Syntax Properties Return Values Examples See Also

AWS::EC2::Instance

Specifies an EC2 instance.

If an Elastic IP address is attached to your instance, AWS CloudFormation reattaches the Elastic IP address after it updates the instance. For more information about updating stacks, see AWS CloudFormation Stacks Updates.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::EC2::Instance",
  "Properties" : {
      "AdditionalInfo" : String,
      "Affinity" : String,
      "AvailabilityZone" : String,
      "BlockDeviceMappings" : [ BlockDeviceMapping, ... ],
      "CpuOptions" : CpuOptions,
      "CreditSpecification" : CreditSpecification,
      "DisableApiTermination" : Boolean,
      "EbsOptimized" : Boolean,
      "ElasticGpuSpecifications" : [ ElasticGpuSpecification, ... ],
      "ElasticInferenceAccelerators" : [ ElasticInferenceAccelerator, ... ],
      "HibernationOptions" : HibernationOptions,
      "HostId" : String,
      "HostResourceGroupArn" : String,
      "IamInstanceProfile" : String,
      "ImageId" : String,
      "InstanceInitiatedShutdownBehavior" : String,
      "InstanceType" : String,
      "Ipv6AddressCount" : Integer,
      "Ipv6Addresses" : [ InstanceIpv6Address, ... ],
      "KernelId" : String,
      "KeyName" : String,
      "LaunchTemplate" : LaunchTemplateSpecification,
      "LicenseSpecifications" : [ LicenseSpecification, ... ],
      "Monitoring" : Boolean,
      "NetworkInterfaces" : [ NetworkInterface, ... ],
      "PlacementGroupName" : String,
      "PrivateIpAddress" : String,
      "RamdiskId" : String,
      "SecurityGroupIds" : [ String, ... ],
      "SecurityGroups" : [ String, ... ],
      "SourceDestCheck" : Boolean,
      "SsmAssociations" : [ SsmAssociation, ... ],
      "SubnetId" : String,
      "Tags" : [ Tag, ... ],
      "Tenancy" : String,
      "UserData" : String,
      "Volumes" : [ Volume, ... ]
    }
}

YAML


Type: AWS::EC2::Instance
Properties: 
  AdditionalInfo: String
  Affinity: String
  AvailabilityZone: String
  BlockDeviceMappings: 
    - BlockDeviceMapping
  CpuOptions: 
    CpuOptions
  CreditSpecification: 
    CreditSpecification
  DisableApiTermination: Boolean
  EbsOptimized: Boolean
  ElasticGpuSpecifications: 
    - ElasticGpuSpecification
  ElasticInferenceAccelerators: 
    - ElasticInferenceAccelerator
  HibernationOptions: 
    HibernationOptions
  HostId: String
  HostResourceGroupArn: String
  IamInstanceProfile: String
  ImageId: String
  InstanceInitiatedShutdownBehavior: String
  InstanceType: String
  Ipv6AddressCount: Integer
  Ipv6Addresses: 
    - InstanceIpv6Address
  KernelId: String
  KeyName: String
  LaunchTemplate: 
    LaunchTemplateSpecification
  LicenseSpecifications: 
    - LicenseSpecification
  Monitoring: Boolean
  NetworkInterfaces: 
    - NetworkInterface
  PlacementGroupName: String
  PrivateIpAddress: String
  RamdiskId: String
  SecurityGroupIds: 
    - String
  SecurityGroups: 
    - String
  SourceDestCheck: Boolean
  SsmAssociations: 
    - SsmAssociation
  SubnetId: String
  Tags: 
    - Tag
  Tenancy: String
  UserData: String
  Volumes: 
    - Volume

Properties

AdditionalInfo

This property is reserved for internal use. If you use it, the stack fails with this error: Bad property set: [Testing this property] (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 0XXXXXX-49c7-4b40-8bcc-76885dcXXXXX).

Required: No

Type: String

Update requires: Some interruptions

Affinity

Indicates whether the instance is associated with a dedicated host. If you want the instance to always restart on the same host on which it was launched, specify host. If you want the instance to restart on any available host, but try to launch onto the last host it ran on (on a best-effort basis), specify default.

Required: No

Type: String

Update requires: Some interruptions

AvailabilityZone

The Availability Zone of the instance.

If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

This parameter is not supported by DescribeImageAttribute.

Required: No

Type: String

Update requires: Replacement

BlockDeviceMappings

The block device mapping entries that defines the block devices to attach to the instance at launch.

By default, the block devices specified in the block device mapping for the AMI are used. You can override the AMI block device mapping using the instance block device mapping. For the root volume, you can only override the volume size, volume type, and DeleteOnTermination setting. After the instance is running, you can only modify the DeleteOnTermination settings of the attached EBS volumes.

Required: No

Type: List of BlockDeviceMapping

Update requires: Some interruptions

CpuOptions

The CPU options for the instance.

