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE my-public-key ``` ------ ### Get the subnet ID for an instance This example gets the subnet ID for an instance. ------ #### [ cURL ] ``` [ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:29:96:8f:6a:2d/subnet-id subnet-be9b61d7 ``` ------ #### [ PowerShell ] ``` PS C:\> Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:29:96:8f:6a:2d/subnet-id subnet-be9b61d7 ``` ------ ### Get the instance tags for an instance If access to instance tags in the instance metadata is turned on, you can get the tags for a instance from instance metadata. For more information, see [Retrieve tags from instance metadata](work-with-tags-in-IMDS.md#retrieve-tags-from-IMDS). # Transition to using Instance Metadata Service Version 2 Transition to IMDSv2 If you want to configure your instances to only accept Instance Metadata Service Version 2 (IMDSv2) calls, we recommend that you use the following tools and transition path. **Topics** + [ ## Tools for transitioning to IMDSv2 ](#tools-for-transitioning-to-imdsv2) + [ ## Recommended path to requiring IMDSv2 ](#recommended-path-for-requiring-imdsv2) ## Tools for transitioning to IMDSv2 The following tools can help you identify, monitor, and manage the transition of your software from IMDSv1 to IMDSv2. For the instructions on how to use these tools, see [Recommended path to requiring IMDSv2](#recommended-path-for-requiring-imdsv2). **AWS software** The latest versions of the AWS CLI and AWS SDKs support IMDSv2. To use IMDSv2, update your EC2 instances to use the latest versions. For the minimum AWS SDK versions that support IMDSv2, see [Use a supported AWS SDK](configuring-instance-metadata-service.md#use-a-supported-sdk-version-for-imdsv2). All Amazon Linux 2 and Amazon Linux 2023 software packages support IMDSv2. Amazon Linux 2023 disables IMDSv1 by default. **IMDS Packet Analyzer** IMDS Packet Analyzer is an open-source tool that identifies and logs IMDSv1 calls during your instance’s boot phase and runtime operations. By analyzing these logs, you can precisely identify the software making IMDSv1 calls on your instances and determine what needs to be updated to support IMDSv2 only on your instances. You can run IMDS Packet Analyzer from a command line or install it as a service. For more information, see [AWS ImdsPacketAnalyzer](https://github.com/aws/aws-imds-packet-analyzer) on *GitHub*. **CloudWatch** CloudWatch provides the following two metrics for monitoring your instances: `MetadataNoToken` – IMDSv2 uses token-backed sessions, while IMDSv1 does not. The `MetadataNoToken` metric tracks the number of calls to the Instance Metadata Service (IMDS) that are using IMDSv1. By tracking this metric to zero, you can determine if and when all of your software has been upgraded to use IMDSv2. `MetadataNoTokenRejected` – After you've disabled IMDSv1, you can use the `MetadataNoTokenRejected` metric to track the number of times an IMDSv1 call was attempted and rejected. By tracking this metric, you can ascertain whether your software needs to be updated to use IMDSv2. For each EC2 instance, these metrics are mutually exclusive. When IMDSv1 is enabled (`httpTokens = optional`), only `MetadataNoToken` emits. When IMDSv1 is disabled (`httpTokens = required`), only `MetadataNoTokenRejected` emits. For when to use these metrics, see [Recommended path to requiring IMDSv2](#recommended-path-for-requiring-imdsv2). For more information, see [Instance metrics](viewing_metrics_with_cloudwatch.md#ec2-cloudwatch-metrics). **Launch APIs** **New instances:** Use the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API to launch new instances that require the use of IMDSv2. For more information, see [Configure instance metadata options for new instances](configuring-IMDS-new-instances.md). **Existing instances:** Use the [ModifyInstanceMetadataOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html) API to require the use of IMDSv2 on existing instances. For more information, see [Modify instance metadata options for existing instances](configuring-IMDS-existing-instances.md). **New instances launched by Auto Scaling groups:** To require the use of IMDSv2 on all new instances launched by Auto Scaling groups, your Auto Scaling groups can use either a launch template or a launch configuration. When you [create a launch template](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html) or [create a launch configuration](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/create-launch-configuration.html), you must configure the `MetadataOptions` parameters to require the use of IMDSv2. The Auto Scaling group launches new instances using the new launch template or launch configuration, but existing instances are not affected. **Existing instances in an Auto Scaling group:** Use the [ModifyInstanceMetadataOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html) API to require the use of IMDSv2 on existing instances, or terminate the instances and the Auto Scaling group will launch new replacement instances with the instance metadata options settings that are defined in the new launch template or launch configuration. **AMIs** AMIs configured with the `ImdsSupport` parameter set to `v2.0` will launch instances that require IMDSv2 by default. Amazon Linux 2023 is configured with `ImdsSupport = v2.0`. **New AMIs:** Use the [register-image](https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html) CLI command to set the `ImdsSupport` parameter to `v2.0` when creating a new AMI. **Existing AMIs:** Use the [modify-image-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-image-attribute.html) CLI command to set the `ImdsSupport` parameter to `v2.0` when modifying an existing AMI. For more information, see [Configure the AMI](configuring-IMDS-new-instances.md#configure-IMDS-new-instances-ami-configuration). **Account-level controls** You can configure default values for all the instance metadata options at the account level. The default values are automatically applied when you launch an instance. For more information. see [Set IMDSv2 as the default for the account](configuring-IMDS-new-instances.md#set-imdsv2-account-defaults). You can also enforce the requirement to use IMDSv2 at the account level. When IMDSv2 enforcement is enabled: + **New instances:** Instances configured to launch with IMDSv1 enabled will fail to launch + **Existing instances with IMDSv1 disabled:** Attempts to enable IMDSv1 on existing instances will be prevented. + **Existing instances with IMDSv1 enabled:** Existing instances with IMDSv1 already enabled will not be affected. For more information, see [Enforce IMDSv2 at the account level](configuring-IMDS-new-instances.md#enforce-imdsv2-at-the-account-level). **IAM policies and SCPs** You can use an IAM policy or AWS Organizations service control policy (SCP) to control users as follows: + Can't launch an instance using the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API unless the instance is configured to use IMDSv2. + Can't modify an existing instance using the [ModifyInstanceMetadataOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html) API to re-enable IMDSv1. The IAM policy or SCP must contain the following IAM condition keys: + `ec2:MetadataHttpEndpoint` + `ec2:MetadataHttpPutResponseHopLimit` + `ec2:MetadataHttpTokens` If a parameter in the API or CLI call doesn't match the state specified in the policy that contains the condition key, the API or CLI call fails with an `UnauthorizedOperation` response. Furthermore, you can choose an additional layer of protection to enforce the change from IMDSv1 to IMDSv2. At the access management layer with respect to the APIs called via EC2 Role credentials, you can use a condition key in either IAM policies or AWS Organizations service control policies (SCPs). Specifically, by using the condition key `ec2:RoleDelivery` with a value of `2.0` in your IAM policies, API calls made with EC2 Role credentials obtained from IMDSv1 will receive an `UnauthorizedOperation` response. The same thing can be achieved more broadly with that condition required by an SCP. This ensures that credentials delivered via IMDSv1 cannot actually be used to call APIs because any API calls not matching the specified condition will receive an `UnauthorizedOperation` error. For example IAM policies, see [Work with instance metadata](ExamplePolicies_EC2.md#iam-example-instance-metadata). For more information on SCPs, see [Service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the *AWS Organizations User Guide*. **Declarative Policies** Use Declarative Policies (a feature of AWS Organizations) to centrally set IMDS account defaults, including IMDSv2 enforcement, across your organization. For an example policy, see the **Instance Metadata** tab in the [Supported declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_syntax.html#declarative-policy-examples) section in the *AWS Organizations User Guide*. ## Recommended path to requiring IMDSv2 **Topics** + [ ### Step 1: Identify instances with IMDSv2=optional and audit IMDSv1 usage ](#path-step-1) + [ ### Step 2: Update software to IMDSv2 ](#path-step-2) + [ ### Step 3: Require IMDSv2 on instances ](#path-step-3) + [ ### Step 4: Set IMDSv2=required as the default ](#path-step-4) + [ ### Step 5: Enforce instances to require IMDSv2 ](#path-step-5) ### Step 1: Identify instances with IMDSv2=optional and audit IMDSv1 usage To assess your IMDSv2 migration scope, identify instances that are configured to allow either IMDSv1 or IMDSv2, and audit IMDSv1 calls. 1. **Identify instances that are configured to allow either IMDSv1 or IMDSv2:** ------ #### [ Amazon EC2 console ] 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. To see only the instances that are configured to allow IMDSv1 or IMDSv2, add the filter **IMDSv2 = optional**. 1. Alternatively, to see whether IMDSv2 is **optional** or **required** for all instances, open the **Preferences** window (gear icon), toggle on **IMDSv2**, and choose **Confirm**. This adds the **IMDSv2** column to the **Instances** table. ------ #### [ AWS CLI ] Use the [describe-instances](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-metadata-options.html) command and filter by `metadata-options.http-tokens = optional`, as follows: ``` aws ec2 describe-instances --filters "Name=metadata-options.http-tokens,Values=optional" --query "Reservations[*].Instances[*].[InstanceId]" --output text ``` ------ 1. **Audit IMDSv1 calls on each instance:** Use the CloudWatch metric `MetadataNoToken`. This metric shows the number of IMDSv1 calls to the IMDS on your instances. For more information, see [Instance metrics](https://docs.aws.amazon.com/en_us/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#ec2-cloudwatch-metrics). 1. **Identify software on your instances making IMDSv1 calls:** Use the open source [IMDS Packet Analyzer](https://github.com/aws/aws-imds-packet-analyzer) to identify and log IMDSv1 calls during your instance’s boot phase and runtime operations. Use this information to identify the software to update to get your instances ready to use IMDSv2 only. You can run IMDS Packet Analyzer from a command line or install it as a service. ### Step 2: Update software to IMDSv2 Update all SDKs, CLIs, and software that use Role credentials on your instances to IMDSv2-compatible versions. For more information about updating the CLI, see [Installing or updating to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) in the *AWS Command Line Interface User Guide*. ### Step 3: Require IMDSv2 on instances After confirming zero IMDSv1 calls through the `MetadataNoToken` metric, configure your existing instances to require IMDSv2. Also, configure all new instances to require IMDSv2. In other words, disable IMDSv1 on all existing and new instances. 1. **Configure existing instances to require IMDSv2:** ------ #### [ Amazon EC2 console ] 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select your instance. 1. Choose **Actions**, **Instance settings**, **Modify instance metadata options**. 1. For **IMDSv2**, choose **Required**. 1. Choose **Save**. ------ #### [ AWS CLI ] Use the [modify-instance-metadata-options](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-metadata-options.html) CLI command to specify that only IMDSv2 is to be used. ------ **Note** You can modify this setting on running instances. The change takes effect immediately without needing an instance restart. For more information, see [Require the use of IMDSv2](configuring-IMDS-existing-instances.md#modify-require-IMDSv2). 1. **Monitor for issues after disabling IMDSv1:** 1. Track the number of times an IMDSv1 call was attempted and rejected with the `MetadataNoTokenRejected` CloudWatch metric. 1. If the `MetadataNoTokenRejected` metric records IMDSv1 calls on an instance that is experiencing software issues, this indicates that the software requires updating to use IMDSv2. 1. **Configure new instances to require IMDSv2:** ------ #### [ Amazon EC2 console ] 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. Follow the steps to [launch an instance](ec2-launch-instance-wizard.md). 1. Expand **Advanced details**, and for **Metadata version**, choose **V2 only (token required)**. 1. In the **Summary panel**, review your instance configuration, and then choose **Launch instance**. For more information, see [Configure the instance at launch](configuring-IMDS-new-instances.md#configure-IMDS-new-instances-instance-settings). ------ #### [ AWS CLI ] AWS CLI: Use the [run-instances](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/run-instances.html) command and specify that IMDSv2 is required. ------ ### Step 4: Set IMDSv2=required as the default You can set IMDSv2=required as the default configuration at either the account or organization level. This ensures that all newly launched instances are automatically configured to require IMDSv2. 