Error codes for the Amazon EC2 API
Amazon EC2 has two types of error codes:
-
Client errors. These errors are usually caused by something the client did, such as specifying an incorrect or invalid parameter in the request, or using an action or resource on behalf of a user that doesn't have permission to use the action or resource. These errors are accompanied by a 400-series HTTP response code.
-
Server errors. These errors are usually caused by an AWS server-side issue. These errors are accompanied by a 500-series HTTP response code.
Contents
Common client error codes
This section lists the client error codes that all Amazon EC2 API actions can return.
Error code | Description |
---|---|
AuthFailure |
The provided credentials could not be validated. You might not be authorized to carry out the request; for example, trying to associate an Elastic IP address that is not yours, or trying to use an AMI for which you do not have permissions. Ensure that your account is authorized to use Amazon EC2, that your credit card details are correct, and that you are using the correct credentials. |
Blocked |
Your account is currently blocked. Contact
AWS Support |
DryRunOperation |
The user has the required permissions, so the request would have
succeeded, but the DryRun parameter was used. |
IdempotentParameterMismatch |
The request uses the same client token as a previous, but non-identical request. Do not reuse a client token with different requests, unless the requests are identical. |
IncompleteSignature |
The request signature does not conform to AWS standards. |
InvalidAction |
The action or operation requested is not valid. Verify that the action is typed correctly. |
InvalidCharacter |
A specified character is invalid. |
InvalidClientTokenId |
The X.509 certificate or credentials provided do not exist in our records. |
InvalidPaginationToken |
The specified pagination token is not valid or is expired. |
InvalidParameter |
A parameter specified in a request is not valid, is unsupported, or cannot be used. The returned message provides an explanation of the error value. For example, if you are launching an instance, you can't specify a security group and subnet that are in different VPCs. |
InvalidParameterCombination |
Indicates an incorrect combination of parameters, or a missing parameter. For example, trying to terminate an instance without specifying the instance ID. |
InvalidParameterDependency |
Indicates an incorrect combination of parameters, or a missing parameter. For example, trying to terminate an instance without specifying the instance ID. |
InvalidParameterValue |
A value specified in a parameter is not valid, is unsupported, or cannot be used. Ensure that you specify a resource by using its full ID. The returned message provides an explanation of the error value. |
InvalidQueryParameter |
The AWS query string is malformed or does not adhere to AWS standards. |
MalformedQueryString |
The query string contains a syntax error. |
MissingAction |
The request is missing an action or a required parameter. |
MissingAuthenticationToken |
The request must contain valid credentials. |
MissingParameter |
The request is missing a required parameter. Ensure that you have supplied all the required parameters for the request; for example, the resource ID. |
OptInRequired |
You are not authorized to use the requested service. Ensure that you have subscribed to the service you are trying to use. If you are new to AWS, your account might take some time to be activated while your credit card details are being verified. |
PendingVerification |
Your account is pending verification. Until the verification process
is complete, you may not be able to carry out requests with this
account. If you have questions, contact AWS Support |
RequestExpired |
The request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for presigned URLs), or the date stamp on the request is more than 15 minutes in the future. If you're using temporary security credentials, this error can also occur if the credentials have expired. For more information, see Temporary security credentials in the IAM User Guide. |
TagPolicyViolation |
You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account. For more information, see Grant permission to tag resources during creation. |
UnauthorizedOperation |
You are not authorized to perform this operation. Check your IAM
policies, and ensure that you are using the correct credentials. For
more information, see Identity and access management for Amazon EC2. If the returned message is encoded, you
can decode it using the DecodeAuthorizationMessage action.
For more information, see DecodeAuthorizationMessage in the
AWS Security Token Service API Reference. |
UnknownParameter |
An unknown or unrecognized parameter was supplied. Requests that could cause this error include supplying a misspelled parameter or a parameter that is not supported for the specified API version. |
UnsupportedInstanceAttribute |
The specified attribute cannot be modified. |
UnsupportedOperation
|
The specified request includes an unsupported operation. For example, you can't stop an instance that's instance store-backed. Or you might be trying to launch an instance type that is not supported by the specified AMI. The returned message provides details of the unsupported operation. |
UnsupportedProtocol |
SOAP has been deprecated and is no longer supported. |
ValidationError |
The input fails to satisfy the constraints specified by an AWS service. |
Client error codes for specific actions
This section lists client errors that are specific to certain Amazon EC2 API actions.
Error code | Description |
---|---|
AccountDisabled
|
The functionality you have requested has been administratively disabled for this account. |
ActiveVpcPeeringConnectionPerVpcLimitExceeded |
You've reached the limit on the number of active VPC peering connections you can have for the specified VPC. |
AddressLimitExceeded
|
You've reached the limit on the number of Elastic IP addresses that
you can allocate. For more information, see Elastic IP address limit. |
AsnConflict |
The Autonomous System Numbers (ASNs) of the specified customer gateway and the specified virtual private gateway are the same. |
AttachmentLimitExceeded
|
You've reached the limit on the number of Amazon EBS volumes or network interfaces that can be attached to a single instance. |
BootForVolumeTypeUnsupported |
The specified volume type cannot be used as a boot volume. For more information, see Amazon EBS volume types. |
BundlingInProgress
|
The specified instance already has a bundling task in progress. |
CannotDelete |
You cannot delete the 'default' security group in your VPC, but you can change its rules. For more information, see Amazon EC2 security groups. |
CapacityBlockDescribeLimitExceeded |
You've reached the limit for this account. The returned message provides details. |
ClientInvalidParameterValue |
A parameter specified in a request is not valid, is unsupported, or cannot be used. The returned message provides an explanation of the error value. For example, if you are launching an instance, you can't specify a security group and subnet that are in different VPCs. |
ClientVpnAuthorizationRuleLimitExceeded |
You've reached the limit on the number of authorization rules that can be added to a single Client VPN endpoint. |
ClientVpnCertificateRevocationListLimitExceeded |
You've reached the limit on the number of client certificate revocation lists that can be added to a single Client VPN endpoint. |
ClientVpnEndpointAssociationExists |
The specified target network is already associated with the Client VPN endpoint. |
ClientVpnEndpointLimitExceeded |
You've reached the limit on the number of Client VPN endpoints that you can create. |
ClientVpnRouteLimitExceeded |
You've reached the limit on the number of routes that can be added to a single Client VPN endpoint. |
ClientVpnTerminateConnectionsLimitExceeded |
The number of client connections you're attempting to terminate exceeds the limit. |
ConcurrentCreateImageNoRebootLimitExceeded
|
The maximum number of concurrent CreateImage requests for the instance has been reached. Wait for the current CreateImage requests to complete, and then retry your request. |
ConcurrentSnapshotLimitExceeded |
You've reached the limit on the number of concurrent snapshots you can create on the specified volume. Wait until the 'pending' requests have completed, and check that you do not have snapshots that are in an incomplete state, such as 'error', which count against your concurrent snapshot limit. |
ConcurrentTagAccess |
You can't run simultaneous commands to modify a tag for a specific resource. Allow sufficient wait time for the previous request to complete, then retry your request. |
CreditSpecificationUpdateInProgress |
The default credit specification for the instance family is currently being updated. It takes about five minutes to complete. For more information, see Set the default credit specification for the account. |
CustomerGatewayLimitExceeded
|
You've reached the limit on the number of customer gateways you can create for the AWS Region. For more information, see Amazon VPC quotas. |
CustomerKeyHasBeenRevoked |
The KMS key cannot be accessed. For more information, see Amazon EBS encryption. |
DeclarativePoliciesAccessDeniedException |
You do not have sufficient access to perform this action, or the specified
TargetId does not exist, or the specified
TargetId is not in your organization. To generate an
account status report for declarative policies, the caller must be the
management account or a delegated administrator for the organization and
the specified TargetId must belong to your
organization. |
DeclarativePoliciesNotEnabledException |
Trusted access is not enabled. Trusted access must be enabled for the service for which
the declarative policy will enforce a baseline configuration. The API
uses the following service principal to identify the EC2 service:
ec2.amazonaws.com . For more information on how to
enable trusted access with the AWS CLI and AWS SDKs, see Using Organizations with other AWS services. |
DeleteConversionTaskError |
The conversion task cannot be canceled. |
DefaultSubnetAlreadyExistsInAvailabilityZone |
A default subnet already exists in the specified Availability Zone. You can have only one default subnet per Availability Zone. |
DefaultVpcAlreadyExists |
A default VPC already exists in the AWS Region. You can only have one default VPC per Region. |
DefaultVpcDoesNotExist |
There is no default VPC in which to carry out the request. If you've deleted your default VPC, you can create a new one. For more information, see Create a default VPC. |
DependencyViolation
|
The specified object has dependent resources. A number of resources in a VPC may have dependent resources, which prevent you from deleting or detaching them. Remove the dependencies first, then retry your request. For example, this error occurs if you try to delete a security group in a VPC that is in use by another security group. |
DiskImageSizeTooLarge
|
The disk image exceeds the allowed limit (for instance or volume import). |
DuplicateSubnetsInSameZone |
For an interface VPC endpoint, you can specify only one subnet per Availability Zone. |
EncryptedVolumesNotSupported
|
Encrypted Amazon EBS volumes may only be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption. |
ExistingVpcEndpointConnections |
You cannot delete a VPC endpoint service configuration or change the load balancers for the endpoint service if there are endpoints attached to the service. |
FleetNotInModifiableState |
The Spot Fleet request must be in the active state in order to modify it.