Required: No

Type: CpuOptions

Update requires: Replacement

CreditSpecification

The credit option for CPU usage of the burstable performance instance. Valid values are standard and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification. For more information, see Burstable Performance Instances in the Amazon Elastic Compute Cloud User Guide.

Default: standard (T2 instances) or unlimited (T3/T3a instances)

Required: No

Type: CreditSpecification

Update requires: No interruption

DisableApiTermination

If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

Required: No

Type: Boolean

Update requires: No interruption

EbsOptimized

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

Required: No

Type: Boolean

Update requires: Some interruptions

ElasticGpuSpecifications

An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that you can attach to your Windows instance to accelerate the graphics performance of your applications. For more information, see Amazon EC2 Elastic GPUs in the Amazon Elastic Compute Cloud User Guide.

Required: No

Type: List of ElasticGpuSpecification

Update requires: Replacement

ElasticInferenceAccelerators

An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.

Required: No

Type: List of ElasticInferenceAccelerator

Update requires: Replacement

HibernationOptions

Indicates whether an instance is enabled for hibernation. For more information, see Hibernate Your Instance in the Amazon Elastic Compute Cloud User Guide.

Required: No

Type: HibernationOptions

Update requires: Replacement

HostId

If you specify host for the Affinity property, the ID of a dedicated host that the instance is associated with. If you don't specify an ID, Amazon EC2 launches the instance onto any available, compatible dedicated host in your account. This type of launch is called an untargeted launch. Note that for untargeted launches, you must have a compatible, dedicated host available to successfully launch instances.

Required: No

Type: String

Update requires: Some interruptions

HostResourceGroupArn

The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host.

Required: No

Type: String

Update requires: Replacement

IamInstanceProfile

The IAM instance profile. See IamInstanceProfileSpecification in the Amazon EC2 API Reference for property values.

Required: No

Type: String

Update requires: No interruption

ImageId

The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template.

Required: Conditional

Type: String

Update requires: Replacement

InstanceInitiatedShutdownBehavior

Indicates whether an instance stops or terminates when you initiate shutdown from the instance (using the operating system command for system shutdown).

Default: stop

Required: No

Type: String

Allowed Values: stop | terminate

Update requires: No interruption

InstanceType

The instance type. For more information, see Instance Types in the Amazon Elastic Compute Cloud User Guide.

Default: m1.small

Required: No

Type: String

Update requires: Some interruptions

Ipv6AddressCount

[EC2-VPC] The number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you've specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

Required: No

Type: Integer

Update requires: Replacement

Ipv6Addresses

[EC2-VPC] The IPv6 addresses from the range of the subnet to associate with the primary network interface. You cannot specify this option and the option to assign a number of IPv6 addresses in the same request. You cannot specify this option if you've specified a minimum number of instances to launch.

You cannot specify this option and the network interfaces option in the same request.

Required: No

Type: List of InstanceIpv6Address

Update requires: Replacement

KernelId

The ID of the kernel.

Important

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon Elastic Compute Cloud User Guide.

Required: No

Type: String

Update requires: Some interruptions

KeyName

The name of the key pair. You can create a key pair using CreateKeyPair or ImportKeyPair.

Important

If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.

Required: No

Type: String

Update requires: Replacement

LaunchTemplate

The launch template to use to launch the instances. Any parameters that you specify in the AWS CloudFormation template override the same parameters in the launch template. You can specify either the name or ID of a launch template, but not both.

Required: No

Type: LaunchTemplateSpecification

Update requires: Replacement

LicenseSpecifications

The license configurations.

Required: No

Type: List of LicenseSpecification

Update requires: Replacement

Monitoring

Specifies whether detailed monitoring is enabled for the instance.

Required: No

Type: Boolean

Update requires: No interruption

NetworkInterfaces

The network interfaces to associate with the instance.

Note

If you use this property to point to a network interface, you must terminate the original interface before attaching a new one to allow the update of the instance to succeed.

If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn Attribute to declare a dependency on the VPC-gateway attachment.

Required: No

Type: List of NetworkInterface

Update requires: Replacement

PlacementGroupName

The name of an existing placement group that you want to launch the instance into (for cluster instances).

Required: No

Type: String

Update requires: Replacement

PrivateIpAddress

[EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 address range of the subnet.

Only one private IP address can be designated as primary. You can't specify this option if you've specified the option to designate a private IP address as the primary IP address in a network interface specification. You cannot specify this option if you're launching more than one instance in the request.

You cannot specify this option and the network interfaces option in the same request.

If you make an update to an instance that requires replacement, you must assign a new private IP address. During a replacement, AWS CloudFormation creates a new instance but doesn't delete the old instance until the stack has successfully updated. If the stack update fails, AWS CloudFormation uses the old instance in order to roll back the stack to the previous working state. The old and new instances cannot have the same private IP address.

Required: No

Type: String

Update requires: Replacement

RamdiskId

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the AWS Resource Center and search for the kernel ID.

Important

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon Elastic Compute Cloud User Guide.