1. **Set account-level default:** ------ #### [ Amazon EC2 console ] 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Dashboard**. 1. On the **Account attributes** card, under **Settings**, choose **Data protection and security**. 1. Under **IMDS defaults**, choose **Manage**. 1. For **Instance metadata service **, choose **Enabled**. 1. For **Metadata version**, choose to **V2 only (token required)**. 1. Choose **Update**. ------ #### [ AWS CLI ] Use the [modify-instance-metadata-defaults](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-metadata-defaults.html) CLI command and specify `--http-tokens required` and `--http-put-response-hop-limit 2`. ------ For more information, see [Set IMDSv2 as the default for the account](configuring-IMDS-new-instances.md#set-imdsv2-account-defaults). 1. **Alternatively, set organization-level default using a Declarative Policy:** Use a Declarative Policy to set the organization default for IMDSv2 to required. For an example policy, see the **Instance Metadata** tab in the [Supported declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_syntax.html#declarative-policy-examples) section in the *AWS Organizations User Guide*. ### Step 5: Enforce instances to require IMDSv2 Once you’ve confirmed that there is no dependency on IMDSv1 on any of your instances, we recommend that you enforce IMDSv2 on all new instances. Use one of the following options to enforce IMDSv2: 1. **Enforce IMDSv2 with an account property** You can enforce the use of IMDSv2 at the account level for each AWS Region. When enforced, instances can only launch if they're configured to require IMDSv2. This enforcement applies regardless of how the instance or AMI is configured. For more information, see [Enforce IMDSv2 at the account level](configuring-IMDS-new-instances.md#enforce-imdsv2-at-the-account-level). To apply this setting at an organization level, set a Declarative Policy. For an example policy, see the **Instance Metadata** tab in the [Supported declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative_syntax.html#declarative-policy-examples) section in the *AWS Organizations User Guide*. To prevent a reversal of enforcement, you should use an IAM policy to prevent access to the [ModifyInstanceMetadataDefaults](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataDefaults.html) API. For more information, see [Use an IAM policy](configuring-IMDS-new-instances.md#configure-IMDS-new-instances-iam-policy). **Note** This setting does not change the IMDS version of existing instances, but blocks enabling IMDSv1 on existing instances that currently have IMDSv1 disabled. **Warning** If IMDSv2 enforcement is enabled and `httpTokens` is not set to `required` in either the instance configuration at launch, the account settings, or the AMI configuration, the instance launch will fail. For troubleshooting information, see [Launching an IMDSv1-enabled instance fails](troubleshooting-launch.md#launching-an-imdsv1-enabled-instance-fails). 1. **Alternatively, enforce IMDSv2 by using the following IAM or SCP condition keys:** + `ec2:MetadataHttpTokens` + `ec2:MetadataHttpPutResponseHopLimit` + `ec2:MetadataHttpEndpoint` These condition keys control the use of the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) and the [ModifyInstanceMetadataOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html) APIs and corresponding CLIs. If a policy is created, and a parameter in the API call does not match the state specified in the policy using the condition key, the API or CLI call fails with an `UnauthorizedOperation` response. For example IAM policies, see [Work with instance metadata](ExamplePolicies_EC2.md#iam-example-instance-metadata). # Limit access to the Instance Metadata Service Limit access to IMDS You can consider using local firewall rules to disable access from some or all processes to the Instance Metadata Service (IMDS). For [Nitro-based instances](instance-types.md#instance-hypervisor-type), the IMDS can be reached from your own network when a network appliance within your VPC, such as a virtual router, forwards packets to the IMDS address, and the default [source/destination check](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck) on the instance is disabled. To prevent a source from outside your VPC reaching the IMDS, we recommend that you modify the configuration of the network appliance to drop packets with the destination IPv4 address of the IMDS `169.254.169.254` and, if you enabled the IPv6 endpoint, the IPv6 address of the IMDS `[fd00:ec2::254]`. ## Limit IMDS access for Linux instances **Using iptables to limit access** The following example uses Linux iptables and its `owner` module to prevent the Apache webserver (based on its default installation user ID of `apache`) from accessing 169.254.169.254. It uses a *deny rule* to reject all instance metadata requests (whether IMDSv1 or IMDSv2) from any process running as that user. ``` $ sudo iptables --append OUTPUT --proto tcp --destination 169.254.169.254 --match owner --uid-owner apache --jump REJECT ``` Or, you can consider only allowing access to particular users or groups, by using *allow rules*. Allow rules might be easier to manage from a security perspective, because they require you to make a decision about what software needs access to instance metadata. If you use *allow rules*, it's less likely you will accidentally allow software to access the metadata service (that you did not intend to have access) if you later change the software or configuration on an instance. You can also combine group usage with allow rules, so that you can add and remove users from a permitted group without needing to change the firewall rule. The following example prevents access to the IMDS by all processes, except for processes running in the user account `trustworthy-user`. ``` $ sudo iptables --append OUTPUT --proto tcp --destination 169.254.169.254 --match owner ! --uid-owner trustworthy-user --jump REJECT ``` **Note** To use local firewall rules, you need to adapt the preceding example commands to suit your needs. By default, iptables rules are not persistent across system reboots. They can be made to be persistent by using OS features, not described here. The iptables `owner` module only matches group membership if the group is the primary group of a given local user. Other groups are not matched. **Using PF or IPFW to limit access** If you are using FreeBSD or OpenBSD, you can also consider using PF or IPFW. The following examples limit access to the IMDS to just the root user. **PF** ``` $ block out inet proto tcp from any to 169.254.169.254 ``` ``` $ pass out inet proto tcp from any to 169.254.169.254 user root ``` **IPFW** ``` $ allow tcp from any to 169.254.169.254 uid root ``` ``` $ deny tcp from any to 169.254.169.254 ``` **Note** The order of the PF and IPFW commands matter. PF defaults to last matching rule and IPFW defaults to first matching rule. ## Limit IMDS access for Windows instances **Using Windows firewall to limit access** The following PowerShell example uses the built-in Windows firewall to prevent the Internet Information Server webserver (based on its default installation user ID of `NT AUTHORITY\IUSR`) from accessing 169.254.169.254. It uses a *deny rule* to reject all instance metadata requests (whether IMDSv1 or IMDSv2) from any process running as that user. ``` PS C:\> $blockPrincipal = New-Object -TypeName System.Security.Principal.NTAccount ("NT AUTHORITY\IUSR") PS C:\> $BlockPrincipalSID = $blockPrincipal.Translate([System.Security.Principal.SecurityIdentifier]).Value PS C:\> $BlockPrincipalSDDL = "D:(A;;CC;;;$BlockPrincipalSID)" PS C:\> New-NetFirewallRule -DisplayName "Block metadata service from IIS" -Action block -Direction out ` -Protocol TCP -RemoteAddress 169.254.169.254 -LocalUser $BlockPrincipalSDDL ``` Or, you can consider only allowing access to particular users or groups, by using *allow rules*. Allow rules might be easier to manage from a security perspective, because they require you to make a decision about what software needs access to instance metadata. If you use *allow rules*, it's less likely you will accidentally allow software to access the metadata service (that you did not intend to have access) if you later change the software or configuration on an instance. You can also combine group usage with allow rules, so that you can add and remove users from a permitted group without needing to change the firewall rule. The following example prevents access to instance metadata by all processes running as an OS group specified in the variable `blockPrincipal` (in this example, the Windows group `Everyone`), except for processes specified in `exceptionPrincipal` (in this example, a group called `trustworthy-users`). You must specify both deny and allow principals because Windows Firewall, unlike the `! --uid-owner trustworthy-user` rule in Linux iptables, does not provide a shortcut mechanism to allow only a particular principal (user or group) by denying all the others. ``` PS C:\> $blockPrincipal = New-Object -TypeName System.Security.Principal.NTAccount ("Everyone") PS C:\> $BlockPrincipalSID = $blockPrincipal.Translate([System.Security.Principal.SecurityIdentifier]).Value PS C:\> $exceptionPrincipal = New-Object -TypeName System.Security.Principal.NTAccount ("trustworthy-users") PS C:\> $ExceptionPrincipalSID = $exceptionPrincipal.Translate([System.Security.Principal.SecurityIdentifier]).Value PS C:\> $PrincipalSDDL = "O:LSD:(D;;CC;;;$ExceptionPrincipalSID)(A;;CC;;;$BlockPrincipalSID)" PS C:\> New-NetFirewallRule -DisplayName "Block metadata service for $($blockPrincipal.Value), exception: $($exceptionPrincipal.Value)" -Action block -Direction out ` -Protocol TCP -RemoteAddress 169.254.169.254 -LocalUser $PrincipalSDDL ``` **Note** To use local firewall rules, you need to adapt the preceding example commands to suit your needs. **Using netsh rules to limit access** You can consider blocking all software using `netsh` rules, but those are much less flexible. ``` C:\> netsh advfirewall firewall add rule name="Block metadata service altogether" dir=out protocol=TCP remoteip=169.254.169.254 action=block ``` **Note** To use local firewall rules, you need to adapt the preceding example commands to suit your needs. `netsh` rules must be set from an elevated command prompt, and can’t be set to deny or allow particular principals. # Configure the Instance Metadata Service options Configure IMDS options The Instance Metadata Service (IMDS) runs locally on every EC2 instance. The *instance metadata options* refer to a set of configurations that control the accessibility and behavior of the IMDS on an EC2 instance. You can configure the following instance metadata options on each instance: **Instance metadata service (IMDS)**: `enabled` \$1 `disabled` You can enable or disable the IMDS on an instance. When disabled, you or any code won't be able to access the instance metadata on the instance. The IMDS has two endpoints on an instance: IPv4 (`169.254.169.254`) and IPv6 (`[fd00:ec2::254]`). When you enable the IMDS, the IPv4 endpoint is automatically enabled. If you want to enable the IPv6 endpoint, you need to do so explicitly. **IMDS IPv6 endpoint**: `enabled` \$1 `disabled` You can explicitly enable the IPv6 IMDS endpoint on an instance. When the IPv6 endpoint is enabled, the IPv4 endpoint remains enabled. The IPv6 endpoint is only supported on [Nitro-based instances](instance-types.md#instance-hypervisor-type) in [IPv6-supported subnets](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-ip-address-range) (dual stack or IPv6 only). **Metadata version**: `IMDSv1 or IMDSv2 (token optional)` \$1 `IMDSv2 only (token required)` When requesting instance metadata, IMDSv2 calls require a token. IMDSv1 calls do not require a token. You can configure an instance to allow either IMDSv1 or IMDSv2 calls (where a token is optional), or to only allow IMDSv2 calls (where a token is required). **Metadata response hop limit**: `1`–`64` The hop limit is the number of network hops that the PUT response is allowed to make. You can set the hop limit to a minimum of `1` and a maximum of `64`. In a container environment, a hop limit of `1` can cause issues. For information about how to mitigate these issues, see the information about container environments under [Instance metadata access considerations](instancedata-data-retrieval.md#imds-considerations). **Access to tags in instance metadata**: `enabled` \$1 `disabled` You can enable or disable access to the instance's tags from an instance's metadata. For more information, see [View tags for your EC2 instances using instance metadata](work-with-tags-in-IMDS.md). To view an instance's current configuration, see [Query instance metadata options for existing instances](instancedata-data-retrieval.md#query-IMDS-existing-instances). ## Where to configure instance metadata options Instance metadata options can be configured at different levels, as follows: + **Account** – You can set default values for the instance metadata options at the account level for each AWS Region. When an instance is launched, the instance metadata options are automatically set to the account-level values. You can change these values at launch. Account-level default values do not affect existing instances. + **AMI** – You can set the `imds-support` parameter to `v2.0` when you register or modify an AMI. When an instance is launched with this AMI, the instance metadata version is automatically set to IMDSv2 and the hop limit is set to 2. + **Instance** – You can change all the instance metadata options on an instance at launch, overriding the default settings. You can also change the instance metadata options after launch on a running or stopped instance. Note that changes may be restricted by an IAM or SCP policy. For