Managing Collected CloudTrail Event Logs

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:) is bundled. Data on other instance store volumes is not preserved.

Cancels an active export task.

This operation removes all artifacts of the export, including any partially-created Amazon S3 objects.

Cancels an active conversion task (import of a machine image or volume).

This operation removes all artifacts of the conversion, including a partially uploaded volume or instance.

Removes one or more egress rules from a security group for EC2-VPC.

This operation does not apply to security groups for use in EC2-Classic.

Deregisters the specified AMI so that it cannot be used to launch new instances.

This does not affect any existing instances launched from the AMI.

Stops an Amazon EBS-backed instance.

The root partition Amazon EBS volume remains and continues to persist the data, and continues to incur charges for Amazon EBS volume usage.

Deletes a specified Auto Scaling group.

If the group has policies, deleting the group deletes the policies, the underlying alarm actions, and any alarm that no longer has an associated action.

Deletes a specified Auto Scaling policy.

Deleting a policy deletes the underlying alarm action, but does not delete the alarm, even if it no longer has an associated action.

Creates or updates a lifecycle hook for a specified Auto Scaling Group.

A lifecycle hook tells Auto Scaling to perform an action on an instance that is not actively in service, such as when the instance launches or before the instance terminates.

Records a heartbeat for the lifecycle action associated with a specified token or instance.

This extends the timeout by the length of time defined using PutLifecycleHook.

Returns the history for a specified alarm, or all alarms if an alarm name is not specified

CloudWatch retains the history of an alarm even if you delete the alarm.

Returns a specified alarm, or all alarms if an alarm name is not specified

Disables the actions for the specified alarms

Publishes metric data points to Amazon CloudWatch

CloudWatch associates the data points with the specified metric. If the specified metric does not exist, CloudWatch creates the metric.

Creates a new Amazon ElastiCache cache parameter group

An ElastiCache cache parameter group is a collection of parameters and their values that are applied to all of the nodes in any cluster or replication group using the CacheParameterGroup.

Deletes a previously provisioned DB instance

This operation deletes all automated backups for that instance and they cannot be recovered.

Reboots the specified DB instance, usually for changes to take effect

Rebooting a DB instance restarts the database engine service and results in a momentary outage.

Deprecates the specified activity type.

After an activity type is deprecated, new tasks of that activity type cannot be created. Tasks of that type that were scheduled before deprecation continue to run.

Deprecates the specified domain.

After a domain is deprecated, it cannot be used to create new workflow executions or register new types. Deprecating a domain also deprecates all activity and workflow types registered in the domain. Executions that started before deprecation of the domain continue to run.

Deprecates the specified workflow type.

After a workflow type is deprecated, new executions of that type cannot be created. Executions that started before deprecation of the type continue to run.

Cancels an update on the specified stack.

This operation rolls back the stack update and reverts it to the previous stack configuration.

Deletes a specified queue.

After this operation completes, any messages in the queue are no longer available.

Creates a new identity pool

The identity pool is a store of user identity information that is specific to the AWS account

Creates a configuration template.

Templates are associated with a specific application and are used to deploy different versions of the application with the same configuration settings.

Deletes the specified application along with all associated versions and configurations.

The application versions will not be deleted from your Amazon S3 bucket.

Describes the configuration options that are used in a particular configuration template or environment or that a specified solution stack defines.

The description includes the values the options their default values and an indication of the required action on a running environment if an option value is changed.

Associates one or more security groups with your load balancer in Amazon Virtual Private Cloud (Amazon VPC).

The provided security group IDs override any currently applied security groups.

Generates a stickiness policy with sticky session lifetimes that follow that of an application-generated cookie.

Generates a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent) or a specified expiration period.

Creates one or more listeners on a load balancer for the specified port.

If a listener with the given port does not already exist it will be created. Otherwise, the properties of the new listener must match the properties of the existing listener.

Creates a new policy that contains the necessary attributes depending on the policy type.

Policies are settings that are saved for the load balancer and that can be applied to the front-end listener or the back-end application server depending on the policy type.

Deletes a policy from the load balancer.

The specified policy must not be enabled for any listeners.

Deregisters instances from the load balancer.

When the instance is deregistered, it will stop receiving traffic from the load balancer.

Returns the current state of the specified instances registered with the specified load balancer.

Returns detailed descriptions of the policies.

Returns meta-information on the specified load balancer policies defined by the Elastic Load Balancing service.

Returns detailed configuration information for all the load balancers created for the account.

Sets the certificate that terminates SSL connections for the specified listener.

The specified certificate replaces any prior certificate that was used on the same load balancer and port.

Replaces the current set of policies associated with a port on which the back-end server is listening with a new set of policies.

Adds new steps to a running job flow.

A maximum of 256 steps are allowed in each job flow.