For more information, see Spot Fleet request types. |
FlowLogAlreadyExists
|
A flow log with the specified configuration already exists. |
FlowLogsLimitExceeded
|
You've reached the limit on the number of flow logs you can create. For more information, see Amazon VPC quotas. |
FilterLimitExceeded
|
The request uses too many filters or too many filter values. |
Gateway.NotAttached
|
An internet gateway is not attached to a VPC. If you are trying to detach an internet gateway, ensure that you specify the correct VPC. If you are trying to associate an Elastic IP address with a network interface or an instance, ensure that an internet gateway is attached to the relevant VPC. |
HostAlreadyCoveredByReservation |
The specified Dedicated Host is already covered by a reservation. |
HostLimitExceeded |
You've reached the limit on the number of Dedicated Hosts that you can allocate. For more information, see Dedicated Hosts. |
IdempotentInstanceTerminated |
The request to launch an instance uses the same client token as a previous request for which the instance has been terminated. |
InaccessibleStorageLocation |
The specified Amazon S3 URL cannot be accessed. Check the access permissions for the URL. |
InaccessibleStorageLocationException |
The specified Amazon S3 bucket can't be accessed. An S3 bucket must be available before generating an account status report for declarative policies (you can create a new one or use an existing one), you must own the bucket, it must be in the same Region in which the request was made, and it must have an appropriate bucket policy. For a sample S3 policy, see Sample Amazon S3 policy under Examples. |
IncorrectInstanceState
|
The instance is in an incorrect state for the requested action. For example,
some instance attributes, such as user data,
can only be modified if the instance is in a 'stopped' state. If you are associating an Elastic IP address with a network interface, ensure that the instance that the interface is attached to is not in the 'pending' state. |
IncorrectModificationState |
A new modification action on an EBS Elastic Volume cannot occur because the volume is currently being modified. |
IncorrectSpotRequestState
|
The Spot Instance request is in an incorrect state for the request. Spot request status information can help you track your Amazon EC2 Spot Instance requests. For more information, see Spot request status. |
IncorrectState
|
The resource is in an incorrect state for the request. This error can occur if you are trying to attach a volume that is still being created or detach a volume that is not in the 'available' state. Verify that the volume is in the 'available' state. If you are creating a snapshot, ensure that the previous request to create a snapshot on the same volume has completed. If you are deleting a virtual private gateway, ensure that it's detached from the VPC. |
IncorrectStateException |
The resource is in an incorrect state for the request. This error
can occur if you're trying to cancel the generation of an account
status report for declarative policies that already has the
|
IncompatibleHostRequirements |
There are no available or compatible Dedicated Hosts available on which to launch or start the instance. |
InstanceCreditSpecification.NotSupported |
The specified instance does not use CPU credits for CPU usage; only T2 instances use CPU credits for CPU usage. |
InstanceEventStartTimeCannotChange
|
The specified scheduled event start time does not meet the requirements for rescheduling a scheduled event. For more information, see Limitations. |
InstanceLimitExceeded
|
You've reached the limit on the number of instances you can run concurrently. This
error can occur if you are launching an instance or if you are creating
a Capacity Reservation. Capacity Reservations count towards your
On-Demand Instance limits. If your request fails due to limit
constraints, increase your On-Demand Instance limit for the required
instance type and try again. For more information, see EC2 On-Demand instance limits |
InsufficientCapacityOnHost |
There is not enough capacity on the Dedicated Host to launch or start the instance. |
InstanceTpmEkPubNotFound
|
The public Trusted Platform Module (TPM) Endorsement Key (EK) cannot be found. |
InsufficientFreeAddressesInSubnet |
The specified subnet does not contain enough free private IP addresses to fulfill your request. Use the DescribeSubnets request to view how many IP addresses are available (unused) in your subnet. IP addresses associated with stopped instances are considered unavailable. |
InsufficientReservedInstancesCapacity |
There is insufficient capacity for the requested Reserved Instances. |
InterfaceInUseByTrafficMirrorSession |
The Traffic Mirror source that you are trying to create uses an interface that is already associated with a session. An interface can only be associated with a session, or with a target, but not both. |
InterfaceInUseByTrafficMirrorTarget |
The Traffic Mirror source that you are trying to create uses an interface that is already associated with a target. An interface can only be associated with a session, or with a target, but not both. If the interface is associated with a target, it cannot be associated with another target. |
InternetGatewayLimitExceeded
|
You've reached the limit on the number of internet gateways that you can create. For more information, see Amazon VPC quotas. |
InvalidAddress.Locked |
The specified Elastic IP address cannot be released from your account. A reverse DNS
record may be associated with the Elastic IP address. To unlock the
address, contact AWS Support |
InvalidAddress.Malformed |
The specified IP address is not valid. Ensure that you provide the
address in the form xx.xx.xx.xx ; for example,
55.123.45.67 |
InvalidAddress.NotFound |
The specified Elastic IP address that you are describing cannot be found. Ensure that you specify the AWS Region in which the IP address is located, if it's not in the default Region. |
InvalidAddressID.NotFound |
The specified allocation ID for the Elastic IP address you are trying to release cannot be found. Ensure that you specify the AWS Region in which the IP address is located, if it's not in the default Region. |
InvalidAffinity |
The specified affinity value is not valid. |
InvalidAllocationID.NotFound |
The specified allocation ID you are trying to describe or associate does not exist. Ensure that you specify the AWS Region in which the IP address is located, if it's not in the default Region. |
InvalidAMIAttributeItemValue
|
The value of an item added to, or removed from, an image attribute is
not valid. If you are specifying a userId , check that it is
in the form of an AWS account ID, without hyphens. |
InvalidAMIID.Malformed
|
The specified AMI ID is malformed. Ensure that you provide the full AMI ID, in the form ami-xxxxxxxxxxxxxxxxx. |
InvalidAMIID.NotFound
|
The specified AMI doesn't exist. Check the AMI ID, and ensure that you specify the AWS Region in which the AMI is located, if it's not in the default Region. This error might also occur if you specified an incorrect kernel ID when launching an instance. This error might also occur if the AMI doesn't meet your Allowed AMIs criteria. To use this AMI, you must change the Allowed AMIs criteria. For more information, see Control the discovery and use of AMIs in Amazon EC2 with Allowed AMIs. |
InvalidAMIID.Unavailable
|
The specified AMI has been deregistered and is no longer available, or is not in a state from which you can launch an instance or modify attributes. |
InvalidAMIName.Duplicate |
The specified AMI name is already in use by another AMI. If you have recently deregistered an AMI with the same name, allow enough time for the change to propagate through the system, and retry your request. |
InvalidAMIName.Malformed |
AMI names must be between 3 and 128 characters long, and may only contain letters, numbers, and the following special characters: '-', '_', '.', '/', '(', and ')'. |
InvalidAssociationID.NotFound |
The specified association ID (for an Elastic IP address, a route table, or network ACL) does not exist. Ensure that you specify the AWS Region in which the association ID is located, if it's not in the default Region. |
InvalidAttachment.NotFound
|
Indicates an attempt to detach a volume from an instance to which it is not attached. |
InvalidAttachmentID.NotFound |
The specified network interface attachment does not exist. |
InvalidAutoPlacement |
The specified value for auto-placement is not valid. |
InvalidAvailabilityZone |
The specified Availability Zone is not valid. |
InvalidBlockDeviceMapping |
A block device mapping parameter is not valid. The returned message indicates the incorrect value. |
InvalidBundleID.NotFound |
