AWS Elastic Compute Cloud (EC2)

Integration version: 5.0

Use Cases

  1. Secure the Amazon Elastic Compute Cloud (Amazon EC2) instances

    1. Create security groups to restrict inbound and outbound internet access to Amazon EC2.
    2. Allocate a new Elastic IP address
    3. Associate a new Elastic IP address
  2. Resource management - use instance custom tags to track and identify AWS resources.

Configure AWS EC2 integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
AWS Access Key ID String N/A Yes AWS Access Key ID to use in integration.
AWS Secret Key Password N/A Yes AWS Secret Key to use in integration.
AWS Default Region String N/A Yes AWS default region to use in integration, for example us-west-2.

Actions

Authorize Security Group Egress

Description

Adds the specified egress rule to a security group for use with a VPC. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges. Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For more information about VPC security group limits, see Amazon VPC Limits .

Action Behaviour

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Security Group IDs String N/A Yes

One or more security group IDs. Separated by comma.

Note for dev: every ID in a separate request

IP Protocol DDL all No

The IP protocol name. Use 'all' to specify all protocols. Specifying 'all' allows traffic on all ports, regardless of any port range you specify.

Possible values: tcp , udp , icmp, all

Note for dev: 'all' equals -1 from code

From Port Integer No The start of port range for the TCP and UDP protocols, or an ICMP type number.
To Port Integer No The end of port range for the TCP and UDP protocols allows traffic on all ports, regardless of any port range you specify.
IP Ranges - CidrIP String N/A No The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix length.
IPv6 Ranges - CidrIP String N/A No The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

if successfully added the specified egress rules to at least one (or all) security groups: (is_success = true): "Successfully added the specified egress rule to the following security groups: {group_ids}"

if failed to add the specified egress rules because of permissions rule error (invalid port,etc): (is_success = false): "Failed to add the specified egress rule to the following security groups: {group_ids}. Reason: Invalid IP Permissions set. For more details please check the logs."

if failed to add the specified egress rules because of invalid security group id: (is_success = false): "Failed to add the specified egress rule to the following security groups: {group_ids}. Reason: Invalid Security Group ID was provided. For more details please check the logs.``

If failed to add the specified egress rules to all groups: is_success=false

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Authorize Security Group Egress". Reason: {0}''.format(error.Stacktrace)

General

Authorize Security Group Ingress

Description

Adds the specified ingress rule to a security group. An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address ranges. Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For more information about VPC security group limits, see Amazon VPC Limits .

Action Behaviour

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Security Group IDs String N/A Yes

One or more security group IDs. Separated by comma.

Note for dev: every ID in a separate request

IP Protocol DDL all No

The IP protocol name. Use 'all' to specify all protocols. Specifying 'all' allows traffic on all ports, regardless of any port range you specify.

Possible values: tcp , udp , icmp, all

Note for dev: 'all' equals -1 from code

From Port Integer No The start of port range for the TCP and UDP protocols, or an ICMP type number.
To Port Integer No The end of port range for the TCP and UDP protocols allows traffic on all ports, regardless of any port range you specify.
IP Ranges - CidrIP String N/A No The IPv4 address in CIDR format. To specify a single IPv4 address, use the /32 prefix length.
IPv6 Ranges - CidrIP String N/A No The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

if successfully added the specified ingress rules to at least one security groups: (if all were successfully updated - is_success = true): "Successfully added the specified ingress rule to the following security groups: {group_ids}"

if failed to add the specified ingress rules because of permissions rule error (invalid port,etc): (is_success =false): "Failed to add the specified ingress rule to the following security groups: {group_ids}. Reason: Invalid IP Permissions set. For more details please check the logs."

if failed to add the specified ingress rules because of invalid security group id: (is_success =false): "Failed to add the specified ingress rule to the following security groups: {group_ids}. Reason: Invalid Security Group ID was provided. For more details please check the logs.``

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Authorize Security Group Ingress". Reason: {0}''.format(error.Stacktrace)

General

Create Tags

Description

A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs. Adds or overwrites only the specified tags for the specified Amazon EC2 resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Tag keys must be unique per resource.

For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User Guide .