Adds tags to an Amazon EMR resource.

Tags make it easier to associate clusters in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs.

Returns a list of job flows that match all of the supplied parameters.

This action is deprecated and will eventually be removed.

Provides the status of all clusters visible to the AWS account.

Provides information about the cluster instances that Amazon EMR provisions on behalf of a user when it creates the cluster.

For example this operation indicates when the EC2 instances reach the Ready state when instances become available to Amazon EMR to use for jobs and the IP addresses for cluster instances.

Modifies the number of nodes and configuration settings of an instance group.

Removes tags from an Amazon EMR resource.

Creates and starts running a new job flow.

Locks a job flow so that Amazon EC2 instances in the cluster cannot be terminated by user intervention, an API call, or in the event of a job-flow error.

The cluster still terminates upon successful completion of the job flow.

Sets whether all AWS Identity and Access Management (IAM) users under your account can access the specified job flows.

This action works on running job flows.

Shuts a list of job flows down.

When a job flow is shut down, any step not yet completed is canceled and the EC2 instances on which the job flow is running are stopped. Any log files not already saved are uploaded to Amazon S3 if a LogUri was specified when the job flow was created.

Changes the password of the IAM user who is calling this action.

The root account password is not affected by this action.

Creates a new AWS secret access key and corresponding AWS access key ID for the specified user.

The default status for new keys is Active.

Deletes the specified group.

The group cannot contain any users or have any attached policies.

Deletes the specified instance profile.

The instance profile cannot have an associated role.

Deletes the specified role.

The role cannot have any policies attached.

Deletes the specified user.

The user cannot belong to any groups have any keys or signing certificates or have any attached policies.

Enables the specified MFA device and associates it with the specified user name.

When enabled, the MFA device is required for every subsequent login by the user name associated with the device.

Returns a list of users that are in the specified group.

Retrieves the specified policy document for the specified group.

Retrieves the user name and password-creation date for the specified user.

If the user has not been assigned a password, the action returns a 404 (NoSuchEntity) error.

Returns information about the access key IDs associated with the specified user.

If there are none the action returns an empty list.

Lists the names of the policies associated with the specified group.

If there are none the action returns an empty list.

Lists the instance profiles that have the specified path prefix.

If there are none the action returns an empty list.

Lists the instance profiles that have the specified associated role.

If there are none the action returns an empty list.

Lists the MFA devices.

If the request includes the user name, the action lists all the MFA devices associated with the specified user name. If the request does not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request.

Lists the names of the policies associated with the specified role.

If there are none, the action returns an empty list.

Lists the roles that have the specified path prefix.

If there are none, the action returns an empty list.

Lists the server certificates that have the specified path prefix.

If none exist, the action returns an empty list.

Returns information about the signing certificates associated with the specified user.

If there are none, the action returns an empty list.

Lists the names of the policies associated with the specified user.

If there are none, the action returns an empty list.

Lists the IAM users that have the specified path prefix.

If no path prefix is specified, the action returns all users in the AWS account. If there are none, the action returns an empty list.

Lists the virtual MFA devices under the AWS account by assignment status.

If the request does not specify an assignment status, the action returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.

Changes the status of the specified access key from Active to Inactive or the reverse.

This action can be used to disable a user’s key as part of a key rotation work flow.

Changes the status of the specified signing certificate from active to disabled or the reverse.

This action can be used to disable a user’s signing certificate as part of a certificate rotation work flow.

Uploads a server certificate entity for the AWS account.

The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

Uploads an X.509 signing certificate and associates it with the specified user.

Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

Creates a Kinesis data stream.

A stream captures and transports data records that are continuously emitted from different data sources or producers.

Returns an Amazon Kinesis shard iterator.

A shard iterator expires five minutes after it is returned to the requester.

Decrypts ciphertext.

Ciphertext is plaintext that has been previously encrypted by using any of the following operations: GenerateKeyData, GenerateDataKeyWithoutPlaintext, or Encrypt.

Sets the state of a customer master key (CMK) to disabled.

This prevents its use for cryptographic operations.

Sets the state of a customer master key (CMK) to enabled.

This permits its use for cryptographic operations.

Returns a data encryption key encrypted under a customer master key (CMK).

This operation is identical to GenerateDataKey, but returns only the encrypted copy of the data key.

Associates one of the stack’s registered Elastic IP addresses with a specified instance.

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing.

Creates a layer.

Every stack contains one or more layers, each of which represents a stack component, such as a load balancer or a set of application servers.

Creates a new stack.

The stack is the top-level AWS OpsWorks Stacks entity.

Deregisters a specified Elastic IP address.

This makes the address available to be registered by another stack.

Deregisters an Amazon EBS volume

This makes the volume available to be registered by another stack.

Returns information about the Elastic IP addresses.