more information, see [Configure instance metadata options for new instances](configuring-IMDS-new-instances.md) and [Modify instance metadata options for existing instances](configuring-IMDS-existing-instances.md). ## Order of precedence for instance metadata options The value for each instance metadata option is determined at instance launch, following a hierarchical order of precedence. The hierarchy, with the highest precedence at the top, is as follows: + **Precedence 1: Instance configuration at launch** – Values can be specified either in the launch template or in the instance configuration. Any values specified here override values specified at the account level or in the AMI. + **Precedence 2: Account settings** – If a value is not specified at instance launch, then it is determined by the account-level settings (which are set for each AWS Region). Account-level settings either include a value for each metadata option, or indicate no preference at all. + **Precedence 3: AMI configuration** – If a value is not specified at instance launch or at the account level, then it is determined by the AMI configuration. This applies only to `HttpTokens` and `HttpPutResponseHopLimit`. Each metadata option is evaluated separately. The instance can be configured with a mix of direct instance configuration, account-level defaults, and the configuration from the AMI. You can change the value of any metadata option after launch on a running or stopped instance, unless changes are restricted by an IAM or SCP policy. **Note** The account-level IMDSv2 enforcement setting is evaluated after the order of precedence has determined the instance's IMDS settings. When IMDSv2 enforcement is enabled, instances enabled with IMDSv1 will fail. For more information about enforcement, see [Enforce IMDSv2 at the account level](configuring-IMDS-new-instances.md#enforce-imdsv2-at-the-account-level). **Warning** If IMDSv2 enforcement is enabled and `httpTokens` has not been set to `required` in either the instance configuration at launch, the account settings, or the AMI configuration, your launch will fail. **Example 1 – Determine values for metadata options** In this example, an EC2 instance is launched into a Region where the `HttpPutResponseHopLimit` is set to `1` at the account level. The specified AMI has `ImdsSupport` set to `v2.0`. No metadata options are specified directly on the instance at launch. The instance is launched with the following metadata options: ``` "MetadataOptions": { ... "HttpTokens": "required", "HttpPutResponseHopLimit": 1, ... ``` These values were determined as follows: + **No metadata options specified at launch:** During the launch of the instance, specific values for the metadata options were not provided either in the instance launch parameters or in the launch template. + **Account settings take next precedence:** In the absence of specific values specified at launch, the settings at the account level within the Region take precedence. This means that the default values configured at the account level are applied. In this case, the `HttpPutResponseHopLimit` was set to `1`. + **AMI settings take last precedence:** In the absence of a specific value specified at launch or at the account level for `HttpTokens` (the instance metadata version), the AMI setting is applied. In this case, the AMI setting `ImdsSupport: v2.0` determined that `HttpTokens` was set to `required`. Note that while the AMI setting `ImdsSupport: v2.0` is designed to set `HttpPutResponseHopLimit: 2`, it was overridden by the account-level setting `HttpPutResponseHopLimit: 1`, which has higher precedence. **Example 2 – Determine values for metadata options** In this example, the EC2 instance is launched with the same settings as in the previous Example 1, but with `HttpTokens` set to `optional` directly on the instance at launch. The instance is launched with the following metadata options: ``` "MetadataOptions": { ... "HttpTokens": "optional", "HttpPutResponseHopLimit": 1, ... ``` The value for `HttpPutResponseHopLimit` is determined in the same way as in Example 1. However, the value for `HttpTokens` is determined as follows: Metadata options configured on the instance at launch take first precedence. Even though the AMI was configured with `ImdsSupport: v2.0` (in other words, `HttpTokens` is set to `required`), the value specified on the instance at launch (`HttpTokens` set to `optional`) took precedence. **Example 3 – Determine values for metadata options with HttpTokensEnforced enabled** In this example, the account in the Region has `HttpTokens = required` and `HttpTokensEnforced = enabled`. Consider the following EC2 instance launch attempts: + Launch attempt with `HttpTokens` set to `optional` – The launch fails because the account-level enforcement is enabled (`HttpTokensEnforced = enabled`) and the launch parameter takes precedence over the account default. + Launch attempt with `HttpTokens` set to `required` – The launch succeeds because it complies with the account-level enforcement. + Launch attempt with no `HttpTokens` value specified – The launch succeeds because the value defaults to `required` based on the account settings. ### Set the instance metadata version When an instance is launched, the value for the instance *metadata version* is either **IMDSv1 or IMDSv2 (token optional)** (`httpTokens=optional`) or **IMDSv2 only (token required) (`httpTokens=required`) **. At instance launch, you can either manually specify the value for the metadata version, or use the default value. If you manually specify the value, it overrides any defaults. If you opt not to manually specify the value, it will be determined by a combination of default settings. The following flowchart shows how the metadata version for an instance at launch is determined by the settings at the different levels of the configuration and where enforcement is evaluated. The table that follows provides the specific settings at each level. ![\[A flowchart that shows the evaluation points for the instance metadata version and IMDSv2 enforcement.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/imds-defaults-launch-flow.png) The table shows how the metadata version for an instance at launch (indicated by **Resulting instance configuration** in column 4) is determined by the settings at the different levels of configuration. The order of precedence is from left to right, where the first column takes the highest precedence, as follows: + Column 1: **Launch parameter** – Represents the setting on the instance that you manually specify at launch. + Column 2: **Account level default** – Represents the setting for the account. + Column 3: **AMI default** – Represents the setting on the AMI. | Launch parameter | Account level default | AMI default | Resulting instance configuration | | --- | --- | --- | --- | | V2 only (token required) | No preference | V2 only | V2 only | | V2 only (token required) | V2 only | V2 only | V2 only | | V2 only (token required) | V1 or V2 | V2 only | V2 only | | V1 or V2 (token optional) | No preference | V2 only | V1 or V2 | | V1 or V2 (token optional) | V2 only | V2 only | V1 or V2 | | V1 or V2 (token optional) | V1 or V2 | V2 only | V1 or V2 | | Not set | No preference | V2 only | V2 only | | Not set | V2 only | V2 only | V2 only | | Not set | V1 or V2 | V2 only | V1 or V2 | | V2 only (token required) | No preference | null | V2 only | | V2 only (token required) | V2 only | null | V2 only | | V2 only (token required) | V1 or V2 | null | V2 only | | V1 or V2 (token optional) | No preference | null | V1 or V2 | | V1 or V2 (token optional) | V2 only | null | V1 or V2 | | V1 or V2 (token optional) | V1 or V2 | null | V1 or V2 | | Not set | No preference | null | V1 or V2 | | Not set | V2 only | null | V2 only | | Not set | V1 or V2 | null | V1 or V2 | ## Use IAM condition keys to restrict instance metadata options You can use IAM condition keys in an IAM policy or SCP as follows: + Allow an instance to launch only if it's configured to require the use of IMDSv2 + Restrict the number of allowed hops + Turn off access to instance metadata **Topics** + [ ## Where to configure instance metadata options ](#where-to-configure-instance-metadata-options) + [ ## Order of precedence for instance metadata options ](#instance-metadata-options-order-of-precedence) + [ ## Use IAM condition keys to restrict instance metadata options ](#iam-condition-keys-and-imds) + [ # Configure instance metadata options for new instances ](configuring-IMDS-new-instances.md) + [ # Modify instance metadata options for existing instances ](configuring-IMDS-existing-instances.md) **Note** You should proceed cautiously and conduct careful testing before making any changes. Take note of the following: If you enforce the use of IMDSv2, applications or agents that use IMDSv1 for instance metadata access will break. If you turn off all access to instance metadata, applications or agents that rely on instance metadata access to function will break. For IMDSv2, you must use `/latest/api/token` when retrieving the token. (Windows only) If your PowerShell version is earlier than 4.0, you must [update to Windows Management Framework 4.0](https://devblogs.microsoft.com/powershell/windows-management-framework-wmf-4-0-update-now-available-for-windows-server-2012-windows-server-2008-r2-sp1-and-windows-7-sp1/) to require the use of IMDSv2. # Configure instance metadata options for new instances For new instances You can configure the following instance metadata options for new instances. **Topics** + [ ## Require the use of IMDSv2 ](#configure-IMDS-new-instances) + [ ## Enable the IMDS IPv4 and IPv6 endpoints ](#configure-IMDS-new-instances-ipv4-ipv6-endpoints) + [ ## Turn off access to instance metadata ](#configure-IMDS-new-instances--turn-off-instance-metadata) + [ ## Allow access to tags in instance metadata ](#configure-IMDS-new-instances-tags-in-instance-metadata) **Note** The settings for these options are configured at the account level, either directly in the account or by using a declarative policy. They must be configured in each AWS Region where you want to configure instance metadata options. Using a declarative policy allows you to apply the settings across multiple Regions simultaneously, as well as across multiple accounts simultaneously. When a declarative policy is in use, you can't modify the settings directly within an account. This topic describes how to configure the settings directly within an account. For information about using declarative policies, see [Declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative.html) in the *AWS Organizations User Guide.* ## Require the use of IMDSv2 You can use the following methods to require the use of IMDSv2 on your new instances. **Topics** + [ ### Set IMDSv2 as the default for the account ](#set-imdsv2-account-defaults) + [ ### Enforce IMDSv2 at the account level ](#enforce-imdsv2-at-the-account-level) + [ ### Configure the instance at launch ](#configure-IMDS-new-instances-instance-settings) + [ ### Configure the AMI ](#configure-IMDS-new-instances-ami-configuration) + [ ### Use an IAM policy ](#configure-IMDS-new-instances-iam-policy) ### Set IMDSv2 as the default for the account You can set the default version for the instance metadata service (IMDS) at the account level for each AWS Region. This means that when you launch a *new* instance, the instance metadata version is automatically set to the account-level default. However, you can manually override the value at launch or after launch. For more information about how the account-level settings and manual overrides affect an instance, see [Order of precedence for instance metadata options](configuring-instance-metadata-options.md#instance-metadata-options-order-of-precedence). **Note** Setting the account-level default does not reset *existing* instances. For example, if you set the account-level default to IMDSv2, any existing instances that are set to IMDSv1 are not affected. If you want to change the value on existing instances, you must manually change the value on the instances themselves. You can set the account default for the instance metadata version to IMDSv2 so that all *new* instances in the account launch with IMDSv2 required, and IMDSv1 will be disabled. With this account default, when you launch an instance, the following are the default values for the instance: + Console: **Metadata version** is set to **V2 only (token required)** and **Metadata response hop limit** is set to **2**. + AWS CLI: `HttpTokens` is set to `required` and `HttpPutResponseHopLimit` is set to `2`. **Note** Before setting the account default to IMDSv2, ensure that your instances do not depend on IMDSv1. For more information, see [Recommended path to requiring IMDSv2](instance-metadata-transition-to-version-2.md#recommended-path-for-requiring-imdsv2). ------ #### [ Console ] **To set IMDSv2 as the default for the account for the specified Region** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. To change the AWS Region, use the Region selector in the upper-right corner of the page. 1. In the navigation pane, choose **Dashboard**. 1. On the **Account attributes** card, under **Settings**, choose **Data protection and security**. 1. Next to **IMDS defaults**, choose **Manage**. 1. On the **Manage IMDS defaults** page, do the following: 1. For **Instance metadata service**, choose **Enabled**. 1. For **Metadata version**, choose **V2 only (token required)**. 1. For **Metadata response hop limit**, specify **2** if your instances will host containers. Otherwise, select **No preference**. When no preference is specified, at launch, the value defaults to **2** if the AMI has the setting `ImdsSupport: v2.0`; otherwise it defaults to **1**. 