The specified bundle task ID cannot be found. Ensure that you specify the AWS Region in which the bundle task is located, if it's not in the default Region. |
InvalidCapacityBlockOfferingIdExpired |
The Capacity Block offering ID is no longer available. |
InvalidCapacityBlockOfferingIdMalformed |
The Capacity Block offering ID is malformed. |
InvalidCapacityBlockOfferingIdNotFound |
The Capacity Block offering ID cannot be found for this account. |
InvalidCapacityReservationState.PendingActivation |
Your Capacity Block is not active yet. |
InvalidCarrierGatewayID.NotFound |
The specified carrier gateway ID cannot be found. Ensure that you specify the AWS Region in which the carrier gateway is located, if it's not in the default Region. |
InvalidCidr.InUse |
The specified inside tunnel CIDR is already in use by another VPN tunnel for the virtual private gateway. |
InvalidClientToken |
The specified client token is not valid. For more information, see Ensuring idempotency. |
InvalidClientVpnActiveAssociationNotFound |
You cannot perform this action on the Client VPN endpoint while it is in the pending-association state. |
InvalidClientVpnAssociationIdNotFound |
The specified target network association cannot be found. |
InvalidClientVpnConnection.IdNotFound |
The specified Client VPN endpoint cannot be found. |
InvalidClientVpnConnection.UserNotFound |
The specified user does not have an active connection to the specified Client VPN endpoint. |
InvalidClientVpnDuplicateAssociationException |
The specified target network has already been associated with the Client VPN endpoint. |
InvalidClientVpnDuplicateAuthorizationRule |
The specified authorization has already been added to the Client VPN endpoint. |
InvalidClientVpnDuplicateRoute |
The specified route has already been added to the Client VPN endpoint. |
InvalidClientVpnEndpointAuthorizationRuleNotFound |
The specified authorization rule cannot be found. |
InvalidClientVpnEndpointId.NotFound |
The specified Client VPN Endpoint cannot be found. |
InvalidClientVpnRouteNotFound |
The specified route cannot be found. |
InvalidClientVpnSubnetId.DifferentAccount |
The specified subnet belongs to a different account. |
InvalidClientVpnSubnetId.DuplicateAz |
You have already associated a subnet from this Availability Zone with the Client VPN endpoint. |
InvalidClientVpnSubnetId.NotFound |
The specified subnet cannot be found in the VPN with which the Client VPN endpoint is associated. |
InvalidClientVpnSubnetId.OverlappingCidr |
The specified target network's CIDR range overlaps with the Client VPN endpoint's client CIDR range. |
InvalidConversionTaskId
|
The specified conversion task ID (for instance or volume import) is not valid. |
InvalidConversionTaskId.Malformed |
The specified conversion task ID (for instance or volume import) is malformed. Ensure that you've specified the ID in the form import-i-xxxxxxxx. |
InvalidCpuCredits |
The specified CpuCredit value is invalid. Valid values are standard and
unlimited . |
InvalidCpuCredits.Malformed |
The specified CpuCredit value is invalid. Valid values are standard and
unlimited . |
InvalidCustomerGateway.DuplicateIpAddress
|
There is a conflict among the specified gateway IP addresses. Each VPN connection in an AWS Region must be created with a unique customer gateway IP address (across all AWS accounts). For more information, see Your customer gateway device in the AWS Site-to-Site VPN User Guide. |
InvalidCustomerGatewayId.Malformed |
The specified customer gateway ID is malformed, or cannot be found. Specify the ID in the form cgw-xxxxxxxx, and ensure that you specify the AWS Region in which the customer gateway is located, if it's not in the default Region. |
InvalidCustomerGatewayID.NotFound
|
The specified customer gateway ID cannot be found. Ensure that you specify the AWS Region in which the customer gateway is located, if it's not in the default Region. |
InvalidCustomerGatewayState |
The customer gateway is not in the available state, and therefore cannot
be used. |
InvalidParameterValue
|
The device to which you are trying to attach (for example,
/dev/sdh ) is already in use on the instance.
|
InvalidDeclarativePoliciesReportIdMalformedException |
The specified account status report ID for declarative policies is malformed. Ensure that you specify the ID in the form p-xxxxxxxxxx. For more information, see Generating the account status report for declarative policies. |
InvalidDhcpOptionID.NotFound
|
The specified DHCP options set does not exist. Ensure that you specify the AWS Region in which the DHCP options set is located, if it's not in the default Region. |
InvalidDhcpOptionsID.NotFound
|
The specified DHCP options set does not exist. Ensure that you specify the AWS Region in which the DHCP options set is located, if it's not in the default Region. |
InvalidDhcpOptionsId.Malformed |
The specified DHCP options set ID is malformed. Ensure that you provide the full DHCP options set ID in the request, in the form dopt-xxxxxxxx. |
InvalidEgressOnlyInternetGatewayId.Malformed |
The specified egress-only internet gateway ID is malformed. Ensure that you specify the ID in the form eigw-xxxxxxxxxxxxxxxxx. |
InvalidEgressOnlyInternetGatewayId.NotFound |
The specified egress-only internet gateway does not exist. |
InvalidElasticGpuID.Malformed |
The specified Elastic GPU ID is malformed. Ensure that you specify the ID in the form egpu-xxxxxxxxxxxxxxxxx. |
InvalidElasticGpuID.NotFound |
The specified Elastic GPU does not exist. |
InvalidExportTaskID.Malformed |
The specified export task ID cannot be found. |
InvalidExportTaskID.NotFound |
The specified export task ID is malformed. Ensure that you specify the ID in the form export-ami-xxxxxxxxxxxxxxxxx. |
InvalidFilter
|
The specified filter is not valid. |
InvalidFlowLogId.NotFound
|
The specified flow log does not exist. |
InvalidFormat |
The specified disk format (for the instance or volume import) is not valid. |
InvalidFpgaImageID.Malformed |
The specified Amazon FPGA image (AFI) ID is malformed. Ensure that you provide the full AFI ID in the request, in the form afi-xxxxxxxxxxxxxxxxx. |
InvalidFpgaImageID.NotFound |
The specified Amazon FPGA image (AFI) ID does not exist. Ensure that you specify the AWS Region in which the AFI is located, if it's not in the default Region. |
InvalidGatewayID.NotFound
|
The specified gateway does not exist. |
InvalidGroup.Duplicate
|
You cannot create a security group with the same name as an existing security group in the same VPC. |
InvalidGroupId.Malformed
|
The specified security group ID is malformed. Ensure that you provide the full security group ID in the request, in the form sg-xxxxxxxxxxxxxxxxx. |
InvalidGroup.InUse
|
The specified security group can't be deleted because it's in use by another security group. You can remove dependencies by modifying or deleting rules in the affected security groups. |
InvalidGroup.NotFound
|
The specified security group does not exist. This error can occur because the ID of a recently created security group has not propagated through the system. For more information, see Ensuring idempotency. You can't specify a security group that is in a different AWS Region or VPC than the request. |
InvalidGroup.Reserved
|
The name 'default' is reserved, and cannot be used to create a new security group. |
InvalidHostConfiguration |
The specified Dedicated Host configuration is not supported. |
InvalidHostId |
The specified Dedicated Host ID is not valid. |
InvalidHostID.Malformed |
The specified Dedicated Host ID is not formed correctly. Ensure that you provide the full ID in the form h-xxxxxxxxxxxxxxxxx. |
InvalidHostId.Malformed |
The specified Dedicated Host ID is not formed correctly. Ensure that you provide the full ID in the form h-xxxxxxxxxxxxxxxxx. |
InvalidHostID.NotFound |
The specified Dedicated Host ID does not exist. Ensure that you specify the AWS Region in which the Dedicated Host is located, if it's not in the default Region. |
InvalidHostId.NotFound |
The specified Dedicated Host ID does not exist. Ensure that you specify the region in which the Dedicated Host is located, if it's not in the default region. |
InvalidHostReservationId.Malformed |
The specified Dedicated Host Reservation ID is not formed correctly. Ensure that you provide the full ID in the form hr-xxxxxxxxxxxxxxxxx. |
InvalidHostReservationOfferingId.Malformed |
The specified Dedicated Host Reservation offering is not formed correctly. Ensure that you provide the full ID in the form hro-xxxxxxxxxxxxxxxxx. |
InvalidHostState |
The Dedicated Host must be in the available state to
complete the operation. |
InvalidIamInstanceProfileArn.Malformed |
The specified IAM instance profile ARN is not valid. For more information about valid ARN formats, see Amazon Resource Names (ARNs). |
InvalidID |
The specified ID for the resource you are trying to tag is not valid.
