aws_ec2_settings

account_id

Type: STRING

allowed_amis

Type: STRUCT
Provider name: GetAllowedImagesSettingsResult

• image_criteria
  Type: UNORDERED_LIST_STRUCT
  Provider name: ImageCriteria
  Description: The list of criteria for images that are discoverable and usable in the account in the specified Amazon Web Services Region.
  
  • image_providers
    Type: UNORDERED_LIST_STRING
    Provider name: ImageProviders
    Description: A list of AMI providers whose AMIs are discoverable and useable in the account. Up to a total of 200 values can be specified. Possible values: amazon: Allow AMIs created by Amazon Web Services. aws-marketplace: Allow AMIs created by verified providers in the Amazon Web Services Marketplace. aws-backup-vault: Allow AMIs created by Amazon Web Services Backup. 12-digit account ID: Allow AMIs created by this account. One or more account IDs can be specified. none: Allow AMIs created by your own account only.
    
• managed_by
  Type: STRING
  Provider name: ManagedBy
  Description: The entity that manages the Allowed AMIs settings. Possible values include:
  • account - The Allowed AMIs settings is managed by the account.
  • declarative-policy - The Allowed AMIs settings is managed by a declarative policy and can’t be modified by the account.
• state
  Type: STRING
  Provider name: State
  Description: The current state of the Allowed AMIs setting at the account level in the specified Amazon Web Services Region. Possible values:
  • disabled: All AMIs are allowed.
  • audit-mode: All AMIs are allowed, but the ImageAllowed field is set to true if the AMI would be allowed with the current list of criteria if allowed AMIs was enabled.
  • enabled: Only AMIs matching the image criteria are discoverable and available for use.

ebs_default_kms_key_id

Type: STRING
Provider name: KmsKeyId
Description: The Amazon Resource Name (ARN) of the default KMS key for encryption by default.

ebs_encryption_by_default

Type: BOOLEAN
Provider name: EbsEncryptionByDefault
Description: Indicates whether encryption by default is enabled.

image_block_public_access

Type: STRUCT
Provider name: GetImageBlockPublicAccessStateResult

• image_block_public_access_state
  Type: STRING
  Provider name: ImageBlockPublicAccessState
  Description: The current state of block public access for AMIs at the account level in the specified Amazon Web Services Region. Possible values:
  • block-new-sharing - Any attempt to publicly share your AMIs in the specified Region is blocked.
  • unblocked - Your AMIs in the specified Region can be publicly shared.
• managed_by
  Type: STRING
  Provider name: ManagedBy
  Description: The entity that manages the state for block public access for AMIs. Possible values include:
  • account - The state is managed by the account.
  • declarative-policy - The state is managed by a declarative policy and can’t be modified by the account.

imds_defaults

Type: STRUCT
Provider name: AccountLevel
Description: The account-level default IMDS settings.

• http_endpoint
  Type: STRING
  Provider name: HttpEndpoint
  Description: Indicates whether the IMDS endpoint for an instance is enabled or disabled. When disabled, the instance metadata can’t be accessed.
  
• http_put_response_hop_limit
  Type: INT32
  Provider name: HttpPutResponseHopLimit
  Description: The maximum number of hops that the metadata token can travel.
  
• http_tokens
  Type: STRING
  Provider name: HttpTokens
  Description: Indicates whether IMDSv2 is required.
  • optional – IMDSv2 is optional, which means that you can use either IMDSv2 or IMDSv1.
  • required – IMDSv2 is required, which means that IMDSv1 is disabled, and you must use IMDSv2.
• instance_metadata_tags
  Type: STRING
  Provider name: InstanceMetadataTags
  Description: Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see Work with instance tags using the instance metadata in the Amazon EC2 User Guide.
  