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Resource IDs String N/A Yes One or more resource IDs. Separated by comma.
Tags String N/A Yes

The key/value combination of a tag to be assigned to the resource. For example, to add to all specified resources a tag with the key Owner and the value TeamA, specify Owner:TeamA. You can specify multiple key/value combinations by comma separation.

You can add or overwrite the specified tags.
Please note: tag keys must be unique per resource.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

if successful: "Successfully added {tags_list} tags to the following resources: {resource_ids"

For invalid resource ids (is_success = false): "Failed to add {tag_list} tags to the following resources: {resource_ids}. Reason: Invalid resource ID

If resource has more than 50 tags (is_success = false): "Failed to add {tag_list} tags to the following resources: {resource_ids}. Reason: resource can have a maximum of 50 tags.

If tag key is not unique: (is_success = false): "Failed to add {tag_list} tags to the following resources: {resource_ids}. Reason: Tag keys must be unique per resource.

If the given tag is in invalid format (meaning only key or only value without the full structure of key:value) (is_success = false): "Failed to add {invalid_tags} tags to the following resources: {ids}. Reason: Invalid format. Tag should include key and value.

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Create Tags". Reason: {0}''.format(error.Stacktrace)

General

List Instances

Description

Describes the specified instances or all instances.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Instance IDs String N/A No One or more instance IDs. specify instance IDs, the output includes information for only the specified instances. Please note that the parameter 'Instance IDs' cannot be used with the parameter 'Max Results'. 'Instance IDs' has priority over the 'Max Result' parameter.
Tag Filters String N/A No The key/value combination of a tag assigned to the resource. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify Owner:TeamA. Comma separated tag filters. Example: Name:Name1,Owner:TeamA. Returned instances will be fit to all filters.
Max Results Integer 50 No Specify how many instances to return. Default is 50. Maximum is 1000. Please note that the parameter 'Instance IDs' cannot be used with the parameter 'Max Results'. 'Instance IDs' has priority over the 'Max Result' parameter.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
JSON Result
"EC2_Instances": [
    {
   "AmiLaunchIndex":0,
   "ImageId":"ami-047a51fa27710816e",
   "InstanceId":"i-044c08c5bfe1a7f98",
   "InstanceType":"t2.micro",
   "KeyName":"\"Key\": \"Test\", \"Value\":\"Test\"",
   "LaunchTime":"2021-1-30",
   "Monitoring":{
      "State":"disabled"
   },
   "Placement":{
      "AvailabilityZone":"us-east-1d",
      "GroupName":"",
      "Tenancy":"default"
   },
   "PrivateDnsName":"ip-172-31-80-220.ec2.internal",
   "PrivateIpAddress":"172.31.80.220",
   "ProductCodes":[

   ],
   "PublicDnsName":"ec2-100-26-194-218.compute-1.amazonaws.com",
   "PublicIpAddress":"100.26.194.218",
   "State":{
      "Code":16,
      "Name":"running"
   },
   "StateTransitionReason":"",
   "SubnetId":"subnet-1b1fda3a",
   "VpcId":"vpc-48a7ac32",
   "Architecture":"x86_64",
   "BlockDeviceMappings":[
      {
         "DeviceName":"/dev/xvda",
         "Ebs":{
            "AttachTime":"2021-1-30",
            "DeleteOnTermination":true,
            "Status":"attached",
            "VolumeId":"vol-00f70681a43e5d86e"
         }
      }
   ],
   "ClientToken":"",
   "EbsOptimized":false,
   "EnaSupport":true,
   "Hypervisor":"xen",
   "NetworkInterfaces":[
      {
         "Association":{
            "IpOwnerId":"amazon",
            "PublicDnsName":"ec2-100-26-194-218.compute-1.amazonaws.com",
            "PublicIp":"100.26.194.218"
         },
         "Attachment":{
            "AttachTime":"",
            "AttachmentId":"eni-attach-06bc5e5901ce99ef2",
            "DeleteOnTermination":true,
            "DeviceIndex":0,
            "Status":"attached",
            "NetworkCardIndex":0
         },
         "Description":"",
         "Groups":[
            {
               "GroupName":"launch-wizard-2",
               "GroupId":"sg-001700ccddac4189a"
            }
         ],
         "Ipv6Addresses":[