Ensure that you provide the full resource ID; for example,
ami-2bb65342 for an AMI. If you're using the command line tools
on a Windows system, you might need to use quotation marks for the
key-value pair; for example,
|
InvalidInput |
An input parameter in the request is not valid. For example, you may have specified an incorrect Reserved Instance listing ID in the request or the Reserved Instance you tried to list cannot be sold in the Reserved Instances Marketplace (for example, if it has a scope of Region, or is a Convertible Reserved Instance). |
InvalidInstanceAttributeValue |
The specified instance attribute value is not valid. This error is
most commonly encountered when trying to set the
InstanceType /--instance-type attribute to
an unrecognized value. |
InvalidInstanceConnectEndpointId.Malformed |
The specified EC2 Instance Connect Endpoint ID is malformed. Ensure that you specify the ID in the form eice-xxxxxxxxxxxxxxxxx. |
InvalidInstanceConnectEndpointId.NotFound |
The specified EC2 Instance Connect Endpoint does not exist. |
InvalidInstanceCreditSpecification |
If you are modifying the credit option for CPU usage for T2 instances, the request may not contain duplicate instance IDs. |
InvalidInstanceCreditSpecification.DuplicateInstanceId |
If you are modifying the credit option for CPU usage for T2 instances, the request may not contain duplicate instance IDs. |
InvalidInstanceEventIDNotFound |
The specified ID of the event whose date and time you are modifying cannot be found. Verify the ID of the event and try your request again. |
InvalidInstanceEventStartTime |
The specified scheduled event start time does not meet the requirements for rescheduling a scheduled event. For more information, see Limitations. |
InvalidInstanceFamily |
The instance family is not supported for this request. For example, the instance family for the Dedicated Host Reservation offering is different from the instance family of the Dedicated Hosts. Or, you can only modify the default credit specification for burstable performance instance families (T2, T3, and T3a). For more information, see Set the default credit specification for the account. |
InvalidInstanceID |
This error can occur when trying to perform an operation on an instance that has multiple network interfaces. A network interface can have individual attributes; therefore, you may need to specify the network interface ID as part of the request, or use a different request. For example, each network interface in an instance can have a source/destination check flag. To modify this attribute, modify the network interface attribute, and not the instance attribute. To create a route in a route table, provide a specific network interface ID as part of the request. |
InvalidInstanceID.Malformed
|
The specified instance ID is malformed. Ensure that you provide the full instance ID in the request, in the form i-xxxxxxxx or i-xxxxxxxxxxxxxxxxx. |
InvalidInstanceID.NotFound
|
The specified instance does not exist. This error might occur because the ID of a recently created instance has not propagated through the system. For more information, see Ensuring idempotency. |
InvalidInstanceID.NotLinkable |
The specified instance cannot be linked to the specified VPC. This error may also occur
if the instance was recently launched, and its ID has not yet propagated
through the system. Wait a few minutes, or wait until the instance is in
the running state, and then try again. |
InvalidInstanceState |
The instance is not in an appropriate state to complete the request.
If you're modifying the instance placement, the instance must be in the
stopped state. |
InvalidInstanceType |
The instance type is not supported for this request. For example, you can only bundle instance store-backed Windows instances. |
InvalidInterface.IpAddressLimitExceeded |
The number of private IP addresses for a specified network interface exceeds the limit for the type of instance you are trying to launch. For more information, see IP addresses per network interface per instance type. |
InvalidInternetGatewayId.Malformed
|
The specified internet gateway ID is malformed. Ensure that you provide the full ID in the request, in the form igw-xxxxxxxxxxxxxxxxx. |
InvalidInternetGatewayID.NotFound
|
The specified internet gateway does not exist. Ensure that you specify the AWS Region in which the internet gateway is located, if it's not in the default Region. |
InvalidIPAddress.InUse
|
The specified IP address is already in use. If you are trying to release an address, you must first disassociate it from the instance. |
InvalidKernelId.Malformed |
The specified kernel ID is not valid. Ensure that you specify the kernel ID in the form aki-xxxxxxxx. |
InvalidKey.Format |
The key pair is not specified in a valid OpenSSH public key format. |
InvalidKeyPair.Duplicate
|
The key pair name already exists in that AWS Region. If you are creating or importing a key pair, ensure that you use a unique name. |
InvalidKeyPair.Format
|
The format of the public key you are attempting to import is not valid. |
InvalidKeyPair.NotFound
|
The specified key pair name does not exist. Ensure that you specify the AWS Region in which the key pair is located, if it's not in the default Region. |
InvalidCapacityReservationIdMalformedException |
The ID for the Capacity Reservation is malformed. Ensure that you specify the Capacity Reservation ID in the form cr-xxxxxxxxxxxxxxxxx. |
InvalidCapacityReservationIdNotFoundException |
The specified Capacity Reservation ID does not exist. |
InvalidLaunchTargets |
One or more specified targets are invalid. Verify the capacity for the Capacity Reservation selected or verify the ID. |
InvalidLaunchTemplateId.Malformed |
The ID for the launch template is malformed. Ensure that you specify the launch template ID in the form lt-xxxxxxxxxxxxxxxxx. |
InvalidLaunchTemplateId.NotFound |
The specified launch template ID does not exist. Ensure that you specify the AWS Region in which the launch template is located. |
InvalidLaunchTemplateId.VersionNotFound |
The specified launch template version does not exist. |
InvalidLaunchTemplateName.AlreadyExistsException |
The specified launch template name is already in use. |
InvalidLaunchTemplateName.MalformedException |
The specified launch template name is invalid. A launch template name must be between 3 and 128 characters, and may contain letters, numbers, and the following characters: '-', '_', '.', '/', '(', and ')'. |
InvalidLaunchTemplateName.NotFoundException |
The specified launch template name does not exist. Check the spelling of the name and ensure that you specify the AWS Region in which the launch template is located. Launch template names are case-sensitive. |
InvalidManifest
|
The specified AMI has an unparsable manifest, or you may not have access to the location of the manifest file in Amazon S3. |
InvalidMaxResults |
The specified value for MaxResults is not valid. |
InvalidNatGatewayID.NotFound |
The specified NAT gateway ID does not exist. Ensure that you specify the AWS Region in which the NAT gateway is located, if it's not in the default Region. |
InvalidNetworkAclEntry.NotFound
|
The specified network ACL entry does not exist. |
InvalidNetworkAclId.Malformed |
The specified network ACL ID is malformed. Ensure that you provide the ID in the form acl-xxxxxxxxxxxxxxxxx. |
InvalidNetworkAclID.NotFound
|
The specified network ACL does not exist. Ensure that you specify the AWS Region in which the network ACL is located, if it's not in the default Region. |
InvalidNetworkLoadBalancerArn.Malformed |
The specified Network Load Balancer ARN is malformed. Ensure that you
specify the ARN in the form
arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id . |
InvalidNetworkLoadBalancerArn.NotFound |
The specified Network Load Balancer ARN does not exist. |
InvalidNetworkInterfaceAttachmentId.Malformed |
The ID for the network interface attachment is malformed. Ensure that you use the attachment ID rather than the network interface ID, in the form eni-attach-xxxxxxxxxxxxxxxxx. |
InvalidNetworkInterface.InUse |
The specified interface is currently in use and cannot be deleted or attached to
another instance. Ensure that you have detached the network interface
first. If a network interface is in use, you may also receive the
InvalidParameterValue error. |
InvalidNetworkInterfaceId.Malformed |
The specified network interface ID is malformed. Ensure that you specify the network interface ID in the form eni-xxxxxxxxxxxxxxxxx. |
InvalidNetworkInterfaceID.NotFound |
The specified network interface does not exist. Ensure that you specify the AWS Region in which the network interface is located, if it's not in the default Region. |
InvalidNextToken |
The specified NextToken is not valid. |
InvalidOption.Conflict |
A VPN connection between the virtual private gateway and the customer gateway already exists. |