1. Choose **Update**. ------ #### [ AWS CLI ] **To set IMDSv2 as the default for the account for the specified Region** Use the [modify-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-defaults.html) command and specify the Region in which to modify the IMDS account level settings. Include `--http-tokens` set to `required` and `--http-put-response-hop-limit` set to `2` if your instances will host containers. Otherwise, specify `-1` to indicate no preference. When `-1` (no preference) is specified, at launch, the value defaults to `2` if the AMI has the setting `ImdsSupport: v2.0`; otherwise it defaults to `1`. ``` aws ec2 modify-instance-metadata-defaults \ --region us-east-1 \ --http-tokens required \ --http-put-response-hop-limit 2 ``` The following is example output. ``` { "Return": true } ``` **To view the default account settings for the instance metadata options for the specified Region** Use the [get-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-instance-metadata-defaults.html) command and specify the Region. ``` aws ec2 get-instance-metadata-defaults --region us-east-1 ``` The following is example output. ``` { "AccountLevel": { "HttpTokens": "required", "HttpPutResponseHopLimit": 2 }, "ManagedBy": "account" } ``` The `ManagedBy` field indicates the entity that configured the settings. In this example, `account` indicates that the settings were configured directly in the account. A value of `declarative-policy` would mean the settings were configured by a declarative policy. For more information, see [Declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative.html) in the *AWS Organizations User Guide*. **To set IMDSv2 as the default for the account for all Regions** Use the [modify-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-defaults.html) command to modify the IMDS account level settings for all Regions. Include `--http-tokens` set to `required` and `--http-put-response-hop-limit` set to `2` if your instances will host containers. Otherwise, specify `-1` to indicate no preference. When `-1` (no preference) is specified, at launch, the value defaults to `2` if the AMI has the setting `ImdsSupport: v2.0`; otherwise it defaults to `1`. ``` echo -e "Region \t Modified" ; \ echo -e "-------------- \t ---------" ; \ for region in $( aws ec2 describe-regions \ --region us-east-1 \ --query "Regions[*].[RegionName]" \ --output text ); do (output=$( aws ec2 modify-instance-metadata-defaults \ --region $region \ --http-tokens required \ --http-put-response-hop-limit 2 \ --output text) echo -e "$region \t $output" ); done ``` The following is example output. ``` Region Modified -------------- --------- ap-south-1 True eu-north-1 True eu-west-3 True ... ``` **To view the default account settings for the instance metadata options for all Regions** Use the [get-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-instance-metadata-defaults.html) command. ``` echo -e "Region \t Level Hops HttpTokens" ; \ echo -e "-------------- \t ------------ ---- ----------" ; \ for region in $( aws ec2 describe-regions \ --region us-east-1 \ --query "Regions[*].[RegionName]" \ --output text ); do (output=$( aws ec2 get-instance-metadata-defaults \ --region $region \ --output text) echo -e "$region \t $output" ); done ``` The following is example output. ``` Region Level Hops HttpTokens -------------- ------------ ---- ---------- ap-south-1 ACCOUNTLEVEL 2 required eu-north-1 ACCOUNTLEVEL 2 required eu-west-3 ACCOUNTLEVEL 2 required ... ``` ------ #### [ PowerShell ] **To set IMDSv2 as the default for the account for the specified Region** Use the [Edit-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataDefault.html) cmdlet and specify the Region in which to modify the IMDS account level settings. Include `-HttpToken` set to `required` and `-HttpPutResponseHopLimit` set to `2` if your instances will host containers. Otherwise, specify `-1` to indicate no preference. When `-1` (no preference) is specified, at launch, the value defaults to `2` if the AMI has the setting `ImdsSupport: v2.0`; otherwise it defaults to `1`. ``` Edit-EC2InstanceMetadataDefault ` -Region us-east-1 ` -HttpToken required ` -HttpPutResponseHopLimit 2 ``` The following is example output. ``` True ``` **To view the default account settings for the instance metadata options for the specified Region** Use the [Get-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceMetadataDefault.html) cmdlet and specify the Region. ``` Get-EC2InstanceMetadataDefault -Region us-east-1 | Format-List ``` The following is example output. ``` HttpEndpoint : HttpPutResponseHopLimit : 2 HttpTokens : required InstanceMetadataTags : ``` **To set IMDSv2 as the default for the account for all Regions** Use the [Edit-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataDefault.html) cmdlet to modify the IMDS account level settings for all Regions. Include `-HttpToken` set to `required` and `-HttpPutResponseHopLimit` set to `2` if your instances will host containers. Otherwise, specify `-1` to indicate no preference. When `-1` (no preference) is specified, at launch, the value defaults to `2` if the AMI has the setting `ImdsSupport: v2.0`; otherwise it defaults to `1`. ``` (Get-EC2Region).RegionName | ` ForEach-Object { [PSCustomObject]@{ Region = $_ Modified = (Edit-EC2InstanceMetadataDefault ` -Region $_ ` -HttpToken required ` -HttpPutResponseHopLimit 2) } } | ` Format-Table Region, Modified -AutoSize ``` Expected output ``` Region Modified ------ -------- ap-south-1 True eu-north-1 True eu-west-3 True ... ``` **To view the default account settings for the instance metadata options for all Regions** Use the [Get-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceMetadataDefault.html) cmdlet. ``` (Get-EC2Region).RegionName | ` ForEach-Object { [PSCustomObject]@{ Region = $_ HttpPutResponseHopLimit = (Get-EC2InstanceMetadataDefault -Region $_).HttpPutResponseHopLimit HttpTokens = (Get-EC2InstanceMetadataDefault -Region $_).HttpTokens } } | ` Format-Table -AutoSize ``` Example output ``` Region HttpPutResponseHopLimit HttpTokens ------ ----------------------- ---------- ap-south-1 2 required eu-north-1 2 required eu-west-3 2 required ... ``` ------ ### Enforce IMDSv2 at the account level You can enforce the use of IMDSv2 at the account level for each AWS Region. When enforced, instances can only launch if they're configured to require IMDSv2. This enforcement applies regardless of how the instance or AMI is configured. **Note** Before enabling IMDSv2 enforcement at the account level, ensure that your applications and AMIs support IMDSv2. For more information, see [Recommended path to requiring IMDSv2](instance-metadata-transition-to-version-2.md#recommended-path-for-requiring-imdsv2). If IMDSv2 enforcement is enabled and `httpTokens` is not set to `required` in either the instance configuration at launch, the account settings, or the AMI configuration, the instance launch will fail. For troubleshooting information, see [Launching an IMDSv1-enabled instance fails](troubleshooting-launch.md#launching-an-imdsv1-enabled-instance-fails). **Note** This setting does not change the IMDS version of existing instances, but blocks enabling IMDSv1 on existing instances that currently have IMDSv1 disabled. ------ #### [ Console ] **To enforce IMDSv2 for the account in the specified Region** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. To change the AWS Region, use the Region selector in the top right corner of the page. 1. In the navigation pane, choose **Dashboard**. 1. On the **Account attributes** card, under **Settings**, choose **Data protection and security**. 1. Next to **IMDS defaults**, choose **Manage**. 1. On the **Manage IMDS defaults** page, do the following: 1. For **Metadata version**, choose **V2 only (token required)**. 1. For **Enforce IMDSv2**, choose **Enabled**. 1. Choose **Update**. ------ #### [ AWS CLI ] **To enforce IMDSv2 for the account in the specified Region** Use the [modify-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-defaults.html) command and specify the Region in which to enforce IMDSv2. ``` aws ec2 modify-instance-metadata-defaults \ --region us-east-1 \ --http-tokens required \ --http-tokens-enforced enabled ``` The following is example output. ``` { "Return": true } ``` **To view the IMDSv2 enforcement setting for the account in a specific Region** Use the [get-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-instance-metadata-defaults.html) command and specify the Region. ``` aws ec2 get-instance-metadata-defaults --region us-east-1 ``` The following is example output. ``` { "AccountLevel": { "HttpTokens": "required", "HttpTokensEnforced": "enabled" }, "ManagedBy": "account" } ``` The `ManagedBy` field indicates the entity that configured the settings. In this example, `account` indicates that the settings were configured directly in the account. A value of `declarative-policy` would mean the settings were configured by a declarative policy. For more information, see [Declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative.html) in the *AWS Organizations User Guide*. **To enforce IMDSv2 for the account for all Regions** Use the [modify-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-defaults.html) command to enforce IMDSv2 in all Regions. ``` echo -e "Region \t Modified" ; \ echo -e "-------------- \t ---------" ; \ for region in $( aws ec2 describe-regions \ --region us-east-1 \ --query "Regions[*].[RegionName]" \ --output text ); do (output=$( aws ec2 modify-instance-metadata-defaults \ --region $region \ --http-tokens-enforced enabled \ --output text) echo -e "$region \t $output" ); done ``` The following is example output. ``` Region Modified -------------- --------- ap-south-1 True eu-north-1 True eu-west-3 True ... ``` **To view the IMDSv2 enforcement settings for the account in all Regions** Use the [get-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/get-instance-metadata-defaults.html) command. ``` echo -e "Region \t Level HttpTokensEnforced" ; \ echo -e "-------------- \t ------------ ----------------" ; \ for region in $( aws ec2 describe-regions \ --region us-east-1 \ --query "Regions[*].[RegionName]" \ --output text ); do (output=$( aws ec2 get-instance-metadata-defaults \ --region $region \ --query 'AccountLevel.HttpTokensEnforced' \ --output text) echo -e "$region \t ACCOUNTLEVEL $output" ); done ``` The following is example output. ``` Region Level HttpTokensEnforced -------------- ------------ ------------------ ap-south-1 ACCOUNTLEVEL enabled eu-north-1 ACCOUNTLEVEL enabled eu-west-3 ACCOUNTLEVEL enabled ... ``` ------ #### [ PowerShell ] **To enforce IMDSv2 for the account in the specified Region** Use the [Edit-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataDefault.html) cmdlet and specify the Region in which to enforce IMDSv2. ``` Edit-EC2InstanceMetadataDefault ` -Region us-east-1 ` -HttpToken required ` -HttpPutResponseHopLimit 2 ``` The following is example output. ``` @{ Return = $true } ``` **To view the IMDSv2 enforcement setting for the account in a specific Region** Use the Get-EC2InstanceMetadataDefault command and specify the Region. ``` Get-EC2InstanceMetadataDefault -Region us-east-1 ``` The following is example output. ``` @{ AccountLevel = @{ HttpTokens = "required" HttpTokensEnforced = "enabled" } ManagedBy = "account" } ``` The `ManagedBy` field indicates the entity that configured the settings. In this example, `account` indicates that the settings were configured directly in the account. A value of `declarative-policy` would mean the settings were configured by a declarative policy. For more information, see [Declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative.html) in the *AWS Organizations User Guide*. **To enforce IMDSv2 for the account for all Regions** Use the [modify-instance-metadata-defaults](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-defaults.html) command to enforce IMDSv2 in all Regions. ``` echo -e "Region \t Modified" ; \ echo -e "-------------- \t ---------" ; \ for region in $( aws ec2 describe-regions \ --region us-east-1 \ --query "Regions[*].