         ],
         "MacAddress":"12:de:45:de:97:ed",
         "NetworkInterfaceId":"eni-020fa83efd417e32d",
         "OwnerId":"582302349248",
         "PrivateDnsName":"ip-172-31-80-220.ec2.internal",
         "PrivateIpAddress":"172.31.80.220",
         "PrivateIpAddresses":[
            {
               "Association":{
                  "IpOwnerId":"amazon",
                  "PublicDnsName":"ec2-100-26-194-218.compute-1.amazonaws.com",
                  "PublicIp":"100.26.194.218"
               },
               "Primary":true,
               "PrivateDnsName":"ip-172-31-80-220.ec2.internal",
               "PrivateIpAddress":"172.31.80.220"
            }
         ],
         "SourceDestCheck":true,
         "Status":"in-use",
         "SubnetId":"subnet-1b1fda3a",
         "VpcId":"vpc-48a7ac32",
         "InterfaceType":"interface"
      }
   ],
   "RootDeviceName":"/dev/xvda",
   "RootDeviceType":"ebs",
   "SecurityGroups":[
      {
         "GroupName":"launch-wizard-2",
         "GroupId":"sg-001700ccddac4189a"
      }
   ],
   "SourceDestCheck":true,
   "Tags":[
      {
         "Key":"Owner",
         "Value":"Ziv"
      },
      {
         "Key":"Name",
         "Value":"Ziv test"
      }
   ],
   "VirtualizationType":"hvm",
   "CpuOptions":{
      "CoreCount":1,
      "ThreadsPerCore":1
   },
   "CapacityReservationSpecification":{
      "CapacityReservationPreference":"open"
   },
   "HibernationOptions":{
      "Configured":false
   },
   "MetadataOptions":{
      "State":"applied",
      "HttpTokens":"optional",
      "HttpPutResponseHopLimit":1,
      "HttpEndpoint":"enabled"
   },
   "EnclaveOptions":{
      "Enabled":false
   }
}
 ]
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • If successfully listed instances(is_success = true): "Successfully described Amazon EC2 instances."
  • If no available values(is_success = false): "No instances were found in Amazon EC2"

The action should fail and stop a playbook execution:

if fatal error, invalid instance ID, SDK error, like wrong credentials, no connection to server, other: "Error executing action "List Instances". Reason: {0}''.format(error.Stacktrace)

General
Case Wall Table

Table Name: Amazon EC2 Instances

Table Columns:

ID

State

Type

Availability Zone

Public IPv4 DNS

Public IPv4 address

Monitoring

Security group name

Key name

Launch time

List Security Groups

Description

Describes the specified security groups or all of your security groups. A security group is for use with instances either in the EC2-Classic platform or in a specific VPC.

For more information, see Amazon EC2 Security Groups

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Security Group Names String N/A False One or more security group Names [EC2-Classic and default VPC only]. Separated by comma.If you specify security group Names, the output includes information for only the specified names.
Security Group IDs String N/A False One or more security group IDs. Separated by comma.If you specify security group IDs, the output includes information for only the specified ids. Required for security groups in a non default VPC.
Tag Filters String N/A False The key/value combination of a tag assigned to the security group. For example, to find all groups that have a tag with the key Owner and the value TeamA, specify Owner:TeamA. Comma separated tag filters. E.g. Name:Name1,Owner:TeamA. Returned groups will be fit to all filters.
Max Results Integer 50 False Specify how many security groups to return. Default is 50. Maximum is 1000. Please note that the parameters 'Security Group IDs' and 'Security Group Names' cannot be used with the parameter 'Max Results'

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
JSON Result
"EC2_Security_Groups": [
{
   "Description":"launch-wizard-2 created 2021-01-30T19:37:11.523+02:00",
   "GroupName":"launch-wizard-2",
   "IpPermissions":[
      {
         "FromPort":22,
         "IpProtocol":"tcp",
         "IpRanges":[
            {
               "CidrIp":"0.0.0.0/0"
            }
         ],
         "Ipv6Ranges":[