InvalidPermission.Duplicate
|
The specified inbound or outbound rule already exists for that security group. |
InvalidPermission.Malformed
|
The specified security group rule is malformed. If you are specifying an IP address range, ensure that you use CIDR notation; for example, 203.0.113.0/24. |
InvalidPermission.NotFound |
The specified rule does not exist in this security group. |
InvalidPlacementGroup.Duplicate |
The specified placement group already exists in that AWS Region. |
InvalidPlacementGroup.InUse |
The specified placement group is in use. If you are trying to delete a placement group, ensure that its instances have been terminated. |
InvalidPlacementGroup.Unknown |
The specified placement group cannot be found. Ensure that you specify the AWS Region in which the placement group is located, if it's not in the default Region. |
InvalidPlacementGroupId.Malformed |
The specified placement group ID is malformed. Ensure that you specify the ID in the form pg-xxxxxxxxxxxxxxxxx. |
InvalidPolicyDocument |
The specified policy document is not a valid JSON policy document. |
InvalidPrefixListId.Malformed |
The specified prefix list ID is malformed. Ensure that you provide the ID in the form pl-xxxxxxxxxxxxxxxxx. |
InvalidPrefixListID.NotFound |
The specified prefix list ID does not exist. |
InvalidProductInfo |
(AWS Marketplace) The product code is not valid. |
InvalidPurchaseToken.Expired |
The specified purchase token has expired. |
InvalidPurchaseToken.Malformed |
The specified purchase token is not valid. |
InvalidQuantity |
The specified quantity of Dedicated Hosts is not valid. |
InvalidRamDiskId.Malformed |
The specified RAM disk ID is not valid. Ensure that you specify the RAM disk ID in the form ari-xxxxxxxx. |
InvalidRegion |
The specified AWS Region is not valid. For copying a snapshot or image, specify the source Region using its Region code, for example, us-west-2. |
InvalidRequest |
The request is not valid. The returned message provides details about the nature of the error. |
InvalidReservationID.Malformed
|
The specified reservation ID is not valid. |
InvalidReservationID.NotFound
|
The specified reservation does not exist. |
InvalidReservedInstancesId
|
The specified Reserved Instance does not exist. |
InvalidReservedInstancesOfferingId
|
The specified Reserved Instances offering does not exist. |
InvalidResourceType.Unknown |
The specified resource type is not supported or is not valid. To view resource types that support longer IDs, use DescribeIdFormat. |
InvalidRoute.InvalidState |
The specified route is not valid. |
InvalidRoute.Malformed
|
The specified route is not valid. If you are deleting a route in a VPN connection, ensure that you've entered the value for the CIDR block correctly. |
InvalidRoute.NotFound
|
The specified route does not exist in the specified route table. Ensure that you indicate the exact CIDR range for the route in the request. This error can also occur if you've specified a route table ID in the request that does not exist. |
InvalidRouteTableId.Malformed |
The specified route table ID is malformed. Ensure that you specify the route table ID in the form rtb-xxxxxxxxxxxxxxxxx. |
InvalidRouteTableID.NotFound
|
The specified route table does not exist. Ensure that you specify the AWS Region in which the route table is located, if it's not in the default Region. |
InvalidScheduledInstance |
The specified Scheduled Instance does not exist. |
InvalidSecurityGroupId.Malformed |
The specified security group ID is not valid. Ensure that you specify the security group ID in the form sg-xxxxxxxxxxxxxxxxx. |
InvalidSecurityGroupID.NotFound |
The specified security group does not exist. |
InvalidSecurityGroupRuleId.Malformed |
The specified security group rule ID is not valid. Ensure that you specify the security group rule ID in the form sgr-xxxxxxxxxxxxxxxxx. |
InvalidSecurityGroupRuleId.NotFound |
The specified security group rule does not exist. |
InvalidSecurity.RequestHasExpired
|
The difference between the request timestamp and the AWS server time is greater than 5 minutes. Ensure that your system clock is accurate and configured to use the correct time zone. |
InvalidServiceName
|
The name of the service is not valid. To get a list of available service names, use DescribeVpcEndpointServices. |
InvalidSnapshot.NotFound |
The specified snapshot does not exist. Ensure that you specify the AWS Region in which the snapshot is located, if it's not in the default Region. |
InvalidSnapshotID.Malformed |
The snapshot ID is not valid. |
InvalidSnapshot.InUse
|
The snapshot that you are trying to delete is in use by one or more AMIs. |
InvalidSnapshot.NotFound
|
The specified snapshot does not exist. Ensure that you specify the AWS Region in which the snapshot is located, if it's not in the default Region. |
InvalidSpotDatafeed.NotFound |
You have no data feed for Spot Instances. |
InvalidSpotFleetRequestConfig |
The Spot Fleet request configuration is not valid. Ensure that you provide valid values for all of the configuration parameters; for example, a valid AMI ID. Limits apply on the target capacity and the number of launch specifications per Spot Fleet request. For more information, see Fleet quotas. |
InvalidSpotFleetRequestId.Malformed |
The specified Spot Fleet request ID is malformed. Ensure that you specify the Spot
Fleet request ID in the form sfr- followed by 36
characters, including hyphens; for example,
sfr-123f8fc2-11aa-22bb-33cc-example12710 . |
InvalidSpotFleetRequestId.NotFound |
The specified Spot Fleet request ID does not exist. Ensure that you specify the AWS Region in which the Spot Fleet request is located, if it's not in the default Region. |
InvalidSpotInstanceRequestID.Malformed |
The specified Spot Instance request ID is not valid. Ensure that you specify the Spot Instance request ID in the form sir-xxxxxxxx. |
InvalidSpotInstanceRequestID.NotFound |
The specified Spot Instance request ID does not exist. Ensure that you specify the AWS Region in which the Spot Instance request is located, if it's not in the default Region. |
InvalidState |
The specified resource is not in the correct state for the request; for example, if you are trying to enable monitoring on a recently terminated instance, or if you are trying to create a snapshot when a previous identical request has not yet completed. |
InvalidStateTransition |
The specified VPC peering connection is not in the correct state for the request. For example, you may be trying to accept a VPC peering request that has failed, or that was rejected. |
InvalidSubnet |
The specified subnet ID is not valid or does not exist. |
InvalidSubnet.Conflict |
The specified CIDR block conflicts with that of another subnet in your VPC. |
InvalidSubnetID.Malformed |
The specified subnet ID is malformed. Ensure that you specify the ID in the form subnet-xxxxxxxxxxxxxxxxx |
InvalidSubnetID.NotFound or
InvalidSubnetId.NotFound
|
The specified subnet does not exist. |
InvalidSubnet.Range |
The CIDR block you've specified for the subnet is not valid. The
allowed block size is between a /28 netmask and
/16 netmask. |
InvalidTagKey.Malformed
|
The specified tag key is not valid. Tag keys cannot be empty or null,
and cannot start with aws: . |
InvalidTargetArn.Unknown |
The specified ARN for the specified user or role is not valid or does not exist. |
InvalidTargetException |
The specified TargetId is not valid, does not exist, or is in another
organization. You can only generate an account status report for
declarative policies in your own organization. Ensure that you specify
the TargetId in one of the following forms: r-xxxx, ou-xxxx-xxxxxxxx, or a 12-digit account ID in the form
xxxxxxxxxxxx. |
InvalidTenancy |
The tenancy of the instance or VPC is not supported for the requested action. For
example, you cannot modify the tenancy of an instance or VPC that has a
tenancy attribute of default . |
InvalidTime |
The specified timestamp is not valid. |
InvalidTrafficMirrorFilterNotFound |
The specified Traffic Mirror filter does not exist. |
InvalidTrafficMirrorFilterRuleNotFound |
The specified Traffic Mirror filter rule does not exist. |
InvalidTrafficMirrorSessionNotFound
|
The specified Traffic Mirror session does not exist. |
InvalidTrafficMirrorTargetNoFound |
The specified Traffic Mirror target does not exist. |
InvalidUserID.Malformed
|
The specified user or owner is not valid. If you are performing a
DescribeImages request, you must specify a valid value for
the owner or executableBy parameters, such as
an AWS account ID. If you are performing a DescribeSnapshots request, you must specify a valid value
for the owner or restorableBy
parameters. |
InvalidVolumeID.Duplicate
|
The Amazon EBS volume already exists. |
InvalidVolumeID.Malformed |
The specified volume ID is not valid. Check the letter-number combination carefully. |