• managed_by
  Type: STRING
  Provider name: ManagedBy
  Description: The entity that manages the IMDS default settings. Possible values include:
  • account - The IMDS default settings are managed by the account.
  • declarative-policy - The IMDS default settings are managed by a declarative policy and can’t be modified by the account.
• managed_exception_message
  Type: STRING
  Provider name: ManagedExceptionMessage
  Description: The customized exception message that is specified in the declarative policy.
  

serial_console

Type: STRUCT
Provider name: GetSerialConsoleAccessStatusResult

• managed_by
  Type: STRING
  Provider name: ManagedBy
  Description: The entity that manages access to the serial console. Possible values include:
  • account - Access is managed by the account.
  • declarative-policy - Access is managed by a declarative policy and can’t be modified by the account.
• serial_console_access_enabled
  Type: BOOLEAN
  Provider name: SerialConsoleAccessEnabled
  Description: If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.
  

snapshot_block_public_access

Type: STRUCT
Provider name: GetSnapshotBlockPublicAccessStateResult

• managed_by
  Type: STRING
  Provider name: ManagedBy
  Description: The entity that manages the state for block public access for snapshots. Possible values include:
  • account - The state is managed by the account.
  • declarative-policy - The state is managed by a declarative policy and can’t be modified by the account.
• state
  Type: STRING
  Provider name: State
  Description: The current state of block public access for snapshots. Possible values include:
  • block-all-sharing - All public sharing of snapshots is blocked. Users in the account can’t request new public sharing. Additionally, snapshots that were already publicly shared are treated as private and are not publicly available.
  • block-new-sharing - Only new public sharing of snapshots is blocked. Users in the account can’t request new public sharing. However, snapshots that were already publicly shared, remain publicly available.
  • unblocked - Public sharing is not blocked. Users can publicly share snapshots.

sse_type

Type: STRING
Provider name: SseType
Description: Reserved for future use.

tags

Type: UNORDERED_LIST_STRING

vpc_block_public_access_exclusions

Type: UNORDERED_LIST_STRUCT
Provider name: VpcBlockPublicAccessExclusions
Description: Details related to the exclusions.

• creation_timestamp
  Type: TIMESTAMP
  Provider name: CreationTimestamp
  Description: When the exclusion was created.
  
• deletion_timestamp
  Type: TIMESTAMP
  Provider name: DeletionTimestamp
  Description: When the exclusion was deleted.
  
• exclusion_id
  Type: STRING
  Provider name: ExclusionId
  Description: The ID of the exclusion.
  
• internet_gateway_exclusion_mode
  Type: STRING
  Provider name: InternetGatewayExclusionMode
  Description: The exclusion mode for internet gateway traffic.
  • allow-bidirectional: Allow all internet traffic to and from the excluded VPCs and subnets.
  • allow-egress: Allow outbound internet traffic from the excluded VPCs and subnets. Block inbound internet traffic to the excluded VPCs and subnets. Only applies when VPC Block Public Access is set to Bidirectional.
• last_update_timestamp
  Type: TIMESTAMP
  Provider name: LastUpdateTimestamp
  Description: When the exclusion was last updated.
  
• reason
  Type: STRING
  Provider name: Reason
  Description: The reason for the current exclusion state.
  
• resource_arn
  Type: STRING
  Provider name: ResourceArn
  Description: The ARN of the exclusion.
  
• state
  Type: STRING
  Provider name: State
  Description: The state of the exclusion.
  

vpc_block_public_access_options

Type: STRUCT
Provider name: VpcBlockPublicAccessOptions
Description: Details related to the options.

• aws_account_id
  Type: STRING
  Provider name: AwsAccountId
  Description: An Amazon Web Services account ID.
  
• aws_region
  Type: STRING
  Provider name: AwsRegion
  Description: An Amazon Web Services Region.
  
• exclusions_allowed
  Type: STRING
  Provider name: ExclusionsAllowed
  Description: Determines if exclusions are allowed. If you have enabled VPC BPA at the Organization level, exclusions may be not-allowed. Otherwise, they are allowed.
  
• internet_gateway_block_mode
  Type: STRING
  Provider name: InternetGatewayBlockMode
  Description: The current mode of VPC BPA.
  • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
  • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
  • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
• last_update_timestamp
  Type: TIMESTAMP
  Provider name: LastUpdateTimestamp
  Description: The last time the VPC BPA mode was updated.
  
• managed_by
  Type: STRING
  Provider name: ManagedBy
  Description: The entity that manages the state of VPC BPA. Possible values include:
  • account - The state is managed by the account.
  • declarative-policy - The state is managed by a declarative policy and can’t be modified by the account.
• reason
  Type: STRING
  Provider name: Reason
  Description: The reason for the current state.
  
• state
  Type: STRING
  Provider name: State
  Description: The current state of VPC BPA.