[RegionName]" \ --output text ); do (output=$( aws ec2 modify-instance-metadata-defaults \ --region $region \ --http-tokens-enforced enabled \ --output text) echo -e "$region \t $output" ); done ``` The following is example output. ``` Region Modified -------------- --------- ap-south-1 True eu-north-1 True eu-west-3 True ... ``` **To set IMDSv2 as the default for the account for all Regions** Use the [Edit-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataDefault.html) cmdlet to modify the IMDS account level settings for all Regions. Include `-HttpToken` set to `required` and `-HttpPutResponseHopLimit` set to `2` if your instances will host containers. Otherwise, specify `-1` to indicate no preference. When `-1` (no preference) is specified, at launch, the value defaults to `2` if the AMI has the setting `ImdsSupport: v2.0`; otherwise it defaults to `1`. ``` (Get-EC2Region).RegionName | ` ForEach-Object { [PSCustomObject]@{ Region = $_ Modified = (Edit-EC2InstanceMetadataDefault ` -Region $_ ` -HttpToken required ` -HttpPutResponseHopLimit 2) } } | ` Format-Table Region, Modified -AutoSize ``` Expected output ``` Region Modified ------ -------- ap-south-1 True eu-north-1 True eu-west-3 True ... ``` **To view the default account settings for the instance metadata options for all Regions** Use the [Get-EC2InstanceMetadataDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2InstanceMetadataDefault.html) cmdlet. ``` (Get-EC2Region).RegionName | ` ForEach-Object { [PSCustomObject]@{ Region = $_ HttpPutResponseHopLimit = (Get-EC2InstanceMetadataDefault -Region $_).HttpPutResponseHopLimit HttpTokens = (Get-EC2InstanceMetadataDefault -Region $_).HttpTokens } } | ` Format-Table -AutoSize ``` Example output ``` Region HttpPutResponseHopLimit HttpTokens ------ ----------------------- ---------- ap-south-1 2 required eu-north-1 2 required eu-west-3 2 required ... ``` ------ ### Configure the instance at launch When you [launch an instance](ec2-launch-instance-wizard.md), you can configure the instance to require the use of IMDSv2 by configuring the following fields: + Amazon EC2 console: Set **Metadata version** to **V2 only (token required)**. + AWS CLI: Set `HttpTokens` to `required`. When you specify that IMDSv2 is required, you must also enable the Instance Metadata Service (IMDS) endpoint by setting **Metadata accessible** to **Enabled** (console) or `HttpEndpoint` to `enabled` (AWS CLI). In a container environment, when IMDSv2 is required, we recommend setting the hop limit to `2`. For more information, see [Instance metadata access considerations](instancedata-data-retrieval.md#imds-considerations). ------ #### [ Console ] **To require the use of IMDSv2 on a new instance** + When launching a new instance in the Amazon EC2 console, expand **Advanced details**, and do the following: + For **Metadata accessible**, choose **Enabled**. + For **Metadata version**, choose **V2 only (token required)**. + (Container environment) For **Metadata response hop limit**, choose **2**. For more information, see [Advanced details](ec2-instance-launch-parameters.md#liw-advanced-details). ------ #### [ AWS CLI ] **To require the use of IMDSv2 on a new instance** The following [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) example launches a `c6i.large` instance with `--metadata-options` set to `HttpTokens=required`. When you specify a value for `HttpTokens`, you must also set `HttpEndpoint` to `enabled`. Because the secure token header is set to `required` for metadata retrieval requests, this requires the instance to use IMDSv2 when requesting instance metadata. In a container environment, when IMDSv2 is required, we recommend setting the hop limit to `2` with `HttpPutResponseHopLimit=2`. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type c6i.large \ ... --metadata-options "HttpEndpoint=enabled,HttpTokens=required,HttpPutResponseHopLimit=2" ``` ------ #### [ PowerShell ] **To require the use of IMDSv2 on a new instance** The following [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet example launches a `c6i.large` instance with `MetadataOptions_HttpEndpoint` set to `enabled` and the `MetadataOptions_HttpTokens` parameter to `required`. When you specify a value for `HttpTokens`, you must also set `HttpEndpoint` to `enabled`. Because the secure token header is set to `required` for metadata retrieval requests, this requires the instance to use IMDSv2 when requesting instance metadata. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType c6i.large ` -MetadataOptions_HttpEndpoint enabled ` -MetadataOptions_HttpTokens required ``` ------ #### [ CloudFormation ] To specify the metadata options for an instance using CloudFormation, see the [AWS::EC2::LaunchTemplate MetadataOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-metadataoptions.html) property in the *AWS CloudFormation User Guide*. ------ ### Configure the AMI When you register a new AMI or modify an existing AMI, you can set the `imds-support` parameter to `v2.0`. Instances launched from this AMI will have **Metadata version** set to **V2 only (token required)** (console) or `HttpTokens` set to `required` (AWS CLI). With these settings, the instance requires that IMDSv2 is used when requesting instance metadata. Note that when you set `imds-support` to `v2.0`, instances launched from this AMI will also have **Metadata response hop limit** (console) or `http-put-response-hop-limit` (AWS CLI) set to **2**. **Important** Do not use this parameter unless your AMI software supports IMDSv2. After you set the value to `v2.0`, you can't undo it. The only way to "reset" your AMI is to create a new AMI from the underlying snapshot. **To configure a new AMI for IMDSv2** Use one of the following methods to configure a new AMI for IMDSv2. ------ #### [ AWS CLI ] The following [register-image](https://docs.aws.amazon.com/cli/latest/reference/ec2/register-image.html) example registers an AMI using the specified snapshot of an EBS root volume as device `/dev/xvda`. Specify `v2.0` for the `imds-support` parameter so that instances launched from this AMI will require that IMDSv2 is used when requesting instance metadata. ``` aws ec2 register-image \ --name my-image \ --root-device-name /dev/xvda \ --block-device-mappings DeviceName=/dev/xvda,Ebs={SnapshotId=snap-0123456789example} \ --architecture x86_64 \ --imds-support v2.0 ``` ------ #### [ PowerShell ] The following [Register-EC2Image](https://docs.aws.amazon.com/powershell/latest/reference/items/Register-EC2Image.html) cmdlet example registers an AMI using the specified snapshot of an EBS root volume as device `/dev/xvda`. Specify `v2.0` for the `ImdsSupport` parameter so that instances launched from this AMI will require that IMDSv2 is used when requesting instance metadata. ``` Register-EC2Image ` -Name 'my-image' ` -RootDeviceName /dev/xvda ` -BlockDeviceMapping ( New-Object ` -TypeName Amazon.EC2.Model.BlockDeviceMapping ` -Property @{ DeviceName = '/dev/xvda'; EBS = (New-Object -TypeName Amazon.EC2.Model.EbsBlockDevice -Property @{ SnapshotId = 'snap-0123456789example' VolumeType = 'gp3' } ) } ) ` -Architecture X86_64 ` -ImdsSupport v2.0 ``` ------ **To configure an existing AMI for IMDSv2** Use one of the following methods to configure an existing AMI for IMDSv2. ------ #### [ AWS CLI ] The following [modify-image-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-image-attribute.html) example modifies an existing AMI for IMDSv2 only. Specify `v2.0` for the `imds-support` parameter so that instances launched from this AMI will require that IMDSv2 is used when requesting instance metadata. ``` aws ec2 modify-image-attribute \ --image-id ami-0abcdef1234567890 \ --imds-support v2.0 ``` ------ #### [ PowerShell ] The following [Edit-EC2ImageAttribute](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2ImageAttribute.html) cmdlet example modifies an existing AMI for IMDSv2 only. Specify `v2.0` for the `imds-support` parameter so that instances launched from this AMI will require that IMDSv2 is used when requesting instance metadata. ``` Edit-EC2ImageAttribute ` -ImageId ami-0abcdef1234567890 ` -ImdsSupport 'v2.0' ``` ------ ### Use an IAM policy You can create an IAM policy that does one of the following: + Prevents users from launching new instances unless they require IMDSv2 on the new instance. + Prevents users from calling the ModifyInstanceMetadataOptions API to change the metadata options of a running instance. Restrict access to the ModifyInstanceMetadataOptions httpTokens property to prevent unintended updates of running instances. + Prevent users from calling the ModifyInstanceMetadataDefaults API to change the account default settings of both httpTokens and httpTokensEnforced. Restricting access to these two properties will ensure that only authorized roles can modify the account defaults. **To enforce the use of IMDSv2 on all new instances by using an IAM policy** To ensure that users can only launch instances that require the use of IMDSv2 when requesting instance metadata, do the following: + Restrict access to both `ModifyInstanceMetadataOptions` and `ModifyInstanceMetadataDefaults` API, and more specifically the `httpTokens` and `httpTokensEnforced` properties. + Then, set the account default to `httpTokens = required` and `httpTokensEnforced = enabled`. For the example IAM policy, see [Work with instance metadata](ExamplePolicies_EC2.md#iam-example-instance-metadata). ## Enable the IMDS IPv4 and IPv6 endpoints The IMDS has two endpoints on an instance: IPv4 (`169.254.169.254`) and IPv6 (`[fd00:ec2::254]`). When you enable the IMDS, the IPv4 endpoint is automatically enabled. The IPv6 endpoint remains disabled even if you launch an instance into an IPv6-only subnet. To enable the IPv6 endpoint, you need to do so explicitly. When you enable the IPv6 endpoint, the IPv4 endpoint remains enabled. You can enable the IPv6 endpoint at instance launch or after. **Requirements for enabling the IPv6 endpoint** + The selected instance type is a [Nitro-based instance](instance-types.md#instance-hypervisor-type). + The selected subnet supports IPv6, where the subnet is either [dual stack or IPv6 only](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-ip-address-range). Use any of the following methods to launch an instance with the IMDS IPv6 endpoint enabled. ------ #### [ Console ] **To enable the IMDS IPv6 endpoint at instance launch** + [Launch the instance](ec2-launch-instance-wizard.md) in the Amazon EC2 console with the following specified under **Advanced details**: + For **Metadata IPv6 endpoint**, choose **Enabled**. For more information, see [Advanced details](ec2-instance-launch-parameters.md#liw-advanced-details). ------ #### [ AWS CLI ] **To enable the IMDS IPv6 endpoint at instance launch** The following [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) example launches a `c6i.large` instance with the IPv6 endpoint enabled for the IMDS. To enable the IPv6 endpoint, for the `--metadata-options` parameter, specify `HttpProtocolIpv6=enabled`. When you specify a value for `HttpProtocolIpv6`, you must also set `HttpEndpoint` to `enabled`. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type c6i.large \ ... --metadata-options "HttpEndpoint=enabled,HttpProtocolIpv6=enabled" ``` ------ #### [ PowerShell ] **To enable the IMDS IPv6 endpoint at instance launch** The following [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet example launches a `c6i.large` instance with the IPv6 endpoint enabled for the IMDS. To enable the IPv6 endpoint, specify `MetadataOptions_HttpProtocolIpv6` as `enabled`. When you specify a value for `MetadataOptions_HttpProtocolIpv6`, you must also set `MetadataOptions_HttpEndpoint` to `enabled`. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType c6i.large ` -MetadataOptions_HttpEndpoint enabled ` -MetadataOptions_HttpProtocolIpv6 enabled ``` ------ ## Turn off access to instance metadata You can turn off access to the instance metadata by disabling the IMDS when you launch an instance. You can turn on access later by re-enabling the IMDS. For more information, see [Turn on access to instance metadata](configuring-IMDS-existing-instances.md#enable-instance-metadata-on-existing-instances). **Important** You can choose to disable the IMDS at launch or after launch. If you disable the IMDS *at launch*, the following might not work: You might not have SSH access to your instance. The `public-keys/0/openssh-key`, which is your instance's public SSH key, will not be accessible because the key is normally provided and accessed from EC2 instance metadata. EC2 user data will not be available and will not run at instance start. EC2 user data is hosted on the IMDS. If you disable the IMDS, you effectively turn off access to user data. To access this functionality, you can re-enable the IMDS after launch. ------ #### [ Console ] **To turn off access to instance metadata at launch** + [Launch the instance](ec2-launch-instance-wizard.md) in the Amazon EC2 console with the following specified under **Advanced details**: + For **Metadata accessible**, choose **Disabled**. For more information, see [Advanced details](ec2-instance-launch-parameters.md#liw-advanced-details). ------ #### [ AWS CLI ] **To turn off access to instance metadata at launch at launch** Launch the instance with `--metadata-options` set to `HttpEndpoint=disabled`. ``` aws ec2 run-instances \ --image-id ami-0abcdef1234567890 \ --instance-type c6i.large \ ... --metadata-options "HttpEndpoint=disabled" ``` ------ #### [ PowerShell ] **To turn off access to instance metadata at launch at launch** The following [New-EC2Instance](https://docs.aws.amazon.com/powershell/latest/reference/items/New-EC2Instance.html) cmdlet example launches an instance with `MetadataOptions_HttpEndpoint` set to `disabled`. ``` New-EC2Instance ` -ImageId ami-0abcdef1234567890 ` -InstanceType c6i.large ` -MetadataOptions_HttpEndpoint disabled ``` ------ #### [ CloudFormation ] To specify the metadata options for an instance using CloudFormation, see the [AWS::EC2::LaunchTemplate MetadataOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-metadataoptions.html) property in the *CloudFormation User Guide*. ------ ## Allow access to tags in instance metadata By default, instance tags are not accessible in the instance metadata. For each instance, you must explicitly allow access. If access is allowed, instance tag *keys* must comply with specific character restrictions, otherwise the instance launch will fail. For more information, see [Enable access to tags in instance metadata](work-with-tags-in-IMDS.md#allow-access-to-tags-in-IMDS). # Modify instance metadata options for existing instances For existing instances You can modify the instance metadata options for existing instances. You can also create an IAM policy that prevents users from modifying the instance metadata options on existing instances. To control which users can modify the instance metadata options, specify a policy that prevents all users other than users with a specified role to use the [ModifyInstanceMetadataOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html) API. For the example IAM policy, see [Work with instance metadata](ExamplePolicies_EC2.md#iam-example-instance-metadata). **Note** If a declarative policy was used to configure the instance metadata options, you can't modify them directly within the account. For more information, see [Declarative policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_declarative.html) in the *AWS Organizations User Guide.