InvalidVolumeID.ZoneMismatch
|
The specified volume and instance are in different Availability Zones. |
InvalidVolume.NotFound
|
The specified volume does not exist. |
InvalidVolume.ZoneMismatch |
The specified volume is not in the same Availability Zone as the specified instance. You can only attach an Amazon EBS volume to an instance if they are in the same Availability Zone. |
InvalidVpcEndpoint.NotFound |
The specified VPC endpoint does not exist. If you are performing a bulk request that is partially successful or unsuccessful, the response includes a list of the unsuccessful items. If the request succeeds, the list is empty. |
InvalidVpcEndpointId.Malformed |
The specified VPC endpoint ID is malformed. Use the full VPC endpoint ID in the request, in the form vpce-xxxxxxxxxxxxxxxxx. |
InvalidVpcEndpointId.NotFound |
The specified VPC endpoint does not exist. If you are performing a bulk request that is partially successful or unsuccessful, the response includes a list of the unsuccessful items. If the request succeeds, the list is empty. |
InvalidVpcEndpointService.NotFound |
The specified VPC endpoint service does not exist. If you are performing a bulk request that is partially successful or unsuccessful, the response includes a list of the unsuccessful items. If the request succeeds, the list is empty. |
InvalidVpcEndpointServiceIdId.Malformed |
The specified VPC endpoint service ID is malformed. Ensure that you specify the ID in the form vpc-svc-xxxxxxxxxxxxxxxxx. |
InvalidVpcEndpointServiceId.NotFound |
The specified VPC endpoint service does not exist. If you are performing a bulk request that is partially successful or unsuccessful, the response includes a list of the unsuccessful items. If the request succeeds, the list is empty. |
InvalidVpcEndpointType |
The specified VPC endpoint type is not valid. |
InvalidVpcID.Malformed |
The specified VPC ID is malformed. Ensure that you've specified the ID in the form vpc-xxxxxxxxxxxxxxxxx. |
InvalidVpcID.NotFound
|
The specified VPC does not exist. |
InvalidVpcPeeringConnectionId.Malformed |
The specified VPC peering connection ID is malformed. Ensure that you provide the ID in the form pcx-xxxxxxxxxxxxxxxxx. |
InvalidVpcPeeringConnectionID.NotFound |
The specified VPC peering connection ID does not exist. |
InvalidVpcPeeringConnectionState.DnsHostnamesDisabled |
To enable DNS hostname resolution for the VPC peering connection, DNS hostname support must be enabled for the VPCs. |
InvalidVpcRange |
The specified CIDR block range is not valid. The block range must be between a /28 netmask and /16 netmask. For more information, see VPC CIDR blocks. |
InvalidVpcState |
The specified VPC already has a virtual private gateway attached to it. |
InvalidVpnConnectionID |
The specified VPN connection ID cannot be found. |
InvalidVpnConnectionID.NotFound
|
The specified VPN connection ID does not exist. |
InvalidVpnConnection.InvalidState |
The VPN connection must be in the available state to complete the request. |
InvalidVpnConnection.InvalidType |
The specified VPN connection does not support static routes. |
InvalidVpnGatewayAttachment.NotFound |
An attachment between the specified virtual private gateway and specified VPC does not exist. This error can also occur if you've specified an incorrect VPC ID in the request. |
InvalidVpnGatewayID.NotFound
|
The specified virtual private gateway does not exist. |
InvalidVpnGatewayState |
The virtual private gateway is not in an available
state. |
InvalidZone.NotFound
|
The specified Availability Zone does not exist, or is not available for you to use. Use the DescribeAvailabilityZones request to list the Availability Zones that are currently available to you. Specify the full name of the Availability Zone: for example, us-east-1a. |
KeyPairLimitExceeded |
You've reached the limit on the number of key pairs that you can have in this AWS Region. For more information, see Amazon EC2 key pairs. |
LegacySecurityGroup
|
Any VPC created using an API version older than 2011-01-01 may have the 2009-07-15-default security group. You must delete this security group before you can attach an internet gateway to the VPC. |
LimitPriceExceeded |
The cost of the total order is greater than the specified limit price (instance count * price). |
LogDestinationNotFoundException |
The specified Amazon S3 bucket does not exist. Ensure that you have specified the ARN for an existing Amazon S3 bucket, and that the ARN is in the correct format. |
LogDestinationPermissionIssue |
You do not have sufficient permissions to publish flow logs to the specific Amazon S3 bucket. |
MaxConfigLimitExceededException |
You’ve exceeded your maximum allowed Spot placement configurations. You can retry configurations that you used within the last 24 hours, or wait for 24 hours before specifying a new configuration. For more information, see Spot placement score. |
MaxIOPSLimitExceeded |
You've reached the limit on your IOPS usage for the AWS Region. For more information, see Quotas for Amazon EBS. |
MaxScheduledInstanceCapacityExceeded |
You've attempted to launch more instances than you purchased. |
MaxSpotFleetRequestCountExceeded |
You've reached one or both of these limits: the total number of Spot Fleet requests that you can make, or the total number of instances in all Spot Fleets for the AWS Region (the target capacity). For more information, see Fleet quotas. |
MaxSpotInstanceCountExceeded |
You've reached the limit on the number of Spot Instances that you can launch. The limit depends on the instance type. For more information, see Spot Instance limits. |
MaxTemplateLimitExceeded |
You've reached the limit on the number of launch templates you can create. For more information, see Launch template restrictions. |
MaxTemplateVersionLimitExceeded |
You've reached the limit on the number of launch template versions that you can create. For more information, see Launch template restrictions. |
MissingInput |
An input parameter is missing. |
NatGatewayLimitExceeded |
You've reached the limit on the number of NAT gateways that you can create. For more information, see Amazon VPC quotas. |
NatGatewayMalformed |
The specified NAT gateway ID is not formed correctly. Ensure that you specify the NAT gateway ID in the form nat-xxxxxxxxxxxxxxxxx. |
NatGatewayNotFound |
The specified NAT gateway does not exist. |
NetworkAclEntryAlreadyExists
|
The specified rule number already exists in this network ACL. |
NetworkAclEntryLimitExceeded
|
You've reached the limit on the number of rules that you can add to the network ACL. For more information, see Amazon VPC quotas. |
NetworkAclLimitExceeded
|
You've reached the limit on the number of network ACLs that you can create for the specified VPC. For more information, see Amazon VPC quotas. |
NetworkInterfaceLimitExceeded |
You've reached the limit on the number of network interfaces that you can create. For more information, see Amazon VPC quotas. |
NetworkInterfaceNotFoundException |
The specified network interface does not exist. |
NetworkInterfaceNotSupportedException |
The network interface is not supported for Traffic Mirroring. |
NetworkLoadBalancerNotFoundException |
The specified Network Load Balancer does not exist. |
NlbInUseByTrafficMirrorTargetException |
The Network Load Balancer is already configured as a Traffic Mirror target. |
NonEBSInstance
|
The specified instance does not support Amazon EBS. Restart the instance and try again, to ensure that the code is run on an instance with updated code. |
NoSuchVersion |
The specified API version does not exist. |
NotExportable |
The specified instance cannot be exported. You can only export certain instances. For more information, see Considerations for instance export. |
OperationNotPermitted |
The specified operation is not allowed. This error can occur for a number of reasons; for example, you might be trying to terminate an instance that has termination protection enabled, or trying to detach the primary network interface (eth0) from an instance. |
OutstandingVpcPeeringConnectionLimitExceeded |
You've reached the limit on the number of VPC peering connection requests that you can create for the specified VPC. |
PendingSnapshotLimitExceeded
|
You've reached the limit on the number of Amazon EBS snapshots that you can have in the pending state. |
PendingVpcPeeringConnectionLimitExceeded |
You've reached the limit on the number of pending VPC peering connections that you can have. |
PlacementGroupLimitExceeded |
You've reached the limit on the number of placement groups that you can have. |
PrivateIpAddressLimitExceeded |
You've reached the limit on the number of private IP addresses that you can assign to the specified network interface for that type of instance. For more information, see IP addresses per network interface. |
RequestResourceCountExceeded |