         ],
         "PrefixListIds":[

         ],
         "ToPort":22,
         "UserIdGroupPairs":[

         ]
      }
   ],
   "OwnerId":"582302349248",
   "GroupId":"sg-001700ccddac4189a",
   "IpPermissionsEgress":[
      {
         "IpProtocol":"-1",
         "IpRanges":[
            {
               "CidrIp":"0.0.0.0/0"
            }
         ],
         "Ipv6Ranges":[

         ],
         "PrefixListIds":[

         ],
         "UserIdGroupPairs":[

         ]
      }
   ],
   "Tags":[
      {
         "Key":"Team",
         "Value":"A-Team"
      },
      {
         "Key":"Owner",
         "Value":"Ziv"
      }
   ],
   "VpcId":"vpc-48a7ac32"
}
]
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • If successfully listed groups(is_success = true): "Successfully described Amazon EC2 security groups."
  • If no available values(is_success = false): "No security groups were found in Amazon EC2"

The action should fail and stop a playbook execution:

if fatal error, invalid group ID/Name, SDK error, like wrong credentials, no connection to server, other: "Error executing action "List Security Groups". Reason: {0}''.format(error.Stacktrace)

General
Case Wall Table

Table Name: Amazon EC2 Instances

Table Columns:

Security group ID

Security group name

VPC ID

Description

Owner ID

Ping

Description

Test connectivity to Amazon EC2 with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.

Parameters

N/A

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

if successful: "Successfully connected to the Amazon EC2 with the provided connection parameters!"

The action should fail and stop a playbook execution:

if not successful: "Failed to connect to the Amazon EC2 server! Error is {0}".format(exception.stacktrace)

General

Revoke Security Group Egress

Description

Removes the specified egress rules (outbound rules) from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Security Group IDs String N/A Yes

One or more security group IDs. Separated by comma.

Note for dev: every ID in a separate request

IP Protocol DDL all No

The IP protocol name. Use 'all' to specify all protocols. Specifying 'all' allows traffic on all ports, regardless of any port range you specify.

Possible values: tcp , udp , icmp, all

Note for dev: 'all' equals -1 from code

From Port Integer No The start of port range for the TCP and UDP protocols, or an ICMP type number.
To Port Integer No The end of port range for the TCP and UDP protocols allows traffic on all ports, regardless of any port range you specify.
IP Ranges - CidrIP String N/A No The IPv4 address in CIDR format. To specify a single IPv4 address, use the /32 prefix length.
IPv6 Ranges - CidrIP String N/A No The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

if successfully revoked the specified egress rules from at least one (or all) security groups: (is_success = true): "Successfully revoked the specified egress rule from the following security groups: {group_ids}"

if failed to revoke the specified egress rules because of permissions rule error (invalid port as 205,etc): (is_success =false): "Failed to revoke the specified egress rule from the following security groups: {group_ids}. Reason: Invalid IP Permissions set. For more details please check the logs."

if failed to revoke the specified egress rules because of invalid security group id: (is_success =false): "Failed to revoke the specified egress rule from the following security groups: {group_ids}. Reason: Invalid Security Group ID was provided. For more details please check the logs.``

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Revoke Security Group Egress". Reason: {0}''.format(error.Stacktrace)

Gener

Revoke Security Group Ingress

Description

Removes the specified ingress rules (inbound rules) from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Security Group IDs String N/A Yes

One or more security group IDs. Separated by comma.

Note for dev: every ID in a separate request

IP Protocol DDL all No

The IP protocol name. Use 'all' to specify all protocols. Specifying 'all' allows traffic on all ports, regardless of any port range you specify.