* ## Require the use of IMDSv2 Use one of the following methods to modify the instance metadata options on an existing instance to require that IMDSv2 is used when requesting instance metadata. When IMDSv2 is required, IMDSv1 cannot be used. **Note** Before requiring that IMDSv2 is used, ensure that the instance isn't making IMDSv1 calls. The `MetadataNoToken` CloudWatch metric tracks IMDSv1 calls. When `MetadataNoToken` records zero IMDSv1 usage for an instance, the instance is then ready to require IMDSv2. ------ #### [ Console ] **To require the use of IMDSv2 on an existing instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select your instance. 1. Choose **Actions**, **Instance settings**, **Modify instance metadata options**. 1. In the **Modify instance metadata options** dialog box, do the following: 1. For **Instance metadata service**, select **Enable**. 1. For **IMDSv2**, choose **Required**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To require the use of IMDSv2 on an existing instance** Use the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) CLI command and set the `http-tokens` parameter to `required`. When you specify a value for `http-tokens`, you must also set `http-endpoint` to `enabled`. ``` aws ec2 modify-instance-metadata-options \ --instance-id i-1234567890abcdef0 \ --http-tokens required \ --http-endpoint enabled ``` ------ #### [ PowerShell ] **To require the use of IMDSv2 on an existing instance** Use the [Edit-EC2InstanceMetadataOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataOption.html) cmdlet and set the `HttpTokens` parameter to `required`. When you specify a value for `HttpTokens`, you must also set `HttpEndpoint` to `enabled`. ``` (Edit-EC2InstanceMetadataOption ` -InstanceId i-1234567890abcdef0 ` -HttpTokens required ` -HttpEndpoint enabled).InstanceMetadataOptions ``` ------ ## Restore the use of IMDSv1 When IMDSv2 is required on an instance, using an IMDSv1 request will fail. When IMDSv2 is optional, then both IMDSv2 and IMDSv1 will work. Therefore, to restore IMDSv1, set IMDSv2 to optional (`httpTokens = optional`) using one of the following methods. The `httpTokensEnforced` IMDS property also prevents attempts to enable IMDSv1 on an existing instance. When enabled for an account in a Region, an attempt to set `httpTokens` to `optional` will result in an `UnsupportedOperation` exception. Fore more information, see [Troubleshooting](#troubleshoot-modifying-an-imdsv1-enabled-instance-fails). **Important** If your instance launches are failing due to IMDSv2 enforcement, you have two options to enable launches to succeed: **Launch instances as IMDSv2-only** – If the software running on the instances uses IMDSv2 only (no dependency on IMDSv1), then you can launch the instances as IMDSv2 only. To do this, configure IMDSv2 only by setting `httpTokens = required` either in the launch parameters or in the metadata defaults for the account in the Region. **Disable enforcement** – If your software still depends on IMDSv1, set `httpTokensEnforced` to `disabled` for the account in the Region. For more information, see [Enforce IMDSv2 at the account level](configuring-IMDS-new-instances.md#enforce-imdsv2-at-the-account-level). ------ #### [ Console ] **To restore the use of IMDSv1 on an instance** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select your instance. 1. Choose **Actions**, **Instance settings**, **Modify instance metadata options**. 1. In the **Modify instance metadata options** dialog box, do the following: 1. For **Instance metadata service**, make sure that **Enable** is selected. 1. For **IMDSv2**, choose **Optional**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To restore the use of IMDSv1 on an instance** You can use the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) CLI command with `http-tokens` set to `optional` to restore the use of IMDSv1 when requesting instance metadata. ``` aws ec2 modify-instance-metadata-options \ --instance-id i-1234567890abcdef0 \ --http-tokens optional \ --http-endpoint enabled ``` ------ #### [ PowerShell ] **To restore the use of IMDSv1 on an instance** You can use the [Edit-EC2InstanceMetadataOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataOption.html) cmdlet with `HttpTokens` set to `optional` to restore the use of IMDSv1 when requesting instance metadata. ``` (Edit-EC2InstanceMetadataOption ` -InstanceId i-1234567890abcdef0 ` -HttpTokens optional ` -HttpEndpoint enabled).InstanceMetadataOptions ``` ------ ## Change the PUT response hop limit For existing instances, you can change the settings of the `PUT` response hop limit. Currently only the AWS CLI and AWS SDKs support changing the PUT response hop limit. ------ #### [ AWS CLI ] **To change the PUT response hop limit** Use the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) CLI command and set the `http-put-response-hop-limit` parameter to the required number of hops. In the following example, the hop limit is set to `3`. Note that when specifying a value for `http-put-response-hop-limit`, you must also set `http-endpoint` to `enabled`. ``` aws ec2 modify-instance-metadata-options \ --instance-id i-1234567890abcdef0 \ --http-put-response-hop-limit 3 \ --http-endpoint enabled ``` ------ #### [ PowerShell ] **To change the PUT response hop limit** Use the [Edit-EC2InstanceMetadataOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataOption.html) cmdlet and set the `HttpPutResponseHopLimit` parameter to the required number of hops. In the following example, the hop limit is set to `3`. Note that when specifying a value for `HttpPutResponseHopLimit`, you must also set `HttpEndpoint` to `enabled`. ``` (Edit-EC2InstanceMetadataOption ` -InstanceId i-1234567890abcdef0 ` -HttpPutResponseHopLimit 3 ` -HttpEndpoint enabled).InstanceMetadataOptions ``` ------ ## Enable the IMDS IPv4 and IPv6 endpoints The IMDS has two endpoints on an instance: IPv4 (`169.254.169.254`) and IPv6 (`[fd00:ec2::254]`). When you enable the IMDS, the IPv4 endpoint is automatically enabled. The IPv6 endpoint remains disabled even if you launch an instance into an IPv6-only subnet. To enable the IPv6 endpoint, you need to do so explicitly. When you enable the IPv6 endpoint, the IPv4 endpoint remains enabled. You can enable the IPv6 endpoint at instance launch or after. **Requirements for enabling the IPv6 endpoint** + The selected instance type is a [Nitro-based instance](instance-types.md#instance-hypervisor-type). + The selected subnet supports IPv6, where the subnet is either [dual stack or IPv6 only](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-ip-address-range). Currently only the AWS CLI and AWS SDKs support enabling the IMDS IPv6 endpoint after instance launch. ------ #### [ AWS CLI ] **To enable the IMDS IPv6 endpoint for your instance** Use the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) CLI command and set the `http-protocol-ipv6` parameter to `enabled`. Note that when specifying a value for `http-protocol-ipv6`, you must also set `http-endpoint` to `enabled`. ``` aws ec2 modify-instance-metadata-options \ --instance-id i-1234567890abcdef0 \ --http-protocol-ipv6 enabled \ --http-endpoint enabled ``` ------ #### [ PowerShell ] **To enable the IMDS IPv6 endpoint for your instance** Use the [Edit-EC2InstanceMetadataOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataOption.html) cmdlet and set the `HttpProtocolIpv6` parameter to `enabled`. Note that when specifying a value for `HttpProtocolIpv6`, you must also set `HttpEndpoint` to `enabled`. ``` (Edit-EC2InstanceMetadataOption ` -InstanceId i-1234567890abcdef0 ` -HttpProtocolIpv6 enabled ` -HttpEndpoint enabled).InstanceMetadataOptions ``` ------ ## Turn on access to instance metadata You can turn on access to instance metadata by enabling the HTTP endpoint of the IMDS on your instance, regardless of which version of the IMDS you are using. You can reverse this change at any time by disabling the HTTP endpoint. Use one of the following methods to turn on access to instance metadata on an instance. ------ #### [ Console ] **To turn on access to instance metadata** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select your instance. 1. Choose **Actions**, **Instance settings**, **Modify instance metadata options**. 1. In the **Modify instance metadata options** dialog box, do the following: 1. For **Instance metadata service**, select **Enable**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To turn on access to instance metadata** Use the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) CLI command and set the `http-endpoint` parameter to `enabled`. ``` aws ec2 modify-instance-metadata-options \ --instance-id i-1234567890abcdef0 \ --http-endpoint enabled ``` ------ #### [ PowerShell ] **To turn on access to instance metadata** Use the [Edit-EC2InstanceMetadataOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataOption.html) cmdlet and set the `HttpEndpoint` parameter to `enabled`. ``` (Edit-EC2InstanceMetadataOption ` -InstanceId i-1234567890abcdef0 ` -HttpEndpoint enabled).InstanceMetadataOptions ``` ------ ## Turn off access to instance metadata You can turn off access to instance metadata by disabling the HTTP endpoint of the IMDS on your instance, regardless of which version of the IMDS you are using. You can reverse this change at any time by enabling the HTTP endpoint. Use one of the following methods to turn off access to instance metadata on an instance. ------ #### [ Console ] **To turn off access to instance metadata** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select your instance. 1. Choose **Actions**, **Instance settings**, **Modify instance metadata options**. 1. In the **Modify instance metadata options** dialog box, do the following: 1. For **Instance metadata service**, clear **Enable**. 1. Choose **Save**. ------ #### [ AWS CLI ] **To turn off access to instance metadata** Use the [modify-instance-metadata-options](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html) CLI command and set the `http-endpoint` parameter to `disabled`. ``` aws ec2 modify-instance-metadata-options \ --instance-id i-1234567890abcdef0 \ --http-endpoint disabled ``` ------ #### [ PowerShell ] **To turn off access to instance metadata** Use the [Edit-EC2InstanceMetadataOption](https://docs.aws.amazon.com/powershell/latest/reference/items/Edit-EC2InstanceMetadataOption.html) cmdlet and set the `HttpEndpoint` parameter to `disabled`. ``` (Edit-EC2InstanceMetadataOption ` -InstanceId i-1234567890abcdef0 ` -HttpEndpoint disabled).InstanceMetadataOptions ``` ------ ## Allow access to tags in instance metadata You can allow access to tags in the instance metadata on a running or stopped instance. For each instance, you must explicitly allow access. If access is allowed, instance tag *keys* must comply with specific character restrictions, otherwise you get an error. For more information, see [Enable access to tags in instance metadata](work-with-tags-in-IMDS.md#allow-access-to-tags-in-IMDS). ## Troubleshooting ### Modifying an IMDSv1-enabled instance fails #### Description You get the following error message: `You can't launch instances with IMDSv1 because httpTokensEnforced is enabled for this account. Either launch the instance with httpTokens=required or contact your account owner to disable httpTokensEnforced using the ModifyInstanceMetadataDefaults API or the account settings in the EC2 console.` #### Cause This error is thrown when you attempt to modify an existing instance to be IMDSv1 enabled (`httpTokens = optional`) in an account where the EC2 account settings or an AWS Organization declarative policy enforces the use of IMDSv2 (`httpTokensEnforced = enabled`). #### Solution If you require IMDSv1 support on existing instances, you'll need to disable IMDSv2 enforcement for the account in the Region. To disable IMDSv2 enforcement, set `HttpTokensEnforced` to `disabled`. For more information, see [ModifyInstanceMetadataDefaults](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataDefaults.html) in the Amazon EC2 API Reference. If you prefer to configure this setting using the console, see [Enforce IMDSv2 at the account level](configuring-IMDS-new-instances.md#enforce-imdsv2-at-the-account-level). We recommend that you use IMDSv2 only (`httpTokens=required`). For more information, see [Transition to using Instance Metadata Service Version 2](instance-metadata-transition-to-version-2.md). # Run commands when you launch an EC2 instance with user data input Run commands at launch When you launch an Amazon EC2 instance, you can pass user data to the instance that is used to perform automated configuration tasks, or to run scripts after the instance starts. If you're interested in more complex automation scenarios, you might consider CloudFormation. For more information, see [Deploying applications on Amazon EC2 with CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html) in the *AWS CloudFormation User Guide*. On Linux instances, you can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances with the command line tools), or as base64-encoded text (for API calls). On Windows instances, the launch agents handle your user data scripts. **Considerations** + User data is treated as opaque data: what you give is what you get back. It is up to the instance to interpret it. + User data must be base64-encoded. The Amazon EC2 console can perform the base64-encoding for your or accept base64-encoded input. If you retrieve the user data using instance metadata or the console, it's base64-decoded for you automatically. + User data is limited to 16 KB, in raw form, before it is base64-encoded. The size of a string of length *n* after base64-encoding is ceil(*n*/3)\$14. + User data is an instance attribute. If you create an AMI from an instance, the instance user data is not included in the AMI. ## User data in the AWS Management Console User data in the console You can specify instance user data when you launch the instance. If the root volume of the instance is an EBS volume, you can also stop the instance and update its user data. ### Specify instance user data at launch with the Launch Wizard You can specify user data when you launch an instance with the Launch Wizard in the EC2 console. To specify user data on launch, follow the procedure for [launching an instance](ec2-launch-instance-wizard.md). The **User data** field is located in the [Advanced details](ec2-instance-launch-parameters.md#liw-advanced-details) section of the launch instance wizard. Enter your PowerShell script in the **User data** field, and then complete the instance launch procedure. In the following screenshot of the **User data** field, the example script creates a file in the Windows temporary folder, using the current date and time in the file name. When you include `true`, the script is run every time you reboot or start the instance. If you leave the **User data has already been base64 encoded** checkbox empty, the Amazon EC2 console performs the base64 encoding for you. ![\[Advance Details user data text field.