Details in your Spot request exceed the numbers allowed by the Spot service in one of the following ways, depending on the action that generated the error: —If you get this error when you submitted a request for Spot Instances, check the number of Spot Instances specified in your request. The number shouldn't exceed the 3,000 maximum allowed per request. Resend your Spot Instance request and specify a number less than 3,000. If your account's regional Spot request limit is greater than 3,000 instances, you can access these instances by submitting multiple smaller requests. —If you get this error when you sent Describe Spot Instance requests, check the number of requests for Spot Instance data, the amount of data you requested, and how often you sent the request. The frequency with which you requested the data combined with the amount of data exceeds the levels allowed by the Spot service. Try again and submit fewer large Describe requests over longer intervals. |
ReservationCapacityExceeded |
The targeted Capacity Reservation does not enough available instance capacity to fulfill your request. Either increase the instance capacity for the targeted Capacity Reservation, or target a different Capacity Reservation. |
ReservedInstancesCountExceeded |
You've reached the limit for the number of Reserved Instances. |
ReservedInstancesLimitExceeded |
Your current quota does not allow you to purchase the required number of Reserved Instances. |
ReservedInstancesUnavailable |
The requested Reserved Instances are not available. |
Resource.AlreadyAssigned |
The specified private IP address is already assigned to a resource. Unassign the private IP first, or use a different private IP address. |
Resource.AlreadyAssociated
|
The specified resource is already in use. For example, in EC2-VPC, you cannot associate an Elastic IP address with an instance if it's already associated with another instance. You also cannot attach an internet gateway to more than one VPC at a time. |
ResourceCountExceeded
|
You have exceeded the number of resources allowed for this request; for example, if you try to launch more instances than AWS allows in a single request. This limit is separate from your individual resource limit. If you get this error, break up your request into smaller requests; for example, if you are launching 15 instances, try launching 5 instances in 3 separate requests. |
ResourceCountLimitExceeded |
You have exceeded a resource limit for creating routes. |
ResourceLimitExceeded
|
You have exceeded an Amazon EC2 resource limit. For example, you might have too many snapshot copies in progress. |
RetryableError
|
A request submitted by an AWS service on your behalf could not be completed. The requesting service might automatically retry the request. |
RouteAlreadyExists
|
A route for the specified CIDR block already exists in this route table. |
RouteLimitExceeded
|
You've reached the limit on the number of routes that you can add to a route table. |
RouteTableLimitExceeded
|
You've reached the limit on the number of route tables that you can create for the specified VPC. For more information about route table limits, see Amazon VPC quotas. |
RulesPerSecurityGroupLimitExceeded
|
You've reached the limit on the number of rules that you can add to a security group. For more information, see Amazon VPC quotas. |
ScheduledInstanceLimitExceeded |
You've reached the limit on the number of Scheduled Instances that you can purchase. |
ScheduledInstanceParameterMismatch |
The launch specification does not match the details for the Scheduled Instance. |
ScheduledInstanceSlotNotOpen |
You can launch a Scheduled Instance only during its scheduled time periods. |
ScheduledInstanceSlotUnavailable |
The requested Scheduled Instance is no longer available during this scheduled time period. |
SecurityGroupLimitExceeded
|
You've reached the limit on the number of security groups that you can create, or that you can assign to an instance. |
SecurityGroupsPerInstanceLimitExceeded
|
You've reached the limit on the number of security groups that you can assign to an instance. For more information, see Amazon EC2 security groups. |
SecurityGroupsPerInterfaceLimitExceeded |
You've reached the limit on the number of security groups you can associate with the specified network interface. For more information, see Amazon VPC quotas. |
SignatureDoesNotMatch |
The request signature that Amazon has does not match the signature that you provided. Check your AWS credentials and signing method. |
SnapshotCopyUnsupported.InterRegion |
Inter-region snapshot copy is not supported for this AWS Region. |
SnapshotCreationPerVolumeRateExceeded |
The rate limit for creating concurrent snapshots of an EBS volume has been exceeded. Wait at least 15 seconds between concurrent volume snapshots. |
SnapshotLimitExceeded
|
You've reached the limit on the number of Amazon EBS snapshots that you can create. |
SpotMaxPriceTooLow
|
The request can't be fulfilled yet because your maximum price is
below the Spot price. In this case, no instance is launched and your
request remains open . |
SubnetLimitExceeded
|
You've reached the limit on the number of subnets that you can create for the specified VPC. For more information, see Amazon VPC quotas. |
TagLimitExceeded |
You've reached the limit on the number of tags that you can assign to the specified resource. For more information, see Tag restrictions. |
TargetCapacityLimitExceededException |
The value for targetCapacity exceeds your limit on the amount of Spot
placement target capacity you can explore. Reduce the
targetCapacity value, and try again. For more
information, see Spot placement
score. |
TrafficMirrorFilterInUse |
The Traffic Mirror filter cannot be deleted because a Traffic Mirror session is currently using it. |
TrafficMirrorSessionsPerInterfaceLimitExceeded |
The allowed number of Traffic Mirror sessions for the specified network interface has been exceeded. |
TrafficMirrorSessionsPerTargetLimitExceeded |
The maximum number of Traffic Mirror sessions for the specified Traffic Mirror target has been exceeded. |
TrafficMirrorSourcesPerTargetLimitExceeded |
The maximum number of Traffic Mirror sources for the specified Traffic Mirror target has been exceeded. |
TrafficMirrorTargetInUseException |
The Traffic Mirror target cannot be deleted because a Traffic Mirror session is currently using it. |
TrafficMirrorFilterLimitExceeded |
The maximum number of Traffic Mirror filters has been exceeded. |
TrafficMirrorFilterRuleLimitExceeded |
The maximum number of Traffic Mirror filter rules has been exceeded. |
TrafficMirrorSessionLimitExceeded |
The maximum number of Traffic Mirror sessions has been exceeded. |
TrafficMirrorTargetLimitExceeded | The maximum number of Traffic Mirror targets has been exceeded. |
TrafficMirrorFilterRuleAlreadyExists |
The Traffic Mirror filter rule already exists. |
UnavailableHostRequirements |
There are no valid Dedicated Hosts available on which you can launch an instance. |
UnfulfillableCapacity |
At this time there isn't enough spare capacity to fulfill your request for Spot Instances. You can wait a few minutes to see whether capacity becomes available for your request. Alternatively, create a more flexible request. For example, include additional instance types, include additional Availability Zones, or use the capacity-optimized allocation strategy. |
UnknownPrincipalType.Unsupported |
The principal type is not supported. |
UnknownVolumeType |
The specified volume type is unsupported. The supported volume types are gp2 ,
io1 , st1 , sc1 , and standard . |
Unsupported |
The specified request is unsupported. For example, you might be trying to launch an instance in an Availability Zone that currently has constraints on that instance type. The returned message provides details of the unsupported request. |
UnsupportedException |
Capacity Reservations are not supported for this Region. |
UnsupportedHibernationConfiguration |
The instance could not be launched because one or more parameter values do not meet the prerequisites for enabling hibernation. For more information, see Hibernation Prerequisites. Alternatively, the instance could not be hibernated because it is not enabled for hibernation. |
UnsupportedHostConfiguration |
The specified Dedicated Host configuration is unsupported. For more information about supported configurations, see Dedicated Hosts. |
UnsupportedInstanceTypeOnHost |
The instance type is not supported on the Dedicated Host. For more
information about supported instance types, see Amazon EC2 Dedicated Hosts Pricing |
UnsupportedTenancy |
The specified tenancy is unsupported. You can change the tenancy of a
VPC to default only. |
UpdateLimitExceeded |
The default credit specification for an instance family can be modified only once in a rolling 5-minute period, and up to four times in a rolling 24-hour period. For more information, see Set the default credit specification for the account. |