Required: No

Type: String

Update requires: Some interruptions

SecurityGroupIds

The IDs of the security groups. You can create a security group using CreateSecurityGroup.

If you specify a network interface, you must specify any security groups as part of the network interface.

Required: Conditional

Type: List of String

Update requires: Some interruptions

SecurityGroups

[EC2-Classic, default VPC] The names of the security groups. For a nondefault VPC, you must use security group IDs instead.

You cannot specify this option and the network interfaces option in the same request. The list can contain both the name of existing Amazon EC2 security groups or references to AWS::EC2::SecurityGroup resources created in the template.

Default: Amazon EC2 uses the default security group.

Required: No

Type: List of String

Update requires: Replacement

SourceDestCheck

Specifies whether to enable an instance launched in a VPC to perform NAT. This controls whether source/destination checking is enabled on the instance. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: No interruption

SsmAssociations

The SSM document and parameter values in AWS Systems Manager to associate with this instance. To use this property, you must specify an IAM instance profile role for the instance. For more information, see Create an Instance Profile for Systems Manager in the AWS Systems Manager User Guide.

Note

You can currently associate only one document with an instance.

Required: No

Type: List of SsmAssociation

Update requires: No interruption

SubnetId

[EC2-VPC] The ID of the subnet to launch the instance into.

If you specify a network interface, you must specify any subnets as part of the network interface.

Required: No

Type: String

Update requires: Replacement

Tags

The tags to apply to the instance during launch. These tags are not applied to the EBS volumes, such as the root volume.

Required: No

Type: List of Tag

Update requires: No interruption

Tenancy

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware.

Required: No

Type: String

Allowed Values: dedicated | default | host

Update requires: Some interruptions

UserData

The user data to make available to the instance. For more information, see Running Commands on Your Linux Instance at Launch (Linux) and Adding User Data (Windows). If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.

Required: No

Type: String

Update requires: Some interruptions

Volumes

The volumes to attach to the instance.

Required: No

Type: List of Volume

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the instance ID. For example: i-1234567890abcdef0.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

AvailabilityZone

The Availability Zone where the specified instance is launched. For example: us-east-1b.

You can retrieve a list of all Availability Zones for a Region by using the Fn::GetAZs intrinsic function.

PrivateDnsName

The private DNS name of the specified instance. For example: ip-10-24-34-0.ec2.internal.

PrivateIp

The private IP address of the specified instance. For example: 10.24.34.0.

PublicDnsName

The public DNS name of the specified instance. For example: ec2-107-20-50-45.compute-1.amazonaws.com.

PublicIp

The public IP address of the specified instance. For example: 192.0.2.0.

Examples

EC2 Instance with an EBS Block Device Mapping

JSON


"MyEC2Instance" : {
   "Type" : "AWS::EC2::Instance",
   "Properties" : {
      "ImageId" : "ami-79fd7eee",
      "KeyName" : "testkey",
      "BlockDeviceMappings" : [
         {
            "DeviceName" : "/dev/sdm",
            "Ebs" : {
              "VolumeType" : "io1",
              "Iops" : "200",
              "DeleteOnTermination" : "false",
              "VolumeSize" : "20"
            }
          }, 
          {
            "DeviceName" : "/dev/sdk",
            "NoDevice" : {}
          }
      ]
   }
}

YAML


  MyEC2Instance: 
    Type: AWS::EC2::Instance
    Properties: 
      ImageId: "ami-79fd7eee"
      KeyName: "testkey"
      BlockDeviceMappings: 
      - DeviceName: "/dev/sdm"
        Ebs: 
          VolumeType: "io1"
          Iops: "200"
          DeleteOnTermination: "false"
          VolumeSize: "20"
      - DeviceName: "/dev/sdk"
        NoDevice: {}

Automatically Assign a Public IP Address

You can associate a public IP address with a network interface only if it has a device index of 0 and if it is a new network interface (not an existing one).

JSON


"Ec2Instance" : {
  "Type" : "AWS::EC2::Instance",
  "Properties" : {
    "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
    "KeyName" : { "Ref" : "KeyName" },
    "NetworkInterfaces": [ {
      "AssociatePublicIpAddress": "true",
      "DeviceIndex": "0",
      "GroupSet": [{ "Ref" : "myVPCEC2SecurityGroup" }],
      "SubnetId": { "Ref" : "PublicSubnet" }
    } ]
  }
}

YAML


Ec2Instance: 
  Type: AWS::EC2::Instance
  Properties: 
    ImageId: 
      Fn::FindInMap: 
        - "RegionMap"
        - Ref: "AWS::Region"
        - "AMI"
    KeyName: 
      Ref: "KeyName"
    NetworkInterfaces: 
      - AssociatePublicIpAddress: "true"
        DeviceIndex: "0"
        GroupSet: 
          - Ref: "myVPCEC2SecurityGroup"
        SubnetId: 
          Ref: "PublicSubnet"