Disassociates an Elastic IP address from its instance.

The address remains registered with the stack.

Stops a specified instance.

When stopping a standard instance, the data disappears and must be reinstalled at the restart for the instance.

Unassigns an assigned Amazon EBS volume.

The volume remains registered with the stack.

Adds an inbound (ingress) rule to an Amazon Redshift security group

Depending on whether the application accessing a cluster is running on the Internet or an EC2 instance, this can authorize inbound access to either a Classless Interdomain Routing (CIDR) IP address range or an EC2 security group.

Creates a new cluster

To create the cluster in virtual private cloud (VPC), this must specify the cluster subnet group name. The cluster subnet group identifies the subnets of the VPC that Amazon Redshift uses when creating the cluster.

Creates an Amazon Redshift parameter group

Parameters in the parameter group define specific behavior that applies to the databases created on the cluster.

Creates a new Amazon Redshift security group

Security groups are used to control access to non-VPC clusters.

Creates a manual snapshot of the specified cluster

The cluster must be in the available state.

Creates a new Amazon Redshift subnet group

Creates an HSM configuration that contains the information required by an Amazon Redshift cluster to store and use database encryption keys in a Hardware Security Module (HSM)

Deletes the specified manual snapshot

The snapshot must be in the available state with no other users authorized to access the snapshot.

Returns properties of provisioned clusters including general cluster properties, cluster database properties, maintenance and backup properties, and security and access properties

Returns one or more snapshot objects which contain metadata about your cluster snapshots

By default, this operation returns information about all snapshots of all clusters that are owned by the AWS customer account. It does not return information for snapshots owned by inactive AWS customer accounts.

Returns one or more cluster subnet group objects which contain metadata about your cluster subnet groups

By default, this operation returns information about all cluster subnet groups that are defined in the AWS account.

Returns information about the specified HSM client certificate.

If no certificate ID is specified, it returns information about all the HSM certificates owned by the AWS customer account.

Returns information about the specified Amazon Redshift HSM configuration.

If no configuration ID is specified, it returns information about all the HSM configurations owned by the AWS customer account.

Modifies a cluster subnet group to include the specified list of VPC subnets.

This operation replaces the existing list of subnets with the new list of subnets.

Submits a purchase for reserved nodes.

Reboots a cluster

It results in a momentary outage to the cluster during which the cluster status is set to rebooting. A cluster event is created when the reboot is completed. Any pending cluster modifications are applied at this reboot.

Returns the current status of Easy DKIM signing for an entity.

For domain name identities this action also returns the DKIM tokens that are required for Easy DKIM signing and whether Amazon SES has successfully verified that these tokens have been published.

Returns the user’s sending statistics

The result is a list of data points representing the last two weeks of sending activity.

Sends an email message with header and content specified by the client.

Given an identity (email address or domain), enables or disables whether Amazon SES forwards bounce and complaint notifications as email.

Returns a set of DKIM tokens for a domain.

DKIM tokens are character strings that represent your domain’s identity.

Verifies an email address.

This action produces a verification email message sent to the specified address.

Adds an email address to the list of identities for the Amazon SES account in the current AWS region and attempts to verify it.

This action produces a verification email message sent to the specified address.

Verifies an endpoint owner’s intent to receive messages by validating the token sent to the endpoint by an earlier Subscribe action.

If the token is valid, this action creates a new subscription and returns its Amazon Resource Name (ARN).

Creates a platform application object for one of the supported push notification services, such as APNS and GCM, to which devices and mobile apps may register.

Creates an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS.

Creates a topic for notification publishing.

Deletes a topic and all its subscriptions.

Deleting a topic might prevent some messages previously sent to the topic from being delivered to subscribers.

Sends a message to all of a topic’s subscribed endpoints.

When a message ID is returned, the message has been saved and Amazon SNS will attempt to deliver it to the topic’s subscribers.

Creates a cached volume on a specified cached volume gateway.

In response, the gateway creates the volume and returns information about it, including the volume Amazon Resource Name (ARN), its size, and the iSCSI target ARN that initiators can use to connect to the volume target.

Returns information about the cache of a gateway.

The response includes disk IDs that are configured as cache, and it includes the amount of cache allocated and used.

Shuts down a specified gateway.

The operation shuts down the gateway service component running in the gateway VM and not the host VM.

Returns a set of temporary security credentials, consisting of an access key ID a secret access key and a security token.

These credentials can be used to access AWS resources to which a user might not normally have access.

Returns a set of temporary security credentials for users who have been authenticated through a SAML authentication response.

This operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific credentials or configuration.

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider.

Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.

Returns a set of temporary security credentials for a federated user, consisting of an access key ID, a secret access key, and a security token.

This operation is appropriate in contexts where those credentials can be safely stored usually in a server-based application.