VcpuLimitExceeded
|
You've reached the limit on the number of vCPUs (virtual processing
units) assigned to the running instances in your account. You are
limited to running one or more On-Demand instances in an AWS account,
and Amazon EC2 measures usage towards each limit based on the total number of
vCPUs that are assigned to the running On-Demand instances in your AWS
account. If your request fails due to limit constraints, increase your
On-Demand instance limits and try again. For more information, see
EC2 On-Demand instance
limits |
VolumeInUse
|
The specified Amazon EBS volume is attached to an instance. Ensure that the specified volume is in an ‘available’ state. |
VolumeIOPSLimit |
The maximum IOPS limit for the volume has been reached. For more information, see Amazon EBS volume types. |
VolumeLimitExceeded |
You've reached the limit on your Amazon EBS volume storage. For more information, see Quotas for Amazon EBS. |
VolumeModificationSizeLimitExceeded
|
You've reached the limit on your Amazon EBS volume modification storage in this Region. For more information, see Quotas for Amazon EBS. |
VolumeTypeNotAvailableInZone |
The specified Availability Zone does not support Provisioned IOPS SSD volumes. Try launching your instance in a different Availability Zone, or don't specify a zone in the request. If you're creating a volume, try specifying a different Availability Zone in the request. |
VPCIdNotSpecified |
You have no default VPC in which to carry out the request. Specify a VPC or subnet ID or, in the case of security groups, specify the ID and not the security group name. If you deleted your default VPC, you can create a new one. For more information, see Create a default VPC. |
VpcEndpointLimitExceeded
|
You've reached the limit on the number of VPC endpoints that you can create in the AWS Region. For more information, see Amazon VPC quotas. |
VpcLimitExceeded
|
You've reached the limit on the number of VPCs that you can create in the AWS Region. For more information about VPC limits, see Amazon VPC quotas. |
VpcPeeringConnectionAlreadyExists |
A VPC peering connection between the VPCs already exists. |
VpcPeeringConnectionsPerVpcLimitExceeded |
You've reached the limit on the number of VPC peering connections that you can have per VPC. For more information, see Amazon VPC quotas. |
VPCResourceNotSpecified |
The specified resource can be used only in a VPC; for example, T2 instances. Ensure that you have a VPC in your account, and then specify a subnet ID or network interface ID in the request. |
VpnConnectionLimitExceeded
|
You've reached the limit on the number of VPN connections that you can create. For more information, see Amazon VPC quotas. |
VpnGatewayAttachmentLimitExceeded
|
You've reached the limit on the number of VPCs that can be attached to the specified virtual private gateway. |
VpnGatewayLimitExceeded
|
You've reached the limit on the number of virtual private gateways that you can create. For more information about limits, see Amazon VPC quotas. |
ZonesMismatched |
The Availability Zone for the instance does not match that of the Dedicated Host. |
Common causes of client errors
There are a number of reasons that you might encounter an error while performing a request. Some errors can be prevented or easily solved by following these guidelines:
-
Specify the Region: Some resources can't be shared between AWS Regions. If you are specifying a resource that's located in a Region other than the current Region, specify its Region in the request. If the resource cannot be found, you get the following error:
Client.Invalid
Resource.NotFound
; for example,Client.InvalidInstanceID.NotFound
. -
Allow for eventual consistency: Some errors are caused because a previous request has not yet propagated thorough the system. For more information, see Ensuring idempotency.
-
Use a sleep interval between request rates: Amazon EC2 API requests are throttled to help maintain the performance of the service. If your requests have been throttled, you get the following error:
Client.RequestLimitExceeded
. For more information, see Ensuring idempotency. -
Use the full ID of the resource: When specifying a resource, ensure that you use its full ID, and not its user-supplied name or description. For example, when specifying a security group in a request, use its ID in the form sg-xxxxxxxxxxxxxxxxx.
-
Check your services: Ensure that you have signed up for all the services you are attempting to use. You can check which services you're signed up for by going to the My Account section of the AWS home page
. -
Check your permissions: Ensure that you have the required permissions to carry out the request. If you are not authorized, you get the following error:
Client.UnauthorizedOperation
. For more information, see Identity and access management for Amazon EC2. -
Check your VPC: Some resources cannot be shared between VPCs; for example, security groups.
-
Check your credentials: Ensure that you entered the credentials correctly; and, if you have more than one account, that you are using the correct credentials for the specific account. If the provided credentials are incorrect, you might get the following error:
Client.AuthFailure
.
Server error codes
This section lists server error codes that can be returned.
Error code | Description |
---|---|
BandwidthLimitExceeded
|
You've reached the limit on the network bandwidth that is available to an Amazon EC2 instance. For more information, see Amazon EC2 instance network bandwidth. |
InsufficientAddressCapacity
|
Not enough available addresses to satisfy your minimum request. Reduce the number of addresses you are requesting or wait for additional capacity to become available. |
InsufficientCapacity |
There is not enough capacity to fulfill your import instance request. You can wait for additional capacity to become available. |
InsufficientInstanceCapacity
|
There is not enough capacity to fulfill your request. This error can occur if you launch a new instance, restart a stopped instance, create a new Capacity Reservation, or modify an existing Capacity Reservation. Reduce the number of instances in your request, or wait for additional capacity to become available. You can also try launching an instance by selecting different instance types (which you can resize at a later stage). The returned message might also give specific guidance about how to solve the problem. |
InsufficientHostCapacity |
There is not enough capacity to fulfill your Dedicated Host request. Reduce the number of Dedicated Hosts in your request, or wait for additional capacity to become available. |
InsufficientReservedInstanceCapacity
|
Not enough available Reserved Instances to satisfy your minimum request. Reduce the number of Reserved Instances in your request or wait for additional capacity to become available. |
InsufficientVolumeCapacity |
There is not enough capacity to fulfill your EBS volume provision request. You can try to provision a different volume type, EBS volume in a different availability zone, or you can wait for additional capacity to become available. |
ServerInternal |
An internal error has occurred. Retry your request, but if the
problem persists, contact us with details by posting a message on
AWS re:Post |
InternalFailure |
The request processing has failed because of an unknown error, exception, or failure. |
RequestLimitExceeded |
The maximum request rate permitted by the Amazon EC2 APIs has been exceeded for your account. For best results, use an increasing or variable sleep interval between requests. For more information, see Query API request rate. |
ServiceUnavailable |
The request has failed due to a temporary failure of the server. |
InternalError |
An internal error has occurred. Retry your request, but if the
problem persists, contact us with details by posting a message on
AWS re:Post |
Unavailable |
The server is overloaded and can't handle the request. |
Example error response
The following shows the structure of a request error response.
<Response> <Errors> <Error> <Code>Error code text</Code> <Message>Error message</Message> </Error> </Errors> <RequestID>request ID</RequestID> </Response>
The following shows an example of an error response.
<Response> <Errors> <Error> <Code>InvalidInstanceID.NotFound</Code> <Message>The instance ID 'i-1a2b3c4d' does not exist</Message> </Error> </Errors> <RequestID>ea966190-f9aa-478e-9ede-example</RequestID> </Response>
Eventual consistency
The Amazon EC2 API follows an eventual consistency model, due to the distributed nature of the system supporting the API. This means that when you run an API command, the result may not be immediately visible to subsequent API commands, which can result in an error.
For more information about eventual consistency and how to manage it, see Eventual consistency.