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/configure_ec2config_userdata.png) For more information, see [Specify instance user data at launch with the Launch Wizard](#user-data-launch-instance-wizard). For a Linux example that uses the AWS CLI, see [User data and the AWS CLI](#user-data-api-cli). For a Windows example that uses the Tools for Windows PowerShell, see [User data and the Tools for Windows PowerShell](#user-data-powershell). ### View and update the instance user data You can view the instance user data for any instance, and you can update the instance user data for a stopped instance. **To update the user data for an instance using the console** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Actions**, **Instance state**, **Stop instance**. **Warning** When you stop an instance, the data on instance store volumes is lost. To preserve this data, back it up to persistent storage. 1. When prompted for confirmation, choose **Stop**. It can take a few minutes for the instance to stop. 1. With the instance still selected, choose **Actions**, **Instance settings**, **Edit user data**. You can't change the user data if the instance is running, but you can view it. 1. In the **Edit user data** dialog box, update the user data, and then choose **Save**. To run user data scripts every time you reboot or start the instance, add `true`, as shown in the following example: ![\[Edit User Data dialog box.\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/view-change-user-data.png) 1. Start the instance. If you enabled user data execution for subsequent reboots or starts, the updated user data scripts are run as part of the instance start process. ## How Amazon EC2 handles user data for Linux instances User data for Linux instances The following examples use user data to run commands that set up a LAMP server when the instance launches. In each example, the following tasks are performed: + The distribution software packages are updated. + The web server, `php`, and `mariadb` packages are installed. + The `httpd` service is started and turned on. + The user `ec2-user` is added to the apache group. + The appropriate ownership and file permissions are set for the web directory and the files contained within it. + A simple web page is created to test the web server and PHP engine. **Topics** + [ ### Prerequisites ](#user-data-requirements) + [ ### User data and shell scripts ](#user-data-shell-scripts) + [ ### Update the instance user data ](#user-data-modify) + [ ### User data and cloud-init directives ](#user-data-cloud-init) + [ ### User data and the AWS CLI ](#user-data-api-cli) + [ ### Combine shell scripts and cloud-init directives ](#user-data-mime-multi) ### Prerequisites The examples in this topic assume the following: + Your instance has a public DNS name that is reachable from the internet. + The security group associated with your instance is configured to allow SSH (port 22) traffic so that you can connect to the instance to view the output log files. + Your instance is launched using an Amazon Linux AMI. The commands and directives might not work for other Linux distributions. For more information about other distributions, such as their support for cloud-init, see documentation for the specific distribution. ### User data and shell scripts If you are familiar with shell scripting, this is the easiest and most complete way to send instructions to an instance at launch. Adding these tasks at boot time adds to the amount of time it takes to boot the instance. You should allow a few minutes of extra time for the tasks to complete before you test that the user script has finished successfully. **Important** By default, user data scripts and cloud-init directives run only during the boot cycle when you first launch an instance. You can update your configuration to ensure that your user data scripts and cloud-init directives run every time you restart your instance. For more information, see [How can I utilize user data to automatically run a script with every restart of my Amazon EC2 Linux instance?](https://repost.aws/knowledge-center/execute-user-data-ec2) in the AWS Knowledge Center. User data shell scripts must start with the `#!` characters and the path to the interpreter you want to read the script (commonly **/bin/bash)**. For an introduction on shell scripting, see the [Bash Reference Manual](https://www.gnu.org/software/bash/manual/bash.html) on the *GNU Operating System* website. Scripts entered as user data are run as the root user, so do not use the **sudo** command in the script. Remember that any files you create will be owned by the root user; if you need a non-root user to have file access, you should modify the permissions accordingly in the script. Also, because the script is not run interactively, you cannot include commands that require user feedback (such as **yum update** without the `-y` flag). If you use an AWS API, including the AWS CLI, in a user data script, you must use an instance profile when launching the instance. An instance profile provides the appropriate AWS credentials required by the user data script to issue the API call. For more information, see [Use instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) in the IAM User Guide. The permissions you assign to the IAM role depend on which services you are calling with the API. For more information, see [IAM roles for Amazon EC2](iam-roles-for-amazon-ec2.md). The cloud-init output log file captures console output so it is easy to debug your scripts following a launch if the instance does not behave the way you intended. To view the log file, [connect to the instance](connect-to-linux-instance.md) and open `/var/log/cloud-init-output.log`. When a user data script is processed, it is copied to and run from `/var/lib/cloud/instances/instance-id/`. The script is not deleted after it is run. Be sure to delete the user data scripts from `/var/lib/cloud/instances/instance-id/` before you create an AMI from the instance. Otherwise, the script will exist in this directory on any instance launched from the AMI. ### Update the instance user data To update the instance user data, you must first stop the instance. If the instance is running, you can view the user data but you cannot modify it. **Warning** When you stop an instance, the data on instance store volumes is lost. To preserve this data, back it up to persistent storage. **To modify instance user data** 1. Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). 1. In the navigation pane, choose **Instances**. 1. Select the instance and choose **Instance state**, **Stop instance**. If this option is disabled, either the instance is already stopped or its root volume is an instance store volume. 1. When prompted for confirmation, choose **Stop**. It can take a few minutes for the instance to stop. 1. With the instance still selected, choose **Actions**, **Instance settings**, **Edit user data**. 1. Modify the user data as needed, and then choose **Save**. 1. Start the instance. The new user data is visible on your instance after you start it; however, user data scripts are not run. ### User data and cloud-init directives The cloud-init package configures specific aspects of a new Amazon Linux instance when it is launched; most notably, it configures the `.ssh/authorized_keys` file for the ec2-user so you can log in with your own private key. For more information about the configuration tasks that the cloud-init package performs for Amazon Linux instances, see the following documentation: + **Amazon Linux 2023** – [Customized cloud-init](https://docs.aws.amazon.com/linux/al2023/ug/cloud-init.html) + **Amazon Linux 2** – [Using cloud-init on Amazon Linux 2](https://docs.aws.amazon.com/linux/al2/ug/amazon-linux-cloud-init.html) The cloud-init user directives can be passed to an instance at launch the same way that a script is passed, although the syntax is different. For more information about cloud-init, see [https://cloudinit.readthedocs.org/en/latest/index.html](https://cloudinit.readthedocs.org/en/latest/index.html). **Important** By default, user data scripts and cloud-init directives run only during the boot cycle when you first launch an instance. You can update your configuration to ensure that your user data scripts and cloud-init directives run every time you restart your instance. For more information, see [How can I utilize user data to automatically run a script with every restart of my Amazon EC2 Linux instance?](https://repost.aws/knowledge-center/execute-user-data-ec2) in the AWS Knowledge Center. Adding these tasks at boot time adds to the amount of time it takes to boot an instance. You should allow a few minutes of extra time for the tasks to complete before you test that your user data directives have completed. **To pass cloud-init directives to an Amazon Linux instance** 1. Follow the procedure for [launching an instance](ec2-launch-instance-wizard.md). The **User data** field is located in the [Advanced details](ec2-instance-launch-parameters.md#liw-advanced-details) section of the launch instance wizard. Enter your cloud-init directive text in the **User data** field, and then complete the instance launch procedure. In the examples below, the directives create and configure a web server on Amazon Linux. The `#cloud-config` line at the top is required in order to identify the commands as cloud-init directives. ------ #### [ AL2023 ] ``` #cloud-config package_update: true package_upgrade: all packages: - httpd - mariadb105-server - php8.1 - php8.1-mysqlnd runcmd: - systemctl start httpd - systemctl enable httpd - [ sh, -c, "usermod -a -G apache ec2-user" ] - [ sh, -c, "chown -R ec2-user:apache /var/www" ] - chmod 2775 /var/www - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ] - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ] - [ sh, -c, 'echo "" > /var/www/html/phpinfo.php' ] ``` ------ #### [ AL2 ] ``` #cloud-config package_update: true package_upgrade: all packages: - httpd - mariadb-server runcmd: - [ sh, -c, "amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2" ] - systemctl start httpd - systemctl enable httpd - [ sh, -c, "usermod -a -G apache ec2-user" ] - [ sh, -c, "chown -R ec2-user:apache /var/www" ] - chmod 2775 /var/www - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ] - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ] - [ sh, -c, 'echo "" > /var/www/html/phpinfo.php' ] ``` ------ 1. Allow enough time for the instance to launch and run the directives in your user data, and then check to see that your directives have completed the tasks you intended. For this example, in a web browser, enter the URL of the PHP test file the directives created. This URL is the public DNS address of your instance followed by a forward slash and the file name. ``` http://my.public.dns.amazonaws.com/phpinfo.php ``` You should see the PHP information page. If you are unable to see the PHP information page, check that the security group you are using contains a rule to allow HTTP (port 80) traffic. For more information, see [Configure security group rules](changing-security-group.md#add-remove-security-group-rules). 1. (Optional) If your directives did not accomplish the tasks you were expecting them to, or if you just want to verify that your directives completed without errors, [connect to the instance](connect-to-linux-instance.md), examine the output log file (`/var/log/cloud-init-output.log`), and look for error messages in the output. For additional debugging information, you can add the following line to your directives: ``` output : { all : '| tee -a /var/log/cloud-init-output.log' } ``` This directive sends **runcmd** output to `/var/log/cloud-init-output.log`. ### User data and the AWS CLI You can use the AWS CLI to specify, modify, and view the user data for your instance. For information about viewing user data from your instance using instance metadata, see [Access instance metadata for an EC2 instance](instancedata-data-retrieval.md). On Windows, you can use the AWS Tools for Windows PowerShell instead of using the AWS CLI. For more information, see [User data and the Tools for Windows PowerShell](#user-data-powershell) . **Example: Specify user data at launch** To specify user data when you launch your instance, use the [run-instances](https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html) command with the `--user-data` parameter. With **run-instances**, the AWS CLI performs base64 encoding of the user data for you. The following example shows how to specify a script as a string on the command line: ``` aws ec2 run-instances --image-id ami-abcd1234 --count 1 --instance-type m3.medium \ --key-name my-key-pair --subnet-id subnet-abcd1234 --security-group-ids sg-abcd1234 \ --user-data echo user data ``` The following example shows how to specify a script using a text file. Be sure to use the `file://` prefix to specify the file. ``` aws ec2 run-instances --image-id ami-abcd1234 --count 1 --instance-type m3.medium \ --key-name my-key-pair --subnet-id subnet-abcd1234 --security-group-ids sg-abcd1234 \ --user-data file://my_script.txt ``` The following is an example text file with a shell script. ``` #!