Possible values: tcp , udp , icmp, all

Note for dev: 'all' equals -1 from code

From Port Integer No The start of port range for the TCP and UDP protocols, or an ICMP type number.
To Port Integer No The end of port range for the TCP and UDP protocols allows traffic on all ports, regardless of any port range you specify.
IP Ranges - CidrIP String N/A No The IPv4 address in CIDR format. To specify a single IPv4 address, use the /32 prefix length.
IPv6 Ranges - CidrIP String N/A No The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

if successfully revoked the specified ingress rules to at least one (or all) security groups: (is_success = true): "Successfully revoked the specified ingress rule from the following security groups: {group_ids}"

if failed to revoke the specified ingress rules because of permissions rule error (invalid port as 205,etc): (is_success =false): "Failed to revoke the specified ingress rule from the following security groups: {group_ids}. Reason: Invalid IP Permissions set. For more details please check the logs."

if failed to revoke the specified ingress rules because of invalid security group id: (is_success =false): "Failed to revoke the specified ingress rule from the following security groups: {group_ids}. Reason: Invalid Security Group ID was provided. For more details please check the logs.``

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Revoke Security Group Ingress". Reason: {0}''.format(error.Stacktrace)

General

Start Instance

Description

Starts an Amazon Elastic Block Store (Amazon EBS)-backed instance that you have previously stopped. It can take a few minutes for the instance to enter the running state. Notice that you can't start an instance store-backed instance. For more information about instance store-backed instances, see Storage for the root device.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Instance IDs String N/A Yes One or more instance IDs. Separated by comma

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
JSON Result
[
  {
            'CurrentState': 'pending',
        'InstanceId': 'string',
        'PreviousState':'stopped'
    }
]
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • If current state of all/few instances is different from: pending, running: ( Is_success = false): Can not start the following instances from their current state: <failed_instance ids>
  • If current state is pending → action still in progress: Continuing….the requested instances are still pending
  • If current state is running:(is_success=true: Print: The following instances were started successfully : <running_instance ids>
  • If one of the instances is not valid (is_success =false): The following instances are not valid: <not valid ids>. Please try again.

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Start Instance". Reason: {0}''.format(error.Stacktrace)

General

Take snapshot

Description

Take snapshot of the instance.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Instance ID String N/A Yes Specify the Instance ID.
Description String N/A No Specify the description of the snapshot.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
JSON Result
{
  "EC2_Snapshot": [
    {
      "Description": "",
      "Tags": [],
      "Encrypted": false,
      "VolumeId": "vol-036638f2a82cxxxxx",
      "State": "pending",
      "VolumeSize": 8,
      "StartTime": "2022-11-13 15:45:44.795000+00:00",
      "Progress": "",
      "OwnerId": "3349265xxxxx",
      "SnapshotId": "snap-01dc45b17c4xxxxx"
    }
  ]
}

Terminate Instance

Description

When you've decided that you no longer need an instance, you can terminate it. Terminated instances cannot be started. Notice that you can only terminate instance store-backed instances. For more information about instance store-backed instances, see Storage for the root device.

Action Behaviour

This operation is idempotent - If you terminate an instance more than once, each call succeeds. If you specify multiple instances and the request fails (for example, because of a single incorrect instance ID), none of the instances are terminated.

Terminated instances remain visible after termination (for approximately one hour). By default, Amazon EC2 deletes all EBS volumes that were attached when the instance launched. Volumes attached after instance launch continue running. For more information, see Amazon user guide.

Parameters

Parameter Display Name Type Default Value Is Mandatory Description
Instance IDs String N/A Yes One or more instance IDs. Separated by comma.

Run On

This action doesn't run on entities.

Action Results

Script Result
Script result name Value options Example
is_success True/False is_success:False
JSON Result
'StoppingInstances': [
        {
            'CurrentState': 'shutting-down',
        'InstanceId': 'string',
        'PreviousState':'running' }]
Case Wall
Result Type Value / Description Type
Output message*

The action should not fail nor stop a playbook execution:

  • If current state of all/few instances is different from: shutting-down, terminated: ( Is_success = false): Can not terminate the following instances from their current state: <failed_instance ids>
  • If current state is shutting-down: (is_success=true) → action still in progress: Continuing….the requested instances are still shutting-down
  • If current state is terminated:(is_success=true): The following instances were terminated successfully : <stopped_instance ids>
  • If one of the instances is not valid (is_success =false): The following instances are not valid: <not valid ids>. Please try again.

The action should fail and stop a playbook execution:

if fatal error, SDK error, like wrong credentials, no connection to server, other: "Error executing action "Terminate Instance". Reason: {0}''.format(error.Stacktrace)

General