/bin/bash yum update -y service httpd start chkconfig httpd on ``` **Example: Modify the user data of a stopped instance** You can modify the user data of a stopped instance using the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command. With **modify-instance-attribute**, the AWS CLI does not perform base64 encoding of the user data for you. + On a **Linux** computer, use the base64 command to encode the user data. ``` base64 my_script.txt >my_script_base64.txt ``` + On a **Windows** computer, use the certutil command to encode the user data. Before you can use this file with the AWS CLI, you must remove the first (BEGIN CERTIFICATE) and last (END CERTIFICATE) lines. ``` certutil -encode my_script.txt my_script_base64.txt notepad my_script_base64.txt ``` Use the `--attribute` and `--value` parameters to use the encoded text file to specify the user data. Be sure to use the `file://` prefix to specify the file. ``` aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --attribute userData --value file://my_script_base64.txt ``` **Example: Clear the user data of a stopped instance** To delete the existing user data, use the [modify-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-attribute.html) command as follows: ``` aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --user-data Value= ``` **Example: View user data** To retrieve the user data for an instance, use the [describe-instance-attribute](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-attribute.html) command. With **describe-instance-attribute**, the AWS CLI does not perform base64 decoding of the user data for you. ``` aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute userData ``` The following is example output with the user data base64 encoded. ``` { "UserData": { "Value": "IyEvYmluL2Jhc2gKeXVtIHVwZGF0ZSAteQpzZXJ2aWNlIGh0dHBkIHN0YXJ0CmNoa2NvbmZpZyBodHRwZCBvbg==" }, "InstanceId": "i-1234567890abcdef0" } ``` + On a **Linux** computer , use the `--query` option to get the encoded user data and the base64 command to decode it. ``` aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute userData --output text --query "UserData.Value" | base64 --decode ``` + On a **Windows** computer, use the `--query` option to get the coded user data and the certutil command to decode it. Note that the encoded output is stored in a file and the decoded output is stored in another file. ``` aws ec2 describe-instance-attribute --instance-id i-1234567890abcdef0 --attribute userData --output text --query "UserData.Value" >my_output.txt certutil -decode my_output.txt my_output_decoded.txt type my_output_decoded.txt ``` The following is example output. ``` #!/bin/bash yum update -y service httpd start chkconfig httpd on ``` ### Combine shell scripts and cloud-init directives By default, you can include only one content type in user data at a time. However, you can use the `text/cloud-config` and `text/x-shellscript` content-types in a mime-multi part file to include both a shell script and cloud-init directives in your user data. The following shows the mime-multi part format. ``` Content-Type: multipart/mixed; boundary="//" MIME-Version: 1.0 --// Content-Type: text/cloud-config; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cloud-config.txt" #cloud-config cloud-init directives --// Content-Type: text/x-shellscript; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="userdata.txt" #!/bin/bash shell script commands --//-- ``` For example, the following user data includes cloud-init directives and a bash shell script. The cloud-init directives creates a file (`/test-cloudinit/cloud-init.txt`), and writes `Created by cloud-init` to that file. The bash shell script creates a file (`/test-userscript/userscript.txt`) and writes `Created by bash shell script` to that file. ``` Content-Type: multipart/mixed; boundary="//" MIME-Version: 1.0 --// Content-Type: text/cloud-config; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cloud-config.txt" #cloud-config runcmd: - [ mkdir, /test-cloudinit ] write_files: - path: /test-cloudinit/cloud-init.txt content: Created by cloud-init --// Content-Type: text/x-shellscript; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="userdata.txt" #!/bin/bash mkdir test-userscript touch /test-userscript/userscript.txt echo "Created by bash shell script" >> /test-userscript/userscript.txt --//-- ``` ## How Amazon EC2 handles user data for Windows instances User data for Windows instances On Windows instances, the launch agent performs the tasks related to user data. For more information, see the following: + [EC2Launch v2](ec2launch-v2.md) + [EC2Launch](ec2launch.md) + [EC2Config service](ec2config-service.md) For examples of the assembly of a `UserData` property in a CloudFormation template, see [Base64 Encoded UserData Property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-general.html#scenario-userdata-base64) and [Base64 Encoded UserData Property with AccessKey and SecretKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-general.html#scenario-userdata-base64-with-keys). For an example of running commands on an instance within an Auto Scaling group that works with lifecycle hooks, see [Tutorial: Configure user data to retrieve the target lifecycle state through instance metadata](https://docs.aws.amazon.com/autoscaling/ec2/userguide/tutorial-lifecycle-hook-instance-metadata.html) in the *Amazon EC2 Auto Scaling User Guide*. **Topics** + [ ### User data scripts ](#user-data-scripts) + [ ### Compressed user data ](#user-data-compressed) + [ ### User data execution ](#user-data-execution) + [ ### User data and the Tools for Windows PowerShell ](#user-data-powershell) ### User data scripts For `EC2Config` or `EC2Launch` to run scripts, you must enclose the script within a special tag when you add it to user data. The tag that you use depends on whether the commands run in a Command Prompt window (batch commands) or use Windows PowerShell. If you specify both a batch script and a Windows PowerShell script, the batch script runs first and the Windows PowerShell script runs next, regardless of the order in which they appear in the instance user data. If you use an AWS API, including the AWS CLI, in a user data script, you must use an instance profile when launching the instance. An instance profile provides the appropriate AWS credentials required by the user data script to make the API call. For more information, see [Instance profiles](iam-roles-for-amazon-ec2.md#ec2-instance-profile). The permissions you assign to the IAM role depend on which services you are calling with the API. For more information, see [IAM roles for Amazon EC2](iam-roles-for-amazon-ec2.md). **Topics** + [ #### Syntax for batch scripts ](#user-data-batch-scripts) + [ #### Syntax for Windows PowerShell scripts ](#user-data-powershell-scripts) + [ #### Syntax for YAML configuration scripts ](#user-data-yaml-scripts) + [ #### Base64 encoding ](#user-data-base64-encoding) #### Syntax for batch scripts Specify a batch script using the `script` tag. Separate the commands using line breaks as shown in the following example. ``` ``` By default, user data scripts run one time when you launch the instance. To run the user data scripts every time you reboot or start the instance, add `true` to the user data. ``` true ``` **EC2Launch v2 agent** To run an XML user data script as a detached process with the EC2Launch v2 **executeScript** task in the `UserData` stage, add `true` to the user data. **Note** The detach tag is not supported by previous launch agents. ``` true ``` #### Syntax for Windows PowerShell scripts The AWS Windows AMIs include the [AWS Tools for Windows PowerShell](https://aws.amazon.com/powershell/), so you can specify these cmdlets in user data. If you associate an IAM role with your instance, you don't need to specify credentials to the cmdlets, as applications that run on the instance use the role's credentials to access AWS resources (for example, Amazon S3 buckets). Specify a Windows PowerShell script using the `` tag. Separate the commands using line breaks. The `` tag is case-sensitive. For example: ``` $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file ``` By default, the user data scripts run one time when you launch the instance. To run the user data scripts every time you reboot or start the instance, add `true` to the user data. ``` $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file true ``` You can specify one or more PowerShell arguments with the `` tag. If no arguments are passed, EC2Launch and EC2Launch v2 add the following argument by default: `-ExecutionPolicy Unrestricted`. **Example:** ``` $file = $env:SystemRoot + "\Temp" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file -ExecutionPolicy Unrestricted -NoProfile -NonInteractive ``` **EC2Launch v2 agent** To run an XML user data script as a detached process with the EC2Launch v2 **executeScript** task in the `UserData` stage, add `true` to the user data. **Note** The detach tag is not supported by previous launch agents. ``` $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file true ``` #### Syntax for YAML configuration scripts If you are using EC2Launch v2 to run scripts, you can use the YAML format. To view configuration tasks, details, and examples for EC2Launch v2, see [EC2Launch v2 task configuration](ec2launch-v2-settings.md#ec2launch-v2-task-configuration). Specify a YAML script with the `executeScript` task. **Example YAML syntax to run a PowerShell script** ``` version: 1.0 tasks: - task: executeScript inputs: - frequency: always type: powershell runAs: localSystem content: |- $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file ``` **Example YAML syntax to run a batch script** ``` version: 1.1 tasks: - task: executeScript inputs: - frequency: always type: batch runAs: localSystem content: |- echo Current date and time >> %SystemRoot%\Temp\test.log echo %DATE% %TIME% >> %SystemRoot%\Temp\test.log ``` #### Base64 encoding If you're using the Amazon EC2 API or a tool that does not perform base64 encoding of the user data, you must encode the user data yourself. If not, an error is logged about being unable to find `script` or `powershell` tags to run. The following is an example that encodes using Windows PowerShell. ``` $UserData = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Script)) ``` The following is an example that decodes using PowerShell. ``` $Script = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UserData)) ``` For more information about base64 encoding, see [https://www.ietf.org/rfc/rfc4648.txt](https://www.ietf.org/rfc/rfc4648.txt). ### Compressed user data EC2Launch v2 supports zipped user data as a method to submit user data that's larger than the 16 KB limit imposed by IMDS. To use this feature, compress your user data script into a `.zip` archive and pass it to your EC2 instance. When EC2Launch v2 detects compressed user data, it automatically unzips the compressed user data script and runs it. As with standard user data, if you're using the Amazon EC2 API or a tool that does not perform base64 encoding of the user data, you must encode the compressed user data yourself. For more information about the user data size limit and base64 encoding, see [Access instance metadata for an EC2 instance](instancedata-data-retrieval.md). ### User data execution By default, all AWS Windows AMIs have user data execution enabled for the initial launch. You can specify that user data scripts are run the next time the instance reboots or restarts. Alternatively, you can specify that user data scripts are run every time the instance reboots or restarts. **Note** User data is not enabled to run by default after the initial launch. To enable user data to run when you reboot or start the instance, see [Run scripts during subsequent reboots or starts](#user-data-scripts-subsequent). User data scripts are run from the local administrator account when a random password is generated. Otherwise, user data scripts are run from the System account. #### Instance launch scripts Scripts in the instance user data are run during the initial launch of the instance. If the `persist` tag is found, user data execution is enabled for subsequent reboots or starts. The log files for EC2Launch v2, EC2Launch, and EC2Config contain the output from the standard output and standard error streams. **EC2Launch v2** The log file for EC2Launch v2 is `C:\ProgramData\Amazon\EC2Launch\log\agent.log`. **Note** The `C:\ProgramData` folder might be hidden. To view the folder, you must show hidden files and folders. The following information is logged when the user data is run: + `Info: Converting user-data to yaml format` – If the user data was provided in XML format + `Info: Initialize user-data state` – The start of user data execution + `Info: Frequency is: always` – If the user data task is running on every boot + `Info: Frequency is: once` – If the user data task is running just once + `Stage: postReadyUserData execution completed` – The end of user data execution **EC2Launch** The log file for EC2Launch is `C:\ProgramData\Amazon\EC2-Windows\Launch\Log\UserdataExecution.log`. The `C:\ProgramData` folder might be hidden. To view the folder, you must show hidden files and folders. The following information is logged when the user data is run: + `Userdata execution begins` – The start of user data execution + ` tag was provided: true` – If the persist tag is found + `Running userdata on every boot` – If the persist tag is found + ` tag was provided.. running powershell content` – If